Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Vista runtime error 216


  • This topic is locked This topic is locked
30 replies to this topic

#1 jfkyle

jfkyle

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 28 July 2014 - 07:04 AM

For about a week now I have been seeing an intermittent runtime error 216. When I do see it is seems to occur around start up, but at times I sign on and no error occurs. (I am not sure if this occurs before or after firing up the programs I usually initially start with - word, excel, chrome browser [not IE!} - as since I have been deliberately monitoring for it, the runtime error has not re-occurred) The last time it occurred I did note down the address: 400057AE. The concern I have is that most internet posts, including the Microsoft site, suggest the most likely cause of a 216 error is the SubSeven trojan virus. I have however ran in safe mode, under the administrator account, a full Malwarebytes, Superantispyware and windows defender scan. All come up clean.I do have a Hijack this log available but I noted the directions not to post such logs to this particular forum. Any help would be appreciated. Thanks, James.



BC AdBot (Login to Remove)

 


m

#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Instructor
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:54 PM

Posted 03 August 2014 - 11:21 AM

Hello James, and welcome to Bleeping Computer! :thumbsup:

We apologize for the delay in response to your topic! The forum can get busy at times, and usually help is given on a "first come first serve" basis...but now that I'm helping you, I will stay with you until we eliminate/rule out malware, and or resolve your issue!

 

==========

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • Please be patient as logs take time to analyze.
  • If you are unsure about any of the steps, just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • Until I give you the "all clean", please do not run any other tools without my instruction to do so!

==========
 

I do have a Hijack this log available but I noted the directions not to post such logs to this particular forum.

I have moved this topic to the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay, so that we can get proper logs posted. :wink:  But no need to post the Hijack This log, as the tool is quite outdated!

 

For the initial logs, we will be using Farbar Recovery Scan Tool (aka FRST)...instructions for running it are below:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

bloopie



#3 jfkyle

jfkyle
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 03 August 2014 - 03:21 PM

Hi

 

No problem about the delay as i appreciate you can be busy and I am thankful for your assistance. Unfortunatley however this will mean a bit of a delay until I can get back you as I will not have access to the problem PC until Friday now. I will run the steps requested as soon as I can at that point. I should say that I have not seen another 216 error since I posted. I did however get a blue screen paging fault. My main objective continues to be ruling out a virus issue in order to feel safe using the PC for financial transcations.

 

Thanks again

 

JMES



#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Instructor
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:54 PM

Posted 03 August 2014 - 03:50 PM

Hello again,

Okay, I will leave the thread open until then. :)

Let me know when you are able to continue!

bloopie

#5 jfkyle

jfkyle
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 07 August 2014 - 12:00 PM

HI Bloopie

 

Again thanks for your help.

 

I do have original windows vista disk available. The blue screen I got last week was Page fault in non paged area

 

Frst.txt

 

