Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

When Chrome is run, fake chrome processes make it disappear


  • This topic is locked This topic is locked
8 replies to this topic

#1 buznog

buznog

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 PM

Posted 03 October 2014 - 02:31 AM

(1) istart.webssearches.com was installed on all 3 of my browsers after downloading "File downloader". It hijacked the default search engine and home page. I successfully redefined them, but since the hijack Chrome closes itself immediately after being run and, if it does stay open, does not remember the previously open tabs.

 

(2) Before installing the suspect program I had created a system restore point and also saved my registry files using ERUNT, but restoring them did not fix the problem. Malwarebytes found and removed Win tasks for "MySearchDial" and a registry key with a suspect Chrome extension - but this didn't help either.

 

(3) The problems disappear if I manually kill the numerous chrome processes found in Task Manager. But the processes and the problems with Chrome are back after the next bootup.

 

==================== DDS.TXT ========================

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.67.2
Run by Abba at 10:25:34 on 2014-10-03
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8182.4845 [GMT 3:00]
.
AV: Panda Free Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
SP: Panda Free Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\System32\svchost.exe -k LPDService
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files (x86)\Linkman\Linkman.exe
C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
C:\Util\DesktopOK\DesktopOK_x64.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Dexpot\dexpot.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Recaps\recaps.exe
C:\Users\Abba\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\WebUpdateSvc4.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\EscSvc64.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dexpot\Dexpot64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Dexpot\plugins\DexControl.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Abba\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\totalcmd\TOTALCMD64.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyOverride = localhost;*.l
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {ad708c09-d51b-45b3-9d28-4eba2681febf} - <orphaned>
mWinlogon: Userinit = c:\windows\syswow64\userinit.exe,
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {54B02808-B60E-44CD-A72D-9865117E4E62} - <orphaned>
BHO: AGFormHelperObj Class: {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\Program Files (x86)\agat\AGForm\AGFormsHelper.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: &Linkman: {5C9DCA26-CEC4-4280-A831-D622D4DBF113} - C:\Program Files (x86)\Linkman\LinkmanCom.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: AGForms Toolbar: {8fe28f46-37ad-47b2-8258-34c128636ace} -
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
EB: {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - <orphaned>
uRun: [NetworkIndicator] C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe
uRun: [Linkman] C:\Program Files (x86)\Linkman\Linkman.exe
uRun: [ISUSPM] :C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [HydraVisionDesktopManager] :"C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [hddled.exe] :
uRun: [Google Update] :"C:\Users\Abba\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DriverMax_RESTART] :
uRun: [DriverMax] :
uRun: [DesktopOK] "C:\Util\DesktopOK\DesktopOK_x64.exe"  -bg -startup
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [Dexpot] C:\Program Files (x86)\Dexpot\dexpot.exe
uRun: [Copernic Desktop Search 4] "C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe" /tray
uRun: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIILE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-205 207 Series"
mRun: [VirtualCloneDrive] :"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [UpdatePDRShortCut] :"C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
mRun: [TrueImageMonitor.exe] :C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [StartCCC] :"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RUSB3MON] :"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"
mRun: [QuickTime Task] :"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [LifeCam] :"C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [iTunesHelper] :"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [HP Software Update] :C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] :"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [AcronisTimounterMonitor] :C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
mRun: [Acrobat Assistant 8.0] :"C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [DivXMediaServer] :C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] :"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
StartupFolder: C:\Users\Abba\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Abba\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Abba\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\Abba\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\~DISAB~1\DESKTO~1.LNK - C:\Util\DesktopOK\DesktopOK_x64.exe
StartupFolder: C:\Users\Abba\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\~DISAB~1\GMAILN~1.LNK - C:\Util\Gmail_Notifier_Plus\Gmail Notifier Plus.exe
StartupFolder: C:\Users\Abba\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\~DISAB~1\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\Users\Abba\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\~DISAB~1\MOZILL~1.LNK - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StartupFolder: C:\Users\Abba\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\~DISAB~1\PALMON~1.LNK - C:\Program Files (x86)\palmOne\register.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files\CrashPlan\CrashPlanTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Recaps.lnk - C:\Program Files (x86)\Recaps\recaps.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\~DISAB~1\GLADIN~1.LNK - C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\GladLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\~DISAB~1\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\~DISAB~1\HOTSYN~1.LNK - C:\Program Files (x86)\palmOne\Hotsync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\~DISAB~1\O&ODEF~1.LNK - C:\Windows\Installer\{07D8F982-2B93-4805-B15D-7569023A394D}\DefragIcon.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: >Search in Linkman - C:\Users\Abba\Documents\Linkman\iescript_search.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Add to Linkman - C:\Users\Abba\Documents\Linkman\iescript_add.htm
IE: Add to Linkman (all tabs) - C:\Users\Abba\Documents\Linkman\iescript_addall.htm
IE: Add to Linkman and Edit - C:\Users\Abba\Documents\Linkman\iescript_edit.htm
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Save Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Show Linkman - C:\Users\Abba\Documents\Linkman\iescript_show.htm
IE: Show RoboForm Toolbar - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://samba.huji.ac.il/+CSCOL+/csvrloader32.cab
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://samba.huji.ac.il/CACHE/stc/6/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD18DD5E-B398-452A-B22A-B54636BA9F0D} - hxxp://www.pictor.co.il/site/Upload/ImageUploader2.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{01DF9570-7AD1-491E-BA09-D35AD38FBB8D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4CFAE9AA-3B9A-43DD-808A-0D44B0A35DDA} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{56ABDB26-95D7-4702-AB29-DFB135EEBFE3} : DHCPNameServer = 213.248.76.210 213.248.100.54
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Run: [StartupDelayer] :"C:\Program Files\Startup Delayer\Startup Launcher.exe" /LaunchType=Auto /LaunchApps=Common
x64-Run: [Skytel] :C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [RtHDVCpl] :C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Acronis Scheduler2 Service] :"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [LangOver] :C:\Program Files (x86)\LangOver\LangOver.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 validation.sls.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Abba\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Abba restrored from old PC\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxps://picasaweb.google.com/lh/myphotos?noredirect=1
FF - prefs.js: keyword.URL - hxxps://es.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll
FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: C:\Users\Abba\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\Abba\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\Abba\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Abba\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-5-6 36960]
R0 hotcore3;hc3ServiceName;C:\Windows\System32\drivers\hotcore3.sys [2010-9-27 37392]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2014-7-29 56336]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2012-4-26 1263200]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2014-3-25 54984]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Program Files\HWiNFO64\HWiNFO64A.SYS [2012-4-23 30592]
R1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2014-6-4 96800]
R1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2014-6-18 162336]
R1 NNSHTTPS;NNSHTTPS;C:\Windows\System32\drivers\NNSHttps.sys [2014-6-4 112160]
R1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2