 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:5-08-2014

Ran by James (administrator) on KYLE-DESKTOP on 07-08-2014 17:36:32
Running from C:\Users\JFK\scan
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
() C:\Windows\System32\ASDR.exe
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
(Creative Technology Ltd) C:\Windows\System32\CTSVCCDA.EXE
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(ASUSTeK Inc.) C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(QFX Software Corporation) C:\Program Files\KeyScrambler\KeyScrambler.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieCtrl.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Trusteer Ltd.) C:\Users\JFK\AppData\Roaming\Trusteer\Rapport\app\bin\RapportService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [217088 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2634342593-3981813573-3578531822-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5626136 2014-06-10] (SUPERAntiSpyware)
HKU\S-1-5-21-2634342593-3981813573-3578531822-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2634342593-3981813573-3578531822-1000\...\MountPoints2: {82b4a83d-fc3a-11dc-b3ab-001d09233713} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2634342593-3981813573-3578531822-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2634342593-3981813573-3578531822-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [405736 2010-12-27] (SANDBOXIE L.T.D)
HKU\S-1-5-21-2634342593-3981813573-3578531822-1001\...\Run: [Rapportexe] => C:\Users\JFK\AppData\Roaming\Trusteer\Rapport\app\bin\RapportService.exe [2640152 2014-07-10] (Trusteer Ltd.)
HKU\S-1-5-21-2634342593-3981813573-3578531822-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2634342593-3981813573-3578531822-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5626136 2014-06-10] (SUPERAntiSpyware)
HKU\S-1-5-21-2634342593-3981813573-3578531822-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1804648 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-2634342593-3981813573-3578531822-1001\...\Run: [Google Update] => C:\Users\JFK\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-27] (Google Inc.)
HKU\S-1-5-21-2634342593-3981813573-3578531822-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2634342593-3981813573-3578531822-1001\...\MountPoints2: {46212b4f-1ace-11e2-ac9d-001d09233713} - J:\MI.exe
HKU\S-1-5-21-2634342593-3981813573-3578531822-1001\...\MountPoints2: {4a545623-2563-11e1-aed1-001d09233713} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\drivers\setup.exe
HKU\S-1-5-21-2634342593-3981813573-3578531822-1001\...\MountPoints2: {82b4a83d-fc3a-11dc-b3ab-001d09233713} - K:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\aiStarter.lnk
ShortcutTarget: aiStarter.lnk -> C:\Program Files\AppInventor\aiStarter.exe ()
Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JustCloud.lnk
ShortcutTarget: JustCloud.lnk -> C:\Program Files\JustCloud\JustCloud.exe (JustCloud.com)
Startup: C:\Users\JFK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\JFK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk.disabled
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk.disabled -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\JFK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk.disabled -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\JFK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk.disabled
ShortcutTarget: OpenOffice.org 3.0.lnk.disabled -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\JFK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk.disabled
ShortcutTarget: OpenOffice.org 3.3.lnk.disabled -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
SearchScopes: HKCU - DefaultScope {39E91394-EAAB-4753-A4FC-41580CE03F5A} URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {210073B5-670D-4ABE-A7CB-83EDBC77BF35} URL = http://search.orbitdownloader.com/ie.php?q={searchTerms}&enc={inputEncoding}
SearchScopes: HKCU - {39E91394-EAAB-4753-A4FC-41580CE03F5A} URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {6ABFB2C8-18E6-4f4c-B349-A13CECF8B438} URL = http://search.speedbit.com/searchresults.asp?src=default&q={searchTerms}
BHO: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} ->  No File
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Comodo VerificationEngine -> {A968A4B4-C492-4834-B651-17602C3885C8} -> C:\Program Files\Comodo\VEngine\VEngineIE32.dll (Comodo CA Ltd.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.3.16\zonealarmTlbr.dll No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\8ctv2k1p.default
FF Homepage: www.yahoo.co.uk
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @gametap.com/npdd,version=1.0 -> C:\Program Files\Downloader\npdd.dll (Metaboli)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+®,version=1.6.2.97 -> C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin: @nosltd.com/getPlus+®,version=1.6.2.99 -> C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin: @real.com/nppl3260;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @sony.com/eBookLibrary -> C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.1.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\8ctv2k1p.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\8ctv2k1p.default\searchplugins\winamp-web-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: ZoneAlarm Do Not Track - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\8ctv2k1p.default\Extensions\donottrack@checkpoint.com [2013-03-16]
FF Extension: Winamp Toolbar - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\8ctv2k1p.default\Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2011-11-11]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\8ctv2k1p.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-01-05]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-01-30]
FF HKLM\...\Firefox\Extensions: [{A6EA7921-6EAD-4874-9464-90D91462A375}] - C:\Program Files\Comodo\VEngine\VerificationEngine_ff3_5
FF Extension: VerificationEngine® - C:\Program Files\Comodo\VEngine\VerificationEngine_ff3_5 [2010-06-11]
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2012-12-14]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Freemake np-plugin for google chrome) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (getPlusPlus for Adobe 16299) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Downloader Detector) - C:\Program Files\Downloader\npdd.dll (Metaboli)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (Reader Library) - C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-08]
CHR Extension: (Freemake Video Converter) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-02-02]
CHR Extension: (Google Wallet) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-16]
CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2012-12-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-03-19]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ASDR; C:\Windows\System32\ASDR.exe [61440 2009-07-27] () [File not signed]
S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S3 BOCore; C:\Program Files\Comodo\CBOClean\BOCORE.exe [73464 2008-07-14] (COMODO)
R2 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [72704 2008-03-03] (Creative Labs) [File not signed]
R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
S3 DAUpdaterSvc; c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [25832 2010-04-09] (BioWare)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-09-23] (NOS Microsystems Ltd.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2008-03-30] () [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 PFNet; C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [69864 2010-12-27] (SANDBOXIE L.T.D)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-03-19] (Skype Technologies S.A.)
S3 Sony SCSI Helper Service; C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2010-04-02] (Sony Corporation) [File not signed]
S3 SplashtopRemoteService; C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe [548264 2012-11-05] (Splashtop Inc.)
S3 SSUService; C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [370504 2012-03-15] (Splashtop Inc.)
R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-05-06] (SigmaTel, Inc.)
S3 SwOffScheduler; C:\Program Files\Airytec\Switch Off\swoff.exe [135168 2011-05-28] (Airytec) [File not signed]
S3 SwOffWeb; C:\Program Files\Airytec\Switch Off\swoff.exe [135168 2011-05-28] (Airytec) [File not signed]
S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [580232 2014-07-07] (WiseCleaner.com)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 AR9271; C:\Windows\System32\DRIVERS\athuw.sys [1763584 2011-07-28] (Atheros Communications, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-01-16] ()
S3 BOCDRIVE; C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys [15376 2007-04-17] ()
R1 EIO; C:\Windows\System32\DRIVERS\EIO.sys [14336 2011-11-21] (ASUSTeK Computer Inc.)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2008-09-29] (LeapFrog) [File not signed]
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
S3 gmer; C:\Windows\System32\DRIVERS\gmer.sys [85969 2008-10-19] (GMER) [File not signed]
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2008-12-16] (LogMeIn, Inc.)
R3 IOMap; C:\Windows\system32\drivers\IOMap.sys [33280 2010-03-04] (ASUSTeK Computer Inc.) [File not signed]
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [209016 2013-05-31] (QFX Software Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-01-16] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF32.sys [102728 2010-11-04] (Matrox Graphics Inc.)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30816 2007-12-20] (Intel Corporation )
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R1 pwipf6; C:\Windows\System32\DRIVERS\pwipf6.sys [130568 2013-09-29] (Privacyware/PWI, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [125672 2010-12-27] (SANDBOXIE L.T.D)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-05-06] (SigmaTel, Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2013-04-07] ()
S3 wip0204; C:\Windows\System32\DRIVERS\wip0204.sys [23480 2008-12-31] (Wippien Software)
S3 asusgsb; system32\drivers\asusgsb.sys [X]
S3 atkdisplf; system32\drivers\ATKDispLowFilter.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75096 2012-11-15] (Kaspersky Lab)
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 OMCI; \??\C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS [X]
U4 Uxcpkfl; No ImagePath
S3 vsdatant7; System32\drivers\vsdatant.win7.sys [X]
S3 yeddef; System32\Drivers\yeddef.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-07 17:35 - 2014-08-07 17:36 - 00000000 ____D () C:\Users\JFK\scan
2014-08-07 17:33 - 2014-08-07 17:36 - 00000000 ____D () C:\FRST
2014-08-01 22:32 - 2014-08-01 22:32 - 00160368 _____ () C:\Windows\Minidump\Mini080114-01.dmp
2014-08-01 15:35 - 2014-08-01 15:35 - 00000165 ____H () C:\Users\JFK\Desktop\~$JFK Property 2014.xlsx
2014-08-01 09:43 - 2014-08-01 09:43 - 01283048 _____ () C:\Users\JFK\Downloads\KeyScrambler_Setup (2).exe
2014-07-31 11:56 - 2014-08-01 19:02 - 00060138 _____ () C:\Users\JFK\Desktop\JFK Property 2014.xlsx
2014-07-28 12:23 - 2014-07-28 12:23 - 00388608 _____ (Trend Micro Inc.) C:\Users\James\Desktop\HijackThis (1).exe
2014-07-24 22:45 - 2014-07-24 22:46 - 00388608 _____ (Trend Micro Inc.) C:\Users\JFK\Downloads\HijackThis.exe
2014-07-24 13:12 - 2014-08-01 13:00 - 00000378 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-07-24 12:44 - 2014-07-24 12:45 - 00001795 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-07-24 12:44 - 2014-07-24 12:44 - 05294000 _____ (WiseCleaner.com ) C:\Users\James\Downloads\WiseCare365.exe
2014-07-22 20:41 - 2014-07-22 20:42 - 00158416 _____ () C:\Windows\Minidump\Mini072214-01.dmp
2014-07-22 19:22 - 2014-07-22 19:22 - 00001540 _____ () C:\Users\JFK\Downloads\Attachment.txt
2014-07-22 17:57 - 2014-07-22 17:57 - 00226757 _____ () C:\Users\JFK\Downloads\ZenThenZen (6).aia
2014-07-22 17:47 - 2014-07-22 17:47 - 00131506 _____ () C:\Users\JFK\Downloads\ZenThenZen_Oracle.aia
2014-07-22 16:08 - 2014-07-22 16:08 - 00226681 _____ () C:\Users\JFK\Downloads\ZenThenZen (5).aia
2014-07-22 01:15 - 2014-07-22 01:15 - 00090421 _____ () C:\Users\JFK\Downloads\ZenThenZen_Oracle (2).aia
2014-07-21 16:15 - 2014-07-21 16:15 - 00086830 _____ () C:\Users\JFK\Downloads\ZenThenZen_Oracle (1).aia
2014-07-21 11:52 - 2014-07-28 12:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 11:52 - 2014-07-21 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-21 11:52 - 2014-07-21 11:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-21 11:52 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-21 11:52 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-20 18:40 - 2014-07-20 18:42 - 35594848 _____ (Skype Technologies S.A.) C:\Users\JFK\Downloads\SkypeSetupFull.exe
2014-07-19 16:43 - 2014-07-19 16:43 - 00125353 _____ () C:\Users\JFK\Downloads\ZenThenZen (4).aia
2014-07-19 15:45 - 2014-07-19 15:45 - 00121394 _____ () C:\Users\JFK\Downloads\ZenThenZen (3).aia
2014-07-19 12:46 - 2014-07-19 12:46 - 01364522 _____ () C:\Users\James\Downloads\wrar393.exe
2014-07-19 12:44 - 2014-07-19 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2014-07-19 12:42 - 2014-07-19 12:44 - 00000000 ____D () C:\Python27
2014-07-19 12:29 - 2014-07-19 12:29 - 16703488 _____ () C:\Users\James\Downloads\python-2.7.8.msi
2014-07-19 12:27 - 2014-07-19 12:27 - 00001937 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 3.0.lnk
2014-07-19 12:27 - 2014-07-19 12:27 - 00001925 _____ () C:\Users\Public\Desktop\Adobe Digital Editions 3.0.lnk
2014-07-19 12:27 - 2014-07-19 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-07-19 12:25 - 2014-07-19 12:25 - 01528320 _____ () C:\Users\James\Downloads\msxml6.msi
2014-07-19 12:23 - 2014-07-19 12:23 - 00000000 ____D () C:\Users\James\AppData\Roaming\Oracle
2014-07-19 11:07 - 2014-07-19 11:06 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-19 11:06 - 2014-07-19 11:06 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-19 11:06 - 2014-07-19 11:06 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-19 11:06 - 2014-07-19 11:06 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-19 11:06 - 2014-07-19 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-19 11:02 - 2014-07-19 17:03 - 00010215 _____ () C:\Windows\SecuniaPackage.log
2014-07-19 10:07 - 2014-07-19 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-07-18 21:12 - 2014-07-18 21:12 - 00112107 _____ () C:\Users\JFK\Downloads\ZenThenZen (2).aia
2014-07-17 17:14 - 2014-07-17 17:14 - 00090695 _____ () C:\Users\JFK\Downloads\ZenThenZen (1).aia
2014-07-17 14:10 - 2014-07-17 14:10 - 00083968 _____ () C:\Users\JFK\Downloads\ZenThenZen.aia
2014-07-15 17:48 - 2014-07-15 17:48 - 00000714 _____ () C:\Users\JFK\Desktop\JustCloud.exe - Shortcut.lnk
2014-07-15 15:49 - 2014-07-15 15:49 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-07-09 09:34 - 2014-06-07 01:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 09:34 - 2014-06-06 09:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 09:34 - 2014-05-30 07:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 09:34 - 2014-05-28 08:08 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 09:34 - 2014-05-28 08:08 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 09:34 - 2014-05-28 08:08 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-09 09:34 - 2014-05-28 08:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-07-09 09:34 - 2014-05-28 08:04 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-07-09 09:34 - 2014-05-28 08:03 - 06023168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 09:34 - 2014-05-28 08:03 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 09:34 - 2014-05-28 08:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 09:34 - 2014-05-28 08:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-09 09:34 - 2014-05-28 08:03 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-07-09 09:34 - 2014-05-28 08:02 - 11082752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 09:34 - 2014-05-28 08:02 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 09:34 - 2014-05-28 08:02 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 09:34 - 2014-05-28 08:02 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 09:34 - 2014-05-28 08:02 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-07-09 09:34 - 2014-05-28 08:02 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 09:34 - 2014-05-28 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-09 09:34 - 2014-05-28 08:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 09:34 - 2014-05-28 08:02 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 09:34 - 2014-05-28 08:02 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 09:34 - 2014-05-28 08:00 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-07-09 09:34 - 2014-05-28 06:26 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-07-09 09:34 - 2014-05-28 04:44 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 09:34 - 2014-05-28 04:44 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 09:34 - 2014-05-28 04:42 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 09:34 - 2014-05-28 04:42 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-07 17:37 - 2011-09-25 21:22 - 00000388 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{1175A0CD-D8BD-4EF8-80AA-7ED728BE773B}.job
2014-08-07 17:36 - 2014-08-07 17:35 - 00000000 ____D () C:\Users\JFK\scan
2014-08-07 17:36 - 2014-08-07 17:33 - 00000000 ____D () C:\FRST
2014-08-07 17:35 - 2008-03-03 21:49 - 00000000 ____D () C:\Users\JFK
2014-08-07 17:33 - 2009-12-19 12:34 - 00000422 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{EF3E54CE-B3BB-4EDF-B84B-61E857CBEDF6}.job
2014-08-07 17:24 - 2013-04-10 09:36 - 01749816 _____ () C:\Windows\WindowsUpdate.log
2014-08-07 17:18 - 2012-11-30 19:42 - 00000000 ____D () C:\Users\James\AppData\Roaming\Wise Care 365
2014-08-07 17:17 - 2012-10-08 20:10 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-07 17:16 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-07 17:16 - 2006-11-02 13:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-07 17:16 - 2006-11-02 13:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-01 22:43 - 2006-11-02 14:01 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-01 22:42 - 2014-05-18 20:03 - 00000550 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2634342593-3981813573-3578531822-1001.job
2014-08-01 22:32 - 2014-08-01 22:32 - 00160368 _____ () C:\Windows\Minidump\Mini080114-01.dmp
2014-08-01 22:32 - 2013-04-27 19:59 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2634342593-3981813573-3578531822-1001UA.job
2014-08-01 22:32 - 2013-04-11 15:31 - 255745942 _____ () C:\Windows\MEMORY.DMP
2014-08-01 22:32 - 2012-10-08 20:10 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-01 22:32 - 2009-04-09 00:39 - 00000000 ____D () C:\Windows\Minidump
2014-08-01 22:30 - 2014-03-13 14:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-01 21:43 - 2013-02-26 23:17 - 00000338 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-08-01 20:59 - 2009-10-24 15:00 - 00000000 ____D () C:\Users\JFK\AppData\Roaming\vlc
2014-08-01 19:17 - 2014-03-16 12:17 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 666996bc-a665-4e05-a6ed-7cb23f39b03c.job
2014-08-01 19:04 - 2006-11-02 11:33 - 00775940 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-01 19:02 - 2014-07-31 11:56 - 00060138 _____ () C:\Users\JFK\Desktop\JFK Property 2014.xlsx
2014-08-01 18:13 - 2013-04-27 19:59 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2634342593-3981813573-3578531822-1001Core.job
2014-08-01 17:16 - 2013-04-07 20:34 - 00000000 ____D () C:\Users\JFK\blog posts
2014-08-01 17:16 - 2012-05-07 16:18 - 00000000 ____D () C:\Users\JFK\Documents\Property
2014-08-01 15:35 - 2014-08-01 15:35 - 00000165 ____H () C:\Users\JFK\Desktop\~$JFK Property 2014.xlsx
2014-08-01 13:00 - 2014-07-24 13:12 - 00000378 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-08-01 09:54 - 2008-03-15 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
2014-08-01 09:53 - 2008-03-15 17:53 - 00000000 ____D () C:\Program Files\KeyScrambler
2014-08-01 09:43 - 2014-08-01 09:43 - 01283048 _____ () C:\Users\JFK\Downloads\KeyScrambler_Setup (2).exe
2014-07-31 11:14 - 2008-03-03 23:27 - 00002587 _____ () C:\Users\JFK\Desktop\Microsoft Office Word 2007.lnk
2014-07-28 12:28 - 2014-07-21 11:52 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-28 12:23 - 2014-07-28 12:23 - 00388608 _____ (Trend Micro Inc.) C:\Users\James\Desktop\HijackThis (1).exe
2014-07-25 12:44 - 2011-03-06 14:26 - 00000000 ____D () C:\Users\JFK\AppData\Roaming\FileZilla
2014-07-25 12:44 - 2009-03-05 20:46 - 00000000 ____D () C:\Program Files\Steam
2014-07-25 12:44 - 2008-11-29 16:39 - 00000000 ____D () C:\Users\JFK\AppData\Roaming\Orbit
2014-07-25 12:44 - 2008-04-05 20:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-25 12:44 - 2008-03-03 22:36 - 00000000 ____D () C:\Users\JFK\AppData\Roaming\Winamp
2014-07-25 12:38 - 2013-05-28 19:28 - 00000000 ____D () C:\Users\JFK\Desktop\archive
2014-07-25 12:38 - 2013-04-13 11:35 - 00000000 ____D () C:\Users\JFK\USB
2014-07-25 12:38 - 2011-05-15 15:51 - 00000000 ____D () C:\Users\JFK\Documents\PM work
2014-07-25 12:38 - 2008-03-14 14:36 - 00000000 ____D () C:\Users\JFK\Documents\Excel
2014-07-24 22:46 - 2014-07-24 22:45 - 00388608 _____ (Trend Micro Inc.) C:\Users\JFK\Downloads\HijackThis.exe
2014-07-24 22:12 - 2008-03-19 11:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 14:35 - 2010-06-04 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 12:45 - 2014-07-24 12:44 - 00001795 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-07-24 12:44 - 2014-07-24 12:44 - 05294000 _____ (WiseCleaner.com ) C:\Users\James\Downloads\WiseCare365.exe
2014-07-24 12:44 - 2012-11-30 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
2014-07-22 20:42 - 2014-07-22 20:41 - 00158416 _____ () C:\Windows\Minidump\Mini072214-01.dmp
2014-07-22 20:37 - 2013-03-04 16:39 - 00000000 ____D () C:\Users\JFK\AppData\Roaming\Skype
2014-07-22 19:22 - 2014-07-22 19:22 - 00001540 _____ () C:\Users\JFK\Downloads\Attachment.txt
2014-07-22 17:57 - 2014-07-22 17:57 - 00226757 _____ () C:\Users\JFK\Downloads\ZenThenZen (6).aia
2014-07-22 17:47 - 2014-07-22 17:47 - 00131506 _____ () C:\Users\JFK\Downloads\ZenThenZen_Oracle.aia
2014-07-22 16:08 - 2014-07-22 16:08 - 00226681 _____ () C:\Users\JFK\Downloads\ZenThenZen (5).aia
2014-07-22 11:34 - 2008-03-11 15:28 - 00000000 ____D () C:\Users\JFK\Documents\My PSP8 Files
2014-07-22 10:40 - 2013-04-10 09:33 - 00103924 _____ () C:\Windows\PFRO.log
2014-07-22 01:15 - 2014-07-22 01:15 - 00090421 _____ () C:\Users\JFK\Downloads\ZenThenZen_Oracle (2).aia
2014-07-21 16:15 - 2014-07-21 16:15 - 00086830 _____ () C:\Users\JFK\Downloads\ZenThenZen_Oracle (1).aia
2014-07-21 11:52 - 2014-07-21 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-21 11:52 - 2014-07-21 11:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-21 11:52 - 2012-01-05 20:52 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-21 11:52 - 2011-01-05 21:06 - 00000000 ____D () C:\Users\James\AppData\Roaming\Malwarebytes
2014-07-21 11:52 - 2010-07-16 21:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 02:45 - 2013-08-24 09:35 - 00000000 ____D () C:\Users\JFK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-07-20 18:43 - 2013-03-04 16:39 - 00000000 ____D () C:\ProgramData\Skype
2014-07-20 18:42 - 2014-07-20 18:40 - 35594848 _____ (Skype Technologies S.A.) C:\Users\JFK\Downloads\SkypeSetupFull.exe
2014-07-20 16:00 - 2013-02-02 12:54 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-19 17:03 - 2014-07-19 11:02 - 00010215 _____ () C:\Windows\SecuniaPackage.log
2014-07-19 16:43 - 2014-07-19 16:43 - 00125353 _____ () C:\Users\JFK\Downloads\ZenThenZen (4).aia
2014-07-19 15:45 - 2014-07-19 15:45 - 00121394 _____ () C:\Users\JFK\Downloads\ZenThenZen (3).aia
2014-07-19 12:46 - 2014-07-19 12:46 - 01364522 _____ () C:\Users\James\Downloads\wrar393.exe
2014-07-19 12:44 - 2014-07-19 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2014-07-19 12:44 - 2014-07-19 12:42 - 00000000 ____D () C:\Python27
2014-07-19 12:33 - 2013-04-06 12:37 - 00000000 ____D () C:\Program Files\Opera
2014-07-19 12:31 - 2014-02-22 15:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-19 12:31 - 2011-03-29 17:34 - 00000818 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-19 12:31 - 2008-10-16 21:34 - 00000806 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-19 12:30 - 2008-11-09 11:23 - 00000000 ____D () C:\Program Files\Adobe
2014-07-19 12:29 - 2014-07-19 12:29 - 16703488 _____ () C:\Users\James\Downloads\python-2.7.8.msi
2014-07-19 12:29 - 2011-02-02 17:00 - 00000000 ____D () C:\Users\James\Documents\My Digital Editions
2014-07-19 12:27 - 2014-07-19 12:27 - 00001937 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 3.0.lnk
2014-07-19 12:27 - 2014-07-19 12:27 - 00001925 _____ () C:\Users\Public\Desktop\Adobe Digital Editions 3.0.lnk
2014-07-19 12:27 - 2014-07-19 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-07-19 12:25 - 2014-07-19 12:25 - 01528320 _____ () C:\Users\James\Downloads\msxml6.msi
2014-07-19 12:23 - 2014-07-19 12:23 - 00000000 ____D () C:\Users\James\AppData\Roaming\Oracle
2014-07-19 12:20 - 2013-11-16 15:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-19 11:06 - 2014-07-19 11:07 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-19 11:06 - 2014-07-19 11:06 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-19 11:06 - 2014-07-19 11:06 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-19 11:06 - 2014-07-19 11:06 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-19 11:06 - 2014-07-19 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-19 11:06 - 2008-03-03 23:09 - 00000000 ____D () C:\Program Files\Java
2014-07-19 10:07 - 2014-07-19 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-07-18 21:12 - 2014-07-18 21:12 - 00112107 _____ () C:\Users\JFK\Downloads\ZenThenZen (2).aia
2014-07-18 16:06 - 2013-11-16 14:23 - 00000819 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-18 14:41 - 2014-06-27 18:19 - 00000000 ____D () C:\Users\JFK\Documents\board games
2014-07-17 17:14 - 2014-07-17 17:14 - 00090695 _____ () C:\Users\JFK\Downloads\ZenThenZen (1).aia
2014-07-17 14:10 - 2014-07-17 14:10 - 00083968 _____ () C:\Users\JFK\Downloads\ZenThenZen.aia
2014-07-15 17:48 - 2014-07-15 17:48 - 00000714 _____ () C:\Users\JFK\Desktop\JustCloud.exe - Shortcut.lnk
2014-07-15 17:48 - 2014-06-08 18:56 - 00000000 ____D () C:\Program Files\JustCloud
2014-07-15 16:22 - 2011-06-15 19:35 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-07-15 16:22 - 2008-03-04 10:56 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-15 16:12 - 2008-03-03 21:53 - 00000000 ____D () C:\Users\JFK\Documents\JFK Financial
2014-07-15 15:49 - 2014-07-15 15:49 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-07-15 15:49 - 2013-03-04 16:39 - 00000000 ___RD () C:\Program Files\Skype
2014-07-13 21:00 - 2013-04-12 21:30 - 00006574 _____ () C:\Windows\setupact.log
2014-07-10 09:22 - 2013-04-06 17:42 - 00314160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 09:19 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 09:02 - 2013-08-15 22:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 08:58 - 2006-11-02 11:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-09 14:03 - 2014-03-13 14:11 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 14:03 - 2014-03-13 14:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 10:25 - 2012-11-03 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
 
Files to move or delete:
====================
C:\Users\James\cc_20080816_1454.reg
C:\Users\James\cc_20110318_1624.reg
C:\Users\James\cc_20111016_1204.reg
 
 
Some content of TEMP:
====================
C:\Users\James\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.1.exe
C:\Users\James\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\James\AppData\Local\Temp\VSUSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-07 17:22
 
==================== End Of Log ============================
 
 
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:5-08-2014
Ran by James at 2014-08-07 17:38:23
Running from C:\Users\JFK\scan
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Privatefirewall (Enabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
32 bit Windows Card Reader Driver (HKLM\...\{CE6DEE87-1C87-42ED-A108-7369BFE9076F}) (Version: 1.1.0.0 - TEAC)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.99 - NOS Microsystems Ltd.)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Airytec Switch Off (HKLM\...\Airytec Switch Off) (Version: 3.4.1 - Airytec)
Anki (HKLM\...\Anki) (Version:  - )
AppInventor Setup (HKLM\...\AppInventor Setup) (Version: 2.2 - Massachusetts Institute of Technology)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression for Kodak (HKLM\...\{9B260944-746E-4966-8918-0F9636930456}) (Version: 2.0.24.1216 - ArcSoft)
ASUS nVidia Driver (Version: 1.00.0000 - ASUSTek) Hidden
ASUS Smart Doctor (HKLM\...\InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}) (Version: 5.80 - ASUSTek COMPUTER INC.)
ASUS Smart Doctor (Version: 5.80 - ASUSTek COMPUTER INC.) Hidden
Beyond Good and Evil (HKLM\...\Beyond Good and Evil_is1) (Version:  - GOG.com)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Device Manager 7.0 (HKLM\...\BlackBerry_HandheldManager) (Version: 7.0.0.40 - Research In Motion Ltd.)
BlackBerry Device Manager 7.0 (Version: 7.0.0.40 - Research In Motion Ltd.) Hidden
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
Botanicula (HKLM\...\Botanicula) (Version: 1.0 - Amanita Design, s.r.o.)
calibre (HKLM\...\{4A3FCC59-5231-4634-882C-BF8B511392C5}) (Version: 0.9.5 - Kovid Goyal)
Call of Duty® - World at War™ (HKLM\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.4 - Activision)
Call of Duty® - World at War™ (Version: 1.0 - Activision) Hidden
Call of Duty® - World at War™ 1.1 Patch (Version:  - ) Hidden
Call of Duty® - World at War™ 1.1 Patch (Version: 1.1 - Activision) Hidden
Call of Duty® - World at War™ 1.2 Patch (Version:  - ) Hidden
Call of Duty® - World at War™ 1.2 Patch (Version: 1.2 - Activision) Hidden
Call of Duty® - World at War™ 1.3 Patch (Version:  - ) Hidden
Call of Duty® - World at War™ 1.3 Patch (Version: 1.3 - Activision) Hidden
Call of Duty® - World at War™ 1.4 Patch (Version:  - ) Hidden
Call of Duty® - World at War™ 1.4 Patch (Version: 1.4 - Activision) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
Citrix Online Launcher (HKLM\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Citrix XenApp Web Plugin (HKLM\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
Codec Pack - All In 1 6.0.3.0 (HKLM\...\Cool's_Codec_pack_4.12) (Version:  - )
Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.10.0000 - Dell Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
dj_sf_software_req (Version: 90.0.235.000 - Hewlett-Packard) Hidden
Downloader (HKLM\...\Downloader) (Version:  - )
Dragon Age: Origins (HKLM\...\Steam App 17450) (Version:  - BioWare)
Dual-Core Optimizer (HKLM\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Empire: Total War (HKLM\...\Steam App 10500) (Version:  - Creative Assembly)
Europa Barbarorum 1.1 (HKLM\...\{9BCAC864-84C0-409F-8D12-364109622D18}_is1) (Version:  - Europa Barbarorum)
Fallout 3 (HKCU\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Feedback Tool (HKLM\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Ferrari Virtual Race (remove only) (HKLM\...\FerrariVR) (Version:  - )
FileZilla Client 3.4.0 (HKLM\...\FileZilla Client) (Version: 3.4.0 - )
Fraps (HKLM\...\Fraps) (Version:  - )
Freemake Video Converter version 4.1.4 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Freemote Control Server (HKLM\...\Freemote Control Server) (Version: 1.3.3 - Accentual Software)
FUJIFILM FinePixViewer S Ver.2.1 (HKLM\...\{88B32652-CAE0-4909-A463-5840D2689D93}) (Version: 2.1.0.3 - FUJIFILM Corporation)
Glary Registry Repair 3.3.0.852 (HKLM\...\Glary Registry Repair_is1) (Version:  - GlarySoft.com)
Glary Utilities 2.54.0.1759 (HKLM\...\Glary Utilities_is1) (Version: 2.54.0.1759 - Glarysoft Ltd)
Gone Home (HKLM\...\GoneHome) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HP Deskjet Printer Driver Software 9.0 (HKLM\...\{E0C18BB0-32CA-4679-B422-9B9FA825378F}) (Version: 9.0 - HP)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{9C55C629-6C4F-48A9-8840-C897DF6187ED}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.11182 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Update (HKLM\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Network Connections 12.4.38.0 (HKLM\...\PROSetDX) (Version: 12.4.38.0 - Intel)
Intel® Network Connections 12.4.38.0 (Version: 12.4.38.0 - Intel) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Jasc Paint Shop Pro 8 Dell Edition (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.0000 - Jasc Software Inc)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java DB 10.6.2.1 (HKLM\...\{73EC658D-A1C6-40CA-8E86-E05821BAACE7}) (Version: 10.6.2.1 - Oracle)
Java™ SE Development Kit 6 Update 43 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160430}) (Version: 1.6.0.430 - Oracle)
Jing (HKLM\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Just Cause 2 (HKLM\...\Steam App 8190) (Version:  - Avalanche Studios)
JustCloud  (HKLM\...\JustCloud) (Version:  - JDi Backup Ltd)
KeyScrambler (HKLM\...\KeyScrambler) (Version: 3.4.0.2 - QFX Software Corporation)
Last.fm Scrobbler 2.1.35 (HKLM\...\LastFM_is1) (Version:  - Last.fm)
Macromedia Dreamweaver MX 2004 (HKLM\...\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}) (Version: 7.0.1 - Macromedia)
Macromedia Extension Manager (HKLM\...\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}) (Version: 1.5 - Macromedia)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Project 2003 Step by Step (HKLM\...\InstallShield_{5F107B2C-7288-4F86-95BE-9A9C2309292E}) (Version: 1.25.0001 - Microsoft Press)
Microsoft Office Project 2003 Step by Step (Version: 1.25.0001 - Microsoft Press) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual Basic PowerPacks 10.0 (HKLM\...\{85317F07-8719-36EF-B19E-B196F383D0F3}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 30.0 (x86 en-GB)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1342 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1342 - TomTom)
NVIDIA 3D Vision Controller Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Control Panel 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
NYKO Gamepad Mapping Tools 2.0.0 (HKLM\...\NYKO Gamepad Mapping Tools_is1) (Version:  - NYKO Technologies, Inc.)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
OpenOffice 4.0.0 (HKLM\...\{EA1DC8F8-C357-44CA-A332-AB9762DF698C}) (Version: 4.00.9702 - Apache Software Foundation)
OpenProj (HKLM\...\{13702021-43FB-480C-912F-D9B74A538288}) (Version: 1.4.0 - Serena Software Inc.)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Orb Runtime libraries (Version: 1.0.0 - Orb Networks, Inc.) Hidden
OverDrive Media Console (HKLM\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
Papers, Please (HKLM\...\{428CF694-7D31-4C42-8F7D-7187F5EF6937}) (Version: 1.1.65 - 3909 LLC)
PDFtypewriter Printer Driver (HKLM\...\PDFtypewriter Printer Driver) (Version:  - )
PDFtypewriter with PDF Printer Driver (HKLM\...\{BF971496-2A24-454E-9535-0E82DEF89D8B}) (Version: 6.0.1290.0 - CTdeveloping, LLC)
Print To Go 1.0 (HKLM\...\{330276BC-26CE-4204-AB25-A7517681198F}) (Version: 1.0.143.0 - Research In Motion)
Privatefirewall 7.0 (HKLM\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
PRS-500 USB driver (HKLM\...\{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}) (Version: 1.0.00.08110 - Sony)
Python 2.7.8 (HKLM\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapport (Version: 3.5.1307.109 - Trusteer) Hidden
Reader Library by Sony (HKLM\...\{B70E5793-F912-4C62-AFE2-C4F0B078FD31}) (Version: 3.3.00.07130 - Sony Corporation)
Realistic Colors and Real Nights 2.1 - HDR Edition - (HKLM\...\Realistic Colors and Real Nights 2.1 - HDR Edition -) (Version:  - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recruitment Viewer 0.9 (HKLM\...\Recruitment Viewer_is1) (Version:  - EuropaBarbarorum)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rome - Total War - Gold Edition (HKLM\...\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}) (Version: 1.6 - The Creative Assembly)
RunAlyzer (HKLM\...\{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1) (Version: 1.6.1.24 - Safer Networking Limited)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 3.51.09 (HKLM\...\Sandboxie) (Version:  - )
SecondLife (remove only) (HKLM\...\SecondLife) (Version:  - )
Secunia PSI (3.0.0.6001) (HKLM\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.7.12055 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SlimDrivers (HKLM\...\{7E052F74-10A7-42E7-84EB-01C172F5AB5D}) (Version: 2.2.28413 - SlimWare Utilities, Inc.)
Sound Blaster Audigy ADVANCED MB (HKLM\...\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}) (Version: 1.0 - )
Splashtop Streamer (HKLM\...\InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}) (Version: 2.1.5.2 - Splashtop Inc.)
Splashtop Streamer (Version: 2.1.5.2 - Splashtop Inc.) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab CYRI (HKLM\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
The Elder Scrolls IV: Oblivion - Game of the Year Edition (HKLM\...\Steam App 22330) (Version:  - Bethesda Softworks)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Walking Dead (HKLM\...\Steam App 207610) (Version:  - )
The Witcher Enhanced Edition Director's Cut (HKLM\...\The Witcher Enhanced Edition Director's Cut_is1) (Version:  - GOG.com)
ThuumicShouter version 1.94.2 Open Beta (HKLM\...\{C9C550CB-2390-410E-883F-3BE147D64143}_is1) (Version: 1.94.2 Open Beta - DeadlyHamster)
Time Gentlemen, Please! (HKLM\...\Steam App 37400) (Version:  - Zombie Cow)
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Tropico 3 1.00 (HKLM\...\Tropico3) (Version: 1.00 - Kalypso Media)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Utility (Version: 1.00.0002 - ASUSTek) Hidden
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC_CRT_x86 (Version: 1.02.0000 - Intel Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Verification Engine (HKLM\...\Verification Engine) (Version: 2.7.0.37 - Comodo Inc)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Visual Studio C++ 9.0 Runtime (HKLM\...\{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}) (Version: 1.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
What To Do Task Manager (HKLM\...\What To Do) (Version:  - )
Windows Driver Package - LeapFrog (FlyUsb) USB  (06/15/2007 1.0.0.6) (HKLM\...\0E5906722E3ECA13747F1633D3F55E9F47120424) (Version: 06/15/2007 1.0.0.6 - LeapFrog)
Windows Driver Package - Sony Corporation (PRSUSB) USB  (08/08/2006 1.0.03.08080) (HKLM\...\75070B1806113224B16C70296B90DD1AD8A53479) (Version: 08/08/2006 1.0.03.08080 - Sony Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Wise Care 365 3.18 (HKLM\...\Wise Care 365_is1) (Version: 3.18 - WiseCleaner.com, Inc.)
Wise Care 365 version 2.27 (HKLM\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.27 - WiseCleaner.com, Inc.)
XviD MPEG-4 Video Codec (HKLM\...\xvid) (Version:  - XviD Development Team)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\JFK\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{238F6F83-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> C:\Users\JFK\AppData\Local\Citrix\ICA Client\Wfica.ocx (Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{238F6F85-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> C:\Users\JFK\AppData\Local\Citrix\ICA Client\Wfica.ocx (Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\JFK\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\JFK\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
 
==================== Restore Points  =========================
 
02-07-2014 12:17:05 Scheduled Checkpoint
03-07-2014 11:35:32 Scheduled Checkpoint
04-07-2014 09:39:37 Scheduled Checkpoint
05-07-2014 09:43:24 Scheduled Checkpoint
08-07-2014 08:22:15 Scheduled Checkpoint
08-07-2014 10:10:19 Windows Update
09-07-2014 09:10:48 Scheduled Checkpoint
10-07-2014 07:56:28 Windows Update
11-07-2014 09:48:56 Scheduled Checkpoint
12-07-2014 11:10:07 Scheduled Checkpoint
13-07-2014 19:49:34 Scheduled Checkpoint
14-07-2014 11:45:16 Scheduled Checkpoint
15-07-2014 08:56:39 Windows Update
16-07-2014 12:38:17 Scheduled Checkpoint
17-07-2014 09:44:15 Scheduled Checkpoint
18-07-2014 09:05:40 Windows Update
19-07-2014 09:02:10 Installed Java 7 Update 65
19-07-2014 11:33:54 Installed Python 2.7.8
20-07-2014 16:14:07 Scheduled Checkpoint
21-07-2014 12:15:54 Scheduled Checkpoint
22-07-2014 09:52:18 Windows Update
24-07-2014 11:45:49 Created by Wise Care 365
24-07-2014 13:34:24 Windows Update
28-07-2014 12:36:20 Scheduled Checkpoint
30-07-2014 17:00:29 Windows Update
31-07-2014 13:03:13 Scheduled Checkpoint
01-08-2014 10:03:28 Scheduled Checkpoint
07-08-2014 16:23:01 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 11:23 - 2014-03-19 19:06 - 00451967 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 .supercocklol.com
127.0.0.1 www..webloyalty.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 136136.net
127.0.0.1 www.136136.net
127.0.0.1 163ns.com
127.0.0.1 www.163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01B3B270-FF3D-4303-A5DB-5D5F194DCD9D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2634342593-3981813573-3578531822-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {19F9CAAE-46ED-4A64-8119-7D6E2FAF2C43} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2634342593-3981813573-3578531822-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2855F7B9-56D4-449C-9661-62C0B725513D} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3CB2AAEC-3F66-4A55-92C5-E17B5FB9DFBF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3F4A8945-1DEB-44B2-A414-DA14962919FC} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - JFK => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {5CED1D65-13D9-4EDB-866C-CDEC30E36F1A} - System32\Tasks\SUPERAntiSpyware Scheduled Task 666996bc-a665-4e05-a6ed-7cb23f39b03c => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {5F70F247-38B8-4D57-A1AF-2D0BE94979CD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2634342593-3981813573-3578531822-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {9246DC4A-586A-41DF-B6B5-67456E06770F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-08] (Google Inc.)
Task: {9616D847-A0AB-458D-861C-AEB8E200B419} - System32\Tasks\LaunchApp => C:\Program Files\JustCloud\JustCloud.exe [2014-03-14] (JustCloud.com)
Task: {977C7FB1-AB56-4EAD-9CC0-6A36EEC3B322} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {9FE52D87-7CE9-432A-9C50-D387A06CCB3B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2634342593-3981813573-3578531822-1001Core => C:\Users\JFK\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-27] (Google Inc.)
Task: {A2D6EF40-D4C3-4CE9-AEDA-F13950250303} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {AE48177B-4A92-445E-B419-339D7C6FCAED} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {B4ACA96D-7C96-45CA-A9BB-BF061573F0DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {BB9514F8-FDC6-4589-84AD-876105F30DB8} - System32\Tasks\SUPERAntiSpyware Scheduled Task 3e19ded3-544d-421c-9e5c-148012ec5f13 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {BD098CF4-C82E-4AA1-9DF4-05C51766B9E0} - System32\Tasks\G2MUpdateTask-S-1-5-21-2634342593-3981813573-3578531822-1001 => C:\Users\JFK\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe [2014-05-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {DA79172A-1FF6-4E1F-B72D-44325E05F888} - System32\Tasks\Wise Turbo Checker => C:\Program Files\Wise\Wise Care 365\WiseTurbo.exe [2014-07-07] (WiseCleaner.COM)
Task: {E49BA274-5D69-4329-9C87-4CFD50192FD2} - System32\Tasks\hpUtility.exe_{FCF54B5B-EF1A-4479-8C32-C97C80782FBF} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUtility.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EF1BE028-AD9A-415D-9DDE-415DD9E66A82} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2634342593-3981813573-3578531822-1001UA => C:\Users\JFK\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-27] (Google Inc.)
Task: {F2174F7B-A1D7-4A86-9BE7-09114FF2F8DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-08] (Google Inc.)
Task: {F5AC2529-3A20-4CB1-8BB0-745D1C9CD5F4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2634342593-3981813573-3578531822-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {FF365DA7-1152-460B-9F4C-A659107FE496} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-01-22] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2634342593-3981813573-3578531822-1001.job => C:\Users\JFK\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2634342593-3981813573-3578531822-1001Core.job => C:\Users\JFK\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2634342593-3981813573-3578531822-1001UA.job => C:\Users\JFK\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3e19ded3-544d-421c-9e5c-148012ec5f13.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 666996bc-a665-4e05-a6ed-7cb23f39b03c.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{1175A0CD-D8BD-4EF8-80AA-7ED728BE773B}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{EF3E54CE-B3BB-4EDF-B84B-61E857CBEDF6}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files\Wise\Wise Care 365\WiseTurbo.exe
 
==================== Loaded Modules (whitelisted) =============
 
2008-08-13 20:40 - 2006-11-30 17:24 - 00086016 _____ () C:\Windows\System32\custmon32.dll
2009-07-27 12:13 - 2009-07-27 12:13 - 00061440 _____ () C:\Windows\System32\ASDR.exe
2011-03-27 21:11 - 2011-03-27 21:11 - 00094208 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2008-03-03 22:12 - 2007-09-20 19:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2014-03-14 15:06 - 2014-03-14 15:06 - 00012288 _____ () C:\Program Files\JustCloud\GetText.dll
2014-03-14 15:00 - 2014-03-14 15:00 - 00904704 _____ () C:\Program Files\JustCloud\x86\System.Data.SQLite.dll
2007-02-28 19:34 - 2007-02-28 19:34 - 00643142 _____ () C:\Program Files\ASUS\SmartDoctor\aticlocklib.dll
2007-03-13 17:46 - 2007-03-13 17:46 - 00007168 _____ () C:\Program Files\ASUS\SmartDoctor\VOV32.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Users\JFK\AppData\Roaming\Trusteer\Rapport\app\bin\js32.dll
2012-05-20 12:04 - 2014-07-02 10:51 - 01404120 _____ () C:\Users\JFK\AppData\Roaming\Trusteer\Rapport\user\store\exts\RapportMS\baseline\RapportMS.dll
2014-07-18 10:54 - 2014-07-15 10:24 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-18 10:54 - 2014-07-15 10:24 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-18 10:54 - 2014-07-15 10:24 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-18 10:54 - 2014-07-15 10:24 - 14664008 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0F8F5844
AlternateDataStreams: C:\ProgramData\TEMP:5BB923A2
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KL1 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\kl2 => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Exif Launcher S.lnk.disabled => C:\Windows\pss\Exif Launcher S.lnk.disabled.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => 
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/07/2014 05:19:03 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (08/07/2014 05:19:01 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (08/01/2014 09:37:41 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (08/01/2014 09:37:40 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (07/30/2014 08:40:46 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=36.0.1985.125;lang=;guid=A85B70AE6D6945FE9AB1493D2CFE19C3;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\537fb1e9-b815-458a-9ca7-bb6db6e5dd39.dmp
 
Error: (07/30/2014 05:55:58 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (07/30/2014 05:55:58 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (07/28/2014 03:26:45 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{C5B17238-4009-4B25-BF3D-6216585A51F8}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (07/28/2014 00:10:18 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (07/28/2014 00:10:17 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
 
System errors:
=============
Error: (04/09/2009 00:19:04 AM) (Source: F-Secure Gatekeeper) (EventID: 1) (User: )
Description: \Device\HarddiskVolume1...E-2F59FD8FCD48}
 
Error: (04/07/2009 07:17:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: OMCI
 
Error: (04/07/2009 07:17:34 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (04/07/2009 10:42:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: OMCI
 
Error: (04/07/2009 10:42:30 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (04/07/2009 07:54:35 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: OMCI
 
Error: (04/07/2009 07:54:15 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (04/06/2009 11:35:01 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: OMCI
 
Error: (04/06/2009 11:34:40 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (04/06/2009 08:47:07 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: OMCI
 
 
Microsoft Office Sessions:
=========================
Error: (06/25/2014 05:16:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 31 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/25/2014 05:16:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 18052 seconds with 2040 seconds of active time.  This session ended with a crash.
 
Error: (08/16/2013 03:13:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 10942 seconds with 8040 seconds of active time.  This session ended with a crash.
 
Error: (11/03/2012 08:58:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 26180 seconds with 12540 seconds of active time.  This session ended with a crash.
 
Error: (04/03/2011 03:24:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/28/2011 03:04:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/11/2011 11:59:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/27/2011 08:24:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-07 17:38:04.979
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-07 17:38:04.720
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-07 17:38:04.450
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-07 17:38:04.197
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-07 17:38:03.695
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-07 17:38:03.442
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-07 17:38:03.186
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-07 17:38:02.926
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-07 17:37:33.970
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-07 17:37:33.722
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 64%
Total physical RAM: 3069.22 MB
Available physical RAM: 1080.1 MB
Total Pagefile: 6363.41 MB
Available Pagefile: 4253.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.61 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:596.18 GB) (Free:141.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 88036AA8)
Partition 1: (Active) - (Size=596 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x86) Version:5-08-2014
Ran by James at 2014-08-07 17:38:23
Running from C:\Users\JFK\scan
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Privatefirewall (Enabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
32 bit Windows Card Reader Driver (HKLM\...\{CE6DEE87-1C87-42ED-A108-7369BFE9076F}) (Version: 1.1.0.0 - TEAC)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.99 - NOS Microsystems Ltd.)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Airytec Switch Off (HKLM\...\Airytec Switch Off) (Version: 3.4.1 - Airytec)
Anki (HKLM\...\Anki) (Version:  - )
AppInventor Setup (HKLM\...\AppInventor Setup) (Version: 2.2 - Massachusetts Institute of Technology)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression for Kodak (HKLM\...\{9B260944-746E-4966-8918-0F9636930456}) (Version: 2.0.24.1216 - ArcSoft)
ASUS nVidia Driver (Version: 1.00.0000 - ASUSTek) Hidden
ASUS Smart Doctor (HKLM\...\InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}) (Version: 5.80 - ASUSTek COMPUTER INC.)
ASUS Smart Doctor (Version: 5.80 - ASUSTek COMPUTER INC.) Hidden
Beyond Good and Evil (HKLM\...\Beyond Good and Evil_is1) (Version:  - GOG.com)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Device Manager 7.0 (HKLM\...\BlackBerry_HandheldManager) (Version: 7.0.0.40 - Research In Motion Ltd.)
BlackBerry Device Manager 7.0 (Version: 7.0.0.40 - Research In Motion Ltd.) Hidden
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
Botanicula (HKLM\...\Botanicula) (Version: 1.0 - Amanita Design, s.r.o.)
calibre (HKLM\...\{4A3FCC59-5231-4634-882C-BF8B511392C5}) (Version: 0.9.5 - Kovid Goyal)
Call of Duty® - World at War™ (HKLM\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.4 - Activision)
Call of Duty® - World at War™ (Version: 1.0 - Activision) Hidden
Call of Duty® - World at War™ 1.1 Patch (Version:  - ) Hidden
Call of Duty® - World at War™ 1.1 Patch (Version: 1.1 - Activision) Hidden
Call of Duty® - World at War™ 1.2 Patch (Version:  - ) Hidden
Call of Duty® - World at War™ 1.2 Patch (Version: 1.2 - Activision) Hidden
Call of Duty® - World at War™ 1.3 Patch (Version:  - ) Hidden
Call of Duty® - World at War™ 1.3 Patch (Version: 1.3 - Activision) Hidden
Call of Duty® - World at War™ 1.4 Patch (Version:  - ) Hidden
Call of Duty® - World at War™ 1.4 Patch (Version: 1.4 - Activision) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
Citrix Online Launcher (HKLM\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Citrix XenApp Web Plugin (HKLM\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
Codec Pack - All In 1 6.0.3.0 (HKLM\...\Cool's_Codec_pack_4.12) (Version:  - )
Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.10.0000 - Dell Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
dj_sf_software_req (Version: 90.0.235.000 - Hewlett-Packard) Hidden
Downloader (HKLM\...\Downloader) (Version:  - )
Dragon Age: Origins (HKLM\...\Steam App 17450) (Version:  - BioWare)
Dual-Core Optimizer (HKLM\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Empire: Total War (HKLM\...\Steam App 10500) (Version:  - Creative Assembly)
Europa Barbarorum 1.1 (HKLM\...\{9BCAC864-84C0-409F-8D12-364109622D18}_is1) (Version:  - Europa Barbarorum)
Fallout 3 (HKCU\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Feedback Tool (HKLM\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Ferrari Virtual Race (remove only) (HKLM\...\FerrariVR) (Version:  - )
FileZilla Client 3.4.0 (HKLM\...\FileZilla Client) (Version: 3.4.0 - )
Fraps (HKLM\...\Fraps) (Version:  - )
Freemake Video Converter version 4.1.4 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Freemote Control Server (HKLM\...\Freemote Control Server) (Version: 1.3.3 - Accentual Software)
FUJIFILM FinePixViewer S Ver.2.1 (HKLM\...\{88B32652-CAE0-4909-A463-5840D2689D93}) (Version: 2.1.0.3 - FUJIFILM Corporation)
Glary Registry Repair 3.3.0.852 (HKLM\...\Glary Registry Repair_is1) (Version:  - GlarySoft.com)
Glary Utilities 2.54.0.1759 (HKLM\...\Glary Utilities_is1) (Version: 2.54.0.1759 - Glarysoft Ltd)
Gone Home (HKLM\...\GoneHome) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HP Deskjet Printer Driver Software 9.0 (HKLM\...\{E0C18BB0-32CA-4679-B422-9B9FA825378F}) (Version: 9.0 - HP)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{9C55C629-6C4F-48A9-8840-C897DF6187ED}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.11182 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Update (HKLM\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Network Connections 12.4.38.0 (HKLM\...\PROSetDX) (Version: 12.4.38.0 - Intel)
Intel® Network Connections 12.4.38.0 (Version: 12.4.38.0 - Intel) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Jasc Paint Shop Pro 8 Dell Edition (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.0000 - Jasc Software Inc)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java DB 10.6.2.1 (HKLM\...\{73EC658D-A1C6-40CA-8E86-E05821BAACE7}) (Version: 10.6.2.1 - Oracle)
Java™ SE Development Kit 6 Update 43 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160430}) (Version: 1.6.0.430 - Oracle)
Jing (HKLM\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Just Cause 2 (HKLM\...\Steam App 8190) (Version:  - Avalanche Studios)
JustCloud  (HKLM\...\JustCloud) (Version:  - JDi Backup Ltd)
KeyScrambler (HKLM\...\KeyScrambler) (Version: 3.4.0.2 - QFX Software Corporation)
Last.fm Scrobbler 2.1.35 (HKLM\...\LastFM_is1) (Version:  - Last.fm)
Macromedia Dreamweaver MX 2004 (HKLM\...\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}) (Version: 7.0.1 - Macromedia)
Macromedia Extension Manager (HKLM\...\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}) (Version: 1.5 - Macromedia)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Project 2003 Step by Step (HKLM\...\InstallShield_{5F107B2C-7288-4F86-95BE-9A9C2309292E}) (Version: 1.25.0001 - Microsoft Press)
Microsoft Office Project 2003 Step by Step (Version: 1.25.0001 - Microsoft Press) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual Basic PowerPacks 10.0 (HKLM\...\{85317F07-8719-36EF-B19E-B196F383D0F3}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 30.0 (x86 en-GB)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1342 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1342 - TomTom)
NVIDIA 3D Vision Controller Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Control Panel 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
NYKO Gamepad Mapping Tools 2.0.0 (HKLM\...\NYKO Gamepad Mapping Tools_is1) (Version:  - NYKO Technologies, Inc.)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
OpenOffice 4.0.0 (HKLM\...\{EA1DC8F8-C357-44CA-A332-AB9762DF698C}) (Version: 4.00.9702 - Apache Software Foundation)
OpenProj (HKLM\...\{13702021-43FB-480C-912F-D9B74A538288}) (Version: 1.4.0 - Serena Software Inc.)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Orb Runtime libraries (Version: 1.0.0 - Orb Networks, Inc.) Hidden
OverDrive Media Console (HKLM\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
Papers, Please (HKLM\...\{428CF694-7D31-4C42-8F7D-7187F5EF6937}) (Version: 1.1.65 - 3909 LLC)
PDFtypewriter Printer Driver (HKLM\...\PDFtypewriter Printer Driver) (Version:  - )
PDFtypewriter with PDF Printer Driver (HKLM\...\{BF971496-2A24-454E-9535-0E82DEF89D8B}) (Version: 6.0.1290.0 - CTdeveloping, LLC)
Print To Go 1.0 (HKLM\...\{330276BC-26CE-4204-AB25-A7517681198F}) (Version: 1.0.143.0 - Research In Motion)
Privatefirewall 7.0 (HKLM\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
PRS-500 USB driver (HKLM\...\{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}) (Version: 1.0.00.08110 - Sony)
Python 2.7.8 (HKLM\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapport (Version: 3.5.1307.109 - Trusteer) Hidden
Reader Library by Sony (HKLM\...\{B70E5793-F912-4C62-AFE2-C4F0B078FD31}) (Version: 3.3.00.07130 - Sony Corporation)
Realistic Colors and Real Nights 2.1 - HDR Edition - (HKLM\...\Realistic Colors and Real Nights 2.1 - HDR Edition -) (Version:  - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recruitment Viewer 0.9 (HKLM\...\Recruitment Viewer_is1) (Version:  - EuropaBarbarorum)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rome - Total War - Gold Edition (HKLM\...\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}) (Version: 1.6 - The Creative Assembly)
RunAlyzer (HKLM\...\{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1) (Version: 1.6.1.24 - Safer Networking Limited)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 3.51.09 (HKLM\...\Sandboxie) (Version:  - )
SecondLife (remove only) (HKLM\...\SecondLife) (Version:  - )
Secunia PSI (3.0.0.6001) (HKLM\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.7.12055 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SlimDrivers (HKLM\...\{7E052F74-10A7-42E7-84EB-01C172F5AB5D}) (Version: 2.2.28413 - SlimWare Utilities, Inc.)
Sound Blaster Audigy ADVANCED MB (HKLM\...\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}) (Version: 1.0 - )
Splashtop Streamer (HKLM\...\InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}) (Version: 2.1.5.2 - Splashtop Inc.)
Splashtop Streamer (Version: 2.1.5.2 - Splashtop Inc.) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab CYRI (HKLM\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
The Elder Scrolls IV: Oblivion - Game of the Year Edition (HKLM\...\Steam App 22330) (Version:  - Bethesda Softworks)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Walking Dead (HKLM\...\Steam App 207610) (Version:  - )
The Witcher Enhanced Edition Director's Cut (HKLM\...\The Witcher Enhanced Edition Director's Cut_is1) (Version:  - GOG.com)
ThuumicShouter version 1.94.2 Open Beta (HKLM\...\{C9C550CB-2390-410E-883F-3BE147D64143}_is1) (Version: 1.94.2 Open Beta - DeadlyHamster)
Time Gentlemen, Please! (HKLM\...\Steam App 37400) (Version:  - Zombie Cow)
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Tropico 3 1.00 (HKLM\...\Tropico3) (Version: 1.00 - Kalypso Media)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Utility (Version: 1.00.0002 - ASUSTek) Hidden
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC_CRT_x86 (Version: 1.02.0000 - Intel Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Verification Engine (HKLM\...\Verification Engine) (Version: 2.7.0.37 - Comodo Inc)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Visual Studio C++ 9.0 Runtime (HKLM\...\{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}) (Version: 1.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
What To Do Task Manager (HKLM\...\What To Do) (Version:  - )
Windows Driver Package - LeapFrog (FlyUsb) USB  (06/15/2007 1.0.0.6) (HKLM\...\0E5906722E3ECA13747F1633D3F55E9F47120424) (Version: 06/15/2007 1.0.0.6 - LeapFrog)
Windows Driver Package - Sony Corporation (PRSUSB) USB  (08/08/2006 1.0.03.08080) (HKLM\...\75070B1806113224B16C70296B90DD1AD8A53479) (Version: 08/08/2006 1.0.03.08080 - Sony Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Wise Care 365 3.18 (HKLM\...\Wise Care 365_is1) (Version: 3.18 - WiseCleaner.com, Inc.)
Wise Care 365 version 2.27 (HKLM\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.27 - WiseCleaner.com, Inc.)
XviD MPEG-4 Video Codec (HKLM\...\xvid) (Version:  - XviD Development Team)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\JFK\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{238F6F83-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> C:\Users\JFK\AppData\Local\Citrix\ICA Client\Wfica.ocx (Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{238F6F85-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> C:\Users\JFK\AppData\Local\Citrix\ICA Client\Wfica.ocx (Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\JFK\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\JFK\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2634342593-3981813573-3578531822-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\JFK\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
 
==================== Restore Points  =========================
 
02-07-2014 12:17:05 Scheduled Checkpoint
03-07-2014 11:35:32 Scheduled Checkpoint
04-07-2014 09:39:37 Scheduled Checkpoint
05-07-2014 09:43:24 Scheduled Checkpoint
08-07-2014 08:22:15 Scheduled Checkpoint
08-07-2014 10:10:19 Windows Update
09-07-2014 09:10:48 Scheduled Checkpoint
10-07-2014 07:56:28 Windows Update
11-07-2014 09:48:56 Scheduled Checkpoint
12-07-2014 11:10:07 Scheduled Checkpoint
13-07-2014 19:49:34 Scheduled Checkpoint
14-07-2014 11:45:16 Scheduled Checkpoint
15-07-2014 08:56:39 Windows Update
16-07-2014 12:38:17 Scheduled Checkpoint
17-07-2014 09:44:15 Scheduled Checkpoint
18-07-2014 09:05:40 Windows Update
19-07-2014 09:02:10 Installed Java 7 Update 65
19-07-2014 11:33:54 Installed Python 2.7.8
20-07-2014 16:14:07 Scheduled Checkpoint
21-07-2014 12:15:54 Scheduled Checkpoint
22-07-2014 09:52:18 Windows Update
24-07-2014 11:45:49 Created by Wise Care 365
24-07-2014 13:34:24 Windows Update
28-07-2014 12:36:20 Scheduled Checkpoint
30-07-2014 17:00:29 Windows Update
31-07-2014 13:03:13 Scheduled Checkpoint
01-08-2014 10:03:28 Scheduled Checkpoint
07-08-2014 16:23:01 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 11:23 - 2014-03-19 19:06 - 00451967 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 .supercocklol.com
127.0.0.1 www..webloyalty.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 136136.net
127.0.0.1 www.136136.net
127.0.0.1 163ns.com
127.0.0.1 www.163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01B3B270-FF3D-4303-A5DB-5D5F194DCD9D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2634342593-3981813573-3578531822-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {19F9CAAE-46ED-4A64-8119-7D6E2FAF2C43} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2634342593-3981813573-3578531822-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2855F7B9-56D4-449C-9661-62C0B725513D} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3CB2AAEC-3F66-4A55-92C5-E17B5FB9DFBF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3F4A8945-1DEB-44B2-A414-DA14962919FC} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - JFK => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {5CED1D65-13D9-4EDB-866C-CDEC30E36F1A} - System32\Tasks\SUPERAntiSpyware Scheduled Task 666996bc-a665-4e05-a6ed-7cb23f39b03c => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {5F70F247-38B8-4D57-A1AF-2D0BE94979CD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2634342593-3981813573-3578531822-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {9246DC4A-586A-41DF-B6B5-67456E06770F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-08] (Google Inc.)
Task: {9616D847-A0AB-458D-861C-AEB8E200B419} - System32\Tasks\LaunchApp => C:\Program Files\JustCloud\JustCloud.exe [2014-03-14] (JustCloud.com)
Task: {977C7FB1-AB56-4EAD-9CC0-6A36EEC3B322} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {9FE52D87-7CE9-432A-9C50-D387A06CCB3B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2634342593-3981813573-3578531822-1001Core => C:\Users\JFK\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-27] (Google Inc.)
Task: {A2D6EF40-D4C3-4CE9-AEDA-F13950250303} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {AE48177B-4A92-445E-B419-339D7C6FCAED} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {B4ACA96D-7C96-45CA-A9BB-BF061573F0DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {BB9514F8-FDC6-4589-84AD-876105F30DB8} - System32\Tasks\SUPERAntiSpyware Scheduled Task 3e19ded3-544d-421c-9e5c-148012ec5f13 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {BD098CF4-C82E-4AA1-9DF4-05C51766B9E0} - System32\Tasks\G2MUpdateTask-S-1-5-21-2634342593-3981813573-3578531822-1001 => C:\Users\JFK\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe [2014-05-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {DA79172A-1FF6-4E1F-B72D-44325E05F888} - System32\Tasks\Wise Turbo Checker => C:\Program Files\Wise\Wise Care 365\WiseTurbo.exe [2014-07-07] (WiseCleaner.COM)
Task: {E49BA274-5D69-4329-9C87-4CFD50192FD2} - System32\Tasks\hpUtility.exe_{FCF54B5B-EF1A-4479-8C32-C97C80782FBF} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUtility.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EF1BE028-AD9A-415D-9DDE-415DD9E66A82} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2634342593-3981813573-3578531822-1001UA => C:\Users\JFK\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-27] (Google Inc.)
Task: {F2174F7B-A1D7-4A86-9BE7-09114FF2F8DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-08] (Google Inc.)
Task: {F5AC2529-3A20-4CB1-8BB0-745D1C9CD5F4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2634342593-3981813573-3578531822-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {FF365DA7-1152-460B-9F4C-A659107FE496} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-01-22] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2634342593-3981813573-3578531822-1001.job => C:\Users\JFK\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2634342593-3981813573-3578531822-1001Core.job => C:\Users\JFK\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2634342593-3981813573-3578531822-1001UA.job => C:\Users\JFK\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3e19ded3-544d-421c-9e5c-148012ec5f13.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 666996bc-a665-4e05-a6ed-7cb23f39b03c.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{1175A0CD-D8BD-4EF8-80AA-7ED728BE773B}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{EF3E54CE-B3BB-4EDF-B84B-61E857CBEDF6}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files\Wise\Wise Care 365\WiseTurbo.exe
 
==================== Loaded Modules (whitelisted) =============
 
2008-08-13 20:40 - 2006-11-30 17:24 - 00086016 _____ () C:\Windows\System32\custmon32.dll
2009-07-27 12:13 - 2009-07-27 12:13 - 00061440 _____ () C:\Windows\System32\ASDR.exe
2011-03-27 21:11 - 2011-03-27 21:11 - 00094208 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2008-03-03 22:12 - 2007-09-20 19:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2014-03-14 15:06 - 2014-03-14 15:06 - 00012288 _____ () C:\Program Files\JustCloud\GetText.dll
2014-03-14 15:00 - 2014-03-14 15:00 - 00904704 _____ () C:\Program Files\JustCloud\x86\System.Data.SQLite.dll
2007-02-28 19:34 - 2007-02-28 19:34 - 00643142 _____ () C:\Program Files\ASUS\SmartDoctor\aticlocklib.dll
2007-03-13 17:46 - 2007-03-13 17:46 - 00007168 _____ () C:\Program Files\ASUS\SmartDoctor\VOV32.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Users\JFK\AppData\Roaming\Trusteer\Rapport\app\bin\js32.dll
2012-05-20 12:04 - 2014-07-02 10:51 - 01404120 _____ () C:\Users\JFK\AppData\Roaming\Trusteer\Rapport\user\store\exts\RapportMS\baseline\RapportMS.dll
2014-07-18 10:54 - 2014-07-15 10:24 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-18 10:54 - 2014-07-15 10:24 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-18 10:54 - 2014-07-15 10:24 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-18 10:54 - 2014-07-15 10:24 - 14664008 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0F8F5844
AlternateDataStreams: C:\ProgramData\TEMP:5BB923A2
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KL1 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\kl2 => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Exif Launcher S.lnk.disabled => C:\Windows\pss\Exif Launcher S.lnk.disabled.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => 
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/07/2014 05:19:03 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (08/07/2014 05:19:01 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (08/01/2014 09:37:41 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (08/01/2014 09:37:40 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (07/30/2014 08:40:46 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=36.0.1985.125;lang=;guid=A85B70AE6D6945FE9AB1493D2CFE19C3;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\537fb1e9-b815-458a-9ca7-bb6db6e5dd39.dmp
 
Error: (07/30/2014 05:55:58 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (07/30/2014 05:55:58 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (07/28/2014 03:26:45 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{C5B17238-4009-4B25-BF3D-6216585A51F8}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (07/28/2014 00:10:18 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (07/28/2014 00:10:17 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
 
System errors:
=============
Error: (04/09/2009 00:19:04 AM) (Source: F-Secure Gatekeeper) (EventID: 1) (User: )
Description: \Device\HarddiskVolume1...E-2F59FD8FCD48}
 
Error: (04/07/2009 07:17:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: OMCI
 
Error: (04/07/2009 07:17:34 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (04/07/2009 10:42:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: OMCI
 
Error: (04/07/2009 10:42:30 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (04/07/2009 07:54:35 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: OMCI
 
Error: (04/07/2009 07:54:15 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (04/06/2009 11:35:01 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: OMCI
 
Error: (04/06/2009 11:34:40 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (04/06/2009 08:47:07 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: OMCI
 
 
Microsoft Office Sessions:
=========================
Error: (06/25/2014 05:16:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 31 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/25/2014 05:16:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 18052 seconds with 2040 seconds of active time.  This session ended with a crash.
 
Error: (08/16/2013 03:13:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 10942 seconds with 8040 seconds of active time.  This session ended with a crash.
 
Error: (11/03/2012 08:58:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 26180 seconds with 12540 seconds of active time.  This session ended with a crash.
 
Error: (04/03/2011 03:24:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/28/2011 03:04:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/11/2011 11:59:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/27/2011 08:24:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-07 17:38:04.979
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-07 17:38:04.720
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-07 17:38:04.450
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-07 17:38:04.197
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-07 17:38:03.695
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-07 17:38:03.442
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-07 17:38:03.186
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-07 17:38:02.926
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-07 17:37:33.970
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-07 17:37:33.722
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 64%
Total physical RAM: 3069.22 MB
Available physical RAM: 1080.1 MB
Total Pagefile: 6363.41 MB
Available Pagefile: 4253.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.61 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:596.18 GB) (Free:141.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 88036AA8)
Partition 1: (Active) - (Size=596 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
 
 
 
 

 

Attached Files



#6 jfkyle

jfkyle
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 07 August 2014 - 12:02 PM

And finally here is DDS.txt
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.19543  BrowserJavaVersion: 10.65.2
Run by James at 17:51:42 on 2014-08-07
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3069.854 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Privatefirewall *Enabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\ASDR.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files\KeyScrambler\KeyScrambler.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\JFK\AppData\Roaming\Trusteer\Rapport\app\bin\RapportService.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\HP\HP Officejet Pro 8600\bin\HPNetworkCommunicator.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.co.uk/
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Comodo VerificationEngine: {A968A4B4-C492-4834-B651-17602C3885C8} - c:\program files\comodo\vengine\VEngineIE32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - 
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [Privatefirewall] c:\program files\privacyware\privatefirewall 7.0\PFGUI.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KeyScrambler] c:\program files\keyscrambler\keyscrambler.exe /a
mRunOnce: [*WerKernelReporting] c:\windows\system32\WerFault.exe -k -rq
StartupFolder: c:\users\james\appdata\roaming\micros~1\windows\startm~1\programs\startup\justcl~1.lnk - c:\program files\justcloud\JustCloud.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\aistar~1.lnk - c:\program files\appinventor\aiStarter.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{0BD908FC-2358-436C-AF80-163E86116CB5} : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{61257433-E94A-4A86-A40F-7CD8F2C424BA} : DHCPNameServer = 194.168.4.100 194.168.8.100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\james\appdata\roaming\mozilla\firefox\profiles\8ctv2k1p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - www.yahoo.co.uk
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\downloader\npdd.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1209149.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
FF - ExtSQL: !HIDDEN! 2009-09-02 08:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.zonealarm.autoRvrt, false
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=b1ce0f70202b4ad997e3e874b932418d&tu=10Go800762B000s&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - ae54415f000000000000001d09233713
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15780
FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16
FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.1612:20:48
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1042
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN117234483140550-1042
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [2013-4-4 102728]
R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2013-4-14 130568]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-3-14 238952]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-7-21 1809720]
R2 PFNet;Privacyware network service;c:\program files\privacyware\privatefirewall 7.0\pfsvc.exe [2013-12-17 374600]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-8-31 1153368]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-11-26 659040]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-3-19 3289208]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-3-14 36608]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap.sys [2013-8-16 33280]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-3-15 209016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-16 23256]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-12-27 125672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-7-21 860472]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S2 WiseBootAssistant;Wise Boot Assistant;c:\program files\wise\wise care 365\BootTime.exe [2012-11-30 580232]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2014-4-13 1763584]
S3 Blackberry Device Manager;BlackBerry Device Manager;c:\program files\common files\research in motion\usb drivers\BbDevMgr.exe [2013-1-18 577536]
S3 BOCore;BOCore;c:\program files\comodo\cboclean\BOCore.exe [2008-8-9 73464]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-4-9 25832]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-9-29 19456]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-20 21504]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-7-21 51928]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-9-20 21504]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-11-26 1225312]
S3 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2012-11-5 548264]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2011-3-14 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2011-3-14 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2011-3-14 123648]
S3 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2012-3-15 370504]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-4-7 13464]
S3 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\airytec\switch off\swoff.exe -service --> c:\program files\airytec\switch off\swoff.exe -service [?]
S3 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\airytec\switch off\swoff.exe -service --> c:\program files\airytec\switch off\swoff.exe -service [?]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\drivers\wip0204.sys [2011-1-7 23480]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-08-07 16:33:46 -------- d-----w- C:\FRST
2014-08-07 16:24:15 8217224 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c274d4f3-ec78-4673-bd93-0aba2ccdd0e5}\mpengine.dll
2014-07-21 10:52:53 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-21 10:52:22 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-21 10:52:22 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-21 10:52:22 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-19 11:42:56 -------- d-----w- C:\Python27
2014-07-19 11:31:07 46704 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-07-19 11:31:05 822384 ----a-w- c:\program files\mozilla firefox\icuuc52.dll
2014-07-19 11:31:05 10594416 ----a-w- c:\program files\mozilla firefox\icudt52.dll
2014-07-19 11:31:05 1022576 ----a-w- c:\program files\mozilla firefox\icuin52.dll
2014-07-19 10:06:48 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M  ====================
.
2014-07-09 13:03:13 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 13:03:13 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-30 15:03:52 2454016 ----a-w- c:\windows\system32\python27.dll
2014-06-07 00:19:04 2051072 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 08:59:38 506880 ----a-w- c:\windows\system32\qedit.dll
2014-05-30 06:53:22 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-28 07:08:29 916992 ----a-w- c:\windows\system32\wininet.dll
2014-05-28 07:03:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-05-28 07:02:39 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-05-28 07:02:21 71680 ----a-w- c:\windows\system32\iesetup.dll
2014-05-28 07:02:21 109056 ----a-w- c:\windows\system32\iesysprep.dll
2014-05-28 07:00:35 18944 ----a-w- c:\windows\system32\corpol.dll
2014-05-28 05:26:56 385024 ----a-w- c:\windows\system32\html.iec
2014-05-28 03:44:35 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2014-05-28 03:42:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-13 16:45:58 6103040 ----a-w- c:\program files\GUT9FF.tmp
2014-05-12 06:25:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 17:52:05.12 ===============


#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Instructor
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:54 PM

Posted 08 August 2014 - 06:16 PM

Hello again,
 
Good to see you back! :)
 
Let's run these steps first:

Step :step1:

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Attached File  fixlist.txt   1.8KB   1 downloads
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

Step :step2:

I see you have Malwarebytes Antimalware (aka MBAM) installed. Please update the program, run a quick/hyper scan, and post the resultant log in your next reply!

==========

In your next reply, please post both requested logs and let me know how the machine is running now!

bloopie



#8 jfkyle

jfkyle
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 10 August 2014 - 08:20 AM

At moment everything running fine. Of course that is the challenge with an intermittent error - it is difficult to know if it has gone away for good. Anyway MBAM scan came up with no errors. Logs below.

 

Thanks

 

James

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:10-08-2014
Ran by James at 2014-08-10 13:58:02 Run:1
Running from C:\Users\JFK\scan
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-2634342593-3981813573-3578531822-1000\...\MountPoints2: {82b4a83d-fc3a-11dc-b3ab-001d09233713} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2634342593-3981813573-3578531822-1001\...\MountPoints2: {46212b4f-1ace-11e2-ac9d-001d09233713} - J:\MI.exe
HKU\S-1-5-21-2634342593-3981813573-3578531822-1001\...\MountPoints2: {4a545623-2563-11e1-aed1-001d09233713} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\drivers\setup.exe
HKU\S-1-5-21-2634342593-3981813573-3578531822-1001\...\MountPoints2: {82b4a83d-fc3a-11dc-b3ab-001d09233713} - K:\LaunchU3.exe -a
SearchScopes: HKCU - DefaultScope {39E91394-EAAB-4753-A4FC-41580CE03F5A} URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {210073B5-670D-4ABE-A7CB-83EDBC77BF35} URL = http://search.orbitdownloader.com/ie.php?q={searchTerms}&enc={inputEncoding}
SearchScopes: HKCU - {39E91394-EAAB-4753-A4FC-41580CE03F5A} URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {6ABFB2C8-18E6-4f4c-B349-A13CECF8B438} URL = http://search.speedbit.com/searchresults.asp?src=default&q={searchTerms}
S3 SplashtopRemoteService; C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe [548264 2012-11-05] (Splashtop Inc.)
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
S3 SSUService; C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [370504 2012-03-15] (Splashtop Inc.)
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Users\James\cc_20080816_1454.reg
C:\Users\James\cc_20110318_1624.reg
C:\Users\James\cc_20111016_1204.reg
C:\Users\James\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.1.exe
C:\Users\James\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\James\AppData\Local\Temp\VSUSetup.exe
 
*****************
 
"HKU\S-1-5-21-2634342593-3981813573-3578531822-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82b4a83d-fc3a-11dc-b3ab-001d09233713}" => Key deleted successfully.
"HKCR\CLSID\{82b4a83d-fc3a-11dc-b3ab-001d09233713}" => Key not found.
"HKU\S-1-5-21-2634342593-3981813573-3578531822-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46212b4f-1ace-11e2-ac9d-001d09233713}" => Key deleted successfully.
"HKCR\CLSID\{46212b4f-1ace-11e2-ac9d-001d09233713}" => Key not found.
"HKU\S-1-5-21-2634342593-3981813573-3578531822-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a545623-2563-11e1-aed1-001d09233713}" => Key deleted successfully.
"HKCR\CLSID\{4a545623-2563-11e1-aed1-001d09233713}" => Key not found.
"HKU\S-1-5-21-2634342593-3981813573-3578531822-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82b4a83d-fc3a-11dc-b3ab-001d09233713}" => Key deleted successfully.
"HKCR\CLSID\{82b4a83d-fc3a-11dc-b3ab-001d09233713}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{210073B5-670D-4ABE-A7CB-83EDBC77BF35}" => Key deleted successfully.
"HKCR\CLSID\{210073B5-670D-4ABE-A7CB-83EDBC77BF35}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{39E91394-EAAB-4753-A4FC-41580CE03F5A}" => Key deleted successfully.
"HKCR\CLSID\{39E91394-EAAB-4753-A4FC-41580CE03F5A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6ABFB2C8-18E6-4f4c-B349-A13CECF8B438}" => Key deleted successfully.
"HKCR\CLSID\{6ABFB2C8-18E6-4f4c-B349-A13CECF8B438}" => Key not found.
SplashtopRemoteService => Service deleted successfully.
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe => Moved successfully.
SSUService => Service deleted successfully.
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe => Moved successfully.
C:\Users\James\cc_20080816_1454.reg => Moved successfully.
C:\Users\James\cc_20110318_1624.reg => Moved successfully.
C:\Users\James\cc_20111016_1204.reg => Moved successfully.
C:\Users\James\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.1.exe => Moved successfully.
C:\Users\James\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
C:\Users\James\AppData\Local\Temp\VSUSetup.exe => Moved successfully.
 
==== End of Fixlog ====
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/08/2014
Scan Time: 14:01:16
Logfile: 
Administrator: No
 
Version: 2.00.2.1012
Malware Database: v2014.08.10.03
Rootkit Database: v2014.08.04.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: JFK
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 242860
Time Elapsed: 10 min, 47 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Instructor
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:54 PM

Posted 10 August 2014 - 01:29 PM

Hello again,

Good work! :)
 

Of course that is the challenge with an intermittent error - it is difficult to know if it has gone away for good.

Very true, but we're here to find out if malware is the culprit of the errors. Once we disprove malware as the problem, then we'll make sure you get to the bottom of the issue in the other main forums of BC! :)

We have removed a couple of malware services in the last script and I was just asking if the machine is still running okay after the removal. :wink:
 
==========
 
Since there were a couple of malware services running on the machine, then I'd like to run Combofix (and another tool) to get another log for us to check out!:

Step :step1:

Run Combofix

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out here or here

Combofix may need to reboot your computer more than once to do its job...this is normal.

You can download Combofix from one of these links.
  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.
Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

==========

Step :step2:
  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg
  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png
  • Once the system reboots, and you see the Kaspersky TDSSKiller window again. Please click "Change Parameters" again, and make sure all boxes are checkboxed!
  • Click Start Scan and allow the scan process to run


    tds4-1.jpg
  • If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
    ***Do NOT select Delete!
  • Click Continue


    tds6.jpg
  • Click Reboot computer
  • Please attach the [b]TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) to your next reply. Do not copy and paste this log as it can be very long.
bloopie

#10 jfkyle

jfkyle
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 12 August 2014 - 06:27 AM

Hi Bloopie

 

Downloaded Combofix and turned off anti-virus & firewall. Ran it. After about 20 minutes it rebooted the PC, and the run window flashed and moved for several minutes. After this however there was no completion message. NirCmd.3xe was still showing up under running processes but there was no obvious activity. More than an hour after initiating the program I had to make the decision that noting else was going to happen.

 

Combofix.txt

 

ComboFix 14-08-12.01 - James 12/08/2014  11:03:12.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3069.1790 [GMT 1:00]
Running from: C:\Users\JFK\scan\ComboFix.exe
FW: Privatefirewall *Disabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
In passing, there was one message I noticed where it said it was deleting install.exe from the C drive.
 
In retrospect there was one thing I thought of. I usually log into an account separate from the admin account and I ran combofix from this account (JFK) not the admin one (James) - perhaps it would have been better to execute from he admin one.
 
 
I will not run anything else until I hear back from you.
 
Can I also follow up on your reference to malware services on my PC. Do yu have any more details on that? Was there anything serious that I should worry about with regards to keylogging passwords etc.?
 
Thanks again
 
James


#11 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Instructor
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:54 PM

Posted 12 August 2014 - 08:46 PM

Hello again,

The malicious services that we removed do not have any keylogging or password recovery capabilities, so you don't have to worry about that. :)

==========

However, the Combofix log that you posted is incomplete, and one of the processes that you noticed running, was that of Combofix, (any process that ends in 3xe is part of Combofix).

Please run CF again, and let it do it's thing. This time, give it an hour before stopping it. If you think it May have stalled, check the computer clock...if it is still running, then Combofix is still running...also check the processes, look for any .3ex's...that will also indicate CF is still running. :wink:

Please post the result when finished. You do not need an admin account to run the tool either. The JFK account is fine.

Let me know how it goes! :)

bloopie

#12 jfkyle

jfkyle
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 13 August 2014 - 06:02 AM

Combofix log
 
ComboFix 14-08-12.01 - James 12/08/2014  11:03:12.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3069.1790 [GMT 1:00]
Running from: c:\users\JFK\scan\ComboFix.exe
FW: Privatefirewall *Disabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WiseBootAssistant
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-13 to 2014-08-13  )))))))))))))))))))))))))))))))
.
.
2014-08-12 10:31 . 2014-08-13 10:09 -------- d-----w- c:\users\James\AppData\Local\temp
2014-08-12 10:31 . 2014-08-13 09:58 -------- d-----w- c:\users\JFK\AppData\Local\temp
2014-08-12 10:31 . 2014-08-12 10:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-12 10:31 . 2014-08-12 10:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-08-12 10:31 . 2014-08-12 10:31 -------- d-----w- c:\users\boinc_master\AppData\Local\temp
2014-08-07 16:35 . 2014-08-12 09:56 -------- d-----w- c:\users\JFK\scan
2014-08-07 16:33 . 2014-08-10 12:58 -------- d-----w- C:\FRST
2014-07-21 10:52 . 2014-07-28 11:28 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-21 10:52 . 2014-07-21 10:52 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-21 10:52 . 2014-05-12 06:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-21 10:52 . 2014-05-12 06:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-19 11:42 . 2014-07-19 11:44 -------- d-----w- C:\Python27
2014-07-19 11:31 . 2014-06-06 04:39 46704 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2014-07-19 11:31 . 2014-06-06 04:38 822384 ----a-w- c:\program files\Mozilla Firefox\icuuc52.dll
2014-07-19 11:31 . 2014-06-06 04:38 1022576 ----a-w- c:\program files\Mozilla Firefox\icuin52.dll
2014-07-19 11:31 . 2014-06-06 04:38 10594416 ----a-w- c:\program files\Mozilla Firefox\icudt52.dll
2014-07-19 11:23 . 2014-07-19 11:23 -------- d-----w- c:\users\James\AppData\Roaming\Oracle
2014-07-19 10:06 . 2014-07-19 10:06 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-15 14:49 . 2014-07-15 14:49 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 13:03 . 2014-03-13 13:11 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 13:03 . 2014-03-13 13:11 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-02 03:11 . 2014-08-12 09:38 8217224 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D781D777-D64B-4945-B05E-4ACD80CC9298}\mpengine.dll
2014-06-30 15:03 . 2014-06-30 15:03 2454016 ----a-w- c:\windows\system32\python27.dll
2014-06-07 00:19 . 2014-07-09 08:34 2051072 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 08:59 . 2014-07-09 08:34 506880 ----a-w- c:\windows\system32\qedit.dll
2014-05-30 06:53 . 2014-07-09 08:34 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-28 07:08 . 2014-07-09 08:34 916992 ----a-w- c:\windows\system32\wininet.dll
2014-05-28 07:03 . 2014-07-09 08:34 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-05-28 07:02 . 2014-07-09 08:34 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-05-28 07:02 . 2014-07-09 08:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2014-05-28 07:02 . 2014-07-09 08:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2014-05-28 07:00 . 2014-07-09 08:34 18944 ----a-w- c:\windows\system32\corpol.dll
2014-05-28 05:26 . 2014-07-09 08:34 385024 ----a-w- c:\windows\system32\html.iec
2014-05-28 03:44 . 2014-07-09 08:34 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2014-05-28 03:42 . 2014-07-09 08:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-20 10:00 . 2014-05-20 10:00 4320256 ----a-r- c:\users\JFK\AppData\Roaming\Microsoft\Installer\{428CF694-7D31-4C42-8F7D-7187F5EF6937}\PapersPlease.exe
2014-05-13 16:45 . 2014-05-13 16:45 6103040 ----a-w- c:\program files\GUT9FF.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 13:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 13:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 13:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 13:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 13:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 13:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-06-10 5626136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504]
"Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2013-12-17 3048480]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"KeyScrambler"="c:\program files\KeyScrambler\keyscrambler.exe" [2014-05-31 508144]
.
c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
JustCloud.lnk - c:\program files\JustCloud\JustCloud.exe [2014-3-14 3083304]
.
c:\users\JFK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2ARBVG7205KC;CONNECTION=NW;MONITOR=1; [2006-11-2 44544]
Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk.disabled [2013-4-9 1765]
OneNote 2007 Screen Clipper and Launcher.lnk.disabled [2008-3-3 1111]
OpenOffice.org 3.0.lnk.disabled [2009-3-1 1028]
OpenOffice.org 3.3.lnk.disabled [2011-2-19 988]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
aiStarter.lnk - c:\program files\AppInventor\aiStarter.exe [2013-12-21 4174279]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Exif Launcher S.lnk.disabled]
backup=c:\windows\pss\Exif Launcher S.lnk.disabled.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 16:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
"Steam"="c:\program files\Steam\Steam.exe" -silent
"AutoStartNPSAgent"=c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"MyDriveConnect.exe"="c:\program files\MyDrive Connect\MyDriveConnect.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"PDFtypewriterPrinterMonitor"="c:\program files\PDFtypewriter\Printer\PDFtypewriterMonitorStart.exe"
"SigmatelSysTrayApp"=c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Reader Library Launcher"=c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"ArcSoft MediaImpression Monitor"=c:\program files\Kodak\MediaImpression\ArcMonitor.exe
"VEngine"=c:\program files\Comodo\VEngine\VEngine.exe
"hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
"RIMBBLaunchAgent.exe"=c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXMediaServer"=c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-10-10 120088]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ   getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
nosGetPlusHelper REG_MULTI_SZ   nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 09:24 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13 13:03]
.
2014-08-12 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-2634342593-3981813573-3578531822-1001.job
- c:\users\JFK\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe [2014-05-18 19:03]
.
2014-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-08 19:10]
.
2014-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-08 19:10]
.
2014-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2634342593-3981813573-3578531822-1001Core.job
- c:\users\JFK\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-27 18:59]
.
2014-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2634342593-3981813573-3578531822-1001UA.job
- c:\users\JFK\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-27 18:59]
.
2014-08-12 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2011-01-22 10:11]
.
2014-03-16 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3e19ded3-544d-421c-9e5c-148012ec5f13.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2014-08-12 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 666996bc-a665-4e05-a6ed-7cb23f39b03c.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2014-08-13 c:\windows\Tasks\User_Feed_Synchronization-{1175A0CD-D8BD-4EF8-80AA-7ED728BE773B}.job
- c:\windows\system32\msfeedssync.exe [2014-07-09 03:42]
.
2014-08-13 c:\windows\Tasks\User_Feed_Synchronization-{EF3E54CE-B3BB-4EDF-B84B-61E857CBEDF6}.job
- c:\windows\system32\msfeedssync.exe [2014-07-09 03:42]
.
2014-08-09 c:\windows\Tasks\Wise Turbo Checker.job
- c:\program files\Wise\Wise Care 365\WiseTurbo.exe [2014-07-24 16:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.co.uk/
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\8ctv2k1p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - www.yahoo.co.uk
FF - ExtSQL: !HIDDEN! 2009-09-02 08:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.zonealarm.autoRvrt, false
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=b1ce0f70202b4ad997e3e874b932418d&tu=10Go800762B000s&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - ae54415f000000000000001d09233713
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15780
FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16
FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.1612:20
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1042
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN117234483140550-1042
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_05\bin\jusched.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
**************************************************************************
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2634342593-3981813573-3578531822-1000\Software\SecuROM\License information*]
"datasecu"=hex:46,6b,2b,6b,c1,ac,87,8d,77,f0,3f,00,f7,00,34,79,ce,a1,47,38,5d,
   63,e4,bb,53,15,c6,86,d4,fe,38,fe,9c,9f,1b,6e,9a,a8,3f,d3,72,84,29,37,c7,00,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Privacyware\Privatefirewall 7.0\pfsvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\System32\ASDR.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\FsUsbExService.Exe
c:\program files\Secunia\PSI\sua.exe
c:\program files\ASUS\SmartDoctor\SmartDoctor.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\windows\system32\STacSV.exe
c:\program files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Internet Explorer\IELowutil.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\Taskmgr.exe
.
**************************************************************************
.
Completion time: 2014-08-13  11:17:50 - machine was rebooted
ComboFix-quarantined-files.txt  2014-08-13 10:17
.
Pre-Run: 153,121,546,240 bytes free
Post-Run: 152,988,045,312 bytes free
.
- - End Of File - - 934FC8760338BD196135E710A17AE5B3
5C616939100B85E558DA92B899A0FC36
 
 
 
Thanks 
 
James


#13 jfkyle

jfkyle
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 13 August 2014 - 06:38 AM

Hello again,

 

 

Ran TDSS - log atttached

 

 

Only 1 action: C:\Windows\UpdReg.EXE - copied to quarantine 

 

 

Just to update you - no recent occurrences of 216 error or blue screens. It looks like the PC is booting faster too.

 

Thanks 

 

James

Attached Files



#14 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Instructor
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:54 PM

Posted 13 August 2014 - 06:05 PM

Hello again,
 
Okay, good! :)
 
Although, I must warn you...you did not properly follow my directions when running TDSSKiller. I did not instruct you to quarantine anything! You were instructed to Cure (if available), or Skip, until I've had a chance to look over the detections.

 

If more items had been found, you could have rendered your system unbootable! Please be careful to follow my instructions closely, okay?
 
====================
 
Okay, please run these for me next in the order they are given. If you are unable to do any of the steps, please stop and let me know what happened.

Step :step1:

We need to run another fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Attached File  fixlist.txt   102bytes   1 downloads
  • Run FRST.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

Step :step2:
 
I'd recommend you uninstall the following programs with Revo.

 

HijackThis is outdated and not used very often anymore, and SuperAntiSpyware is an unnecessary system resource hog.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    HijackThis 2.0.2
    SUPERAntiSpyware
  • When prompted if you want to uninstall click Yes
  • The default option is Moderate, click the Advanced option then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • If you are asked to reboot the machine to complete the uninstall, click NO!
  • Once the program has searched for leftovers click Next
  • If registry entries have been found, click the Select All button
  • This should place checkmarks in the boxes as shown in the image below
  • select-all.png
  • Click the Delete button to remove the items found
  • When prompted click on Yes and then on Next
  • If any related files or folders also found, put a check next to all, and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
  • Close the program and Reboot the computer

==========

Step :step3:

Run a Combofix Script

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy the text in the codebox below, then paste it into the empty notepad:
 

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\8ctv2k1p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

In your next reply, please include the following:

  • The fixlog.txt from FRST
  • Were you successful removing the two programs?
  • The Combofix.txt from Combofix
  • How is the machine running now?

bloopie



#15 jfkyle

jfkyle
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 14 August 2014 - 05:22 AM

Hi Bloopie

 

Comments above noted. I will carry out the latest steps today of possible.If I am to remove superantispyware what recommendations do you have for anti-virus/ real time protection / firewall please?

 

Thanks

 

James






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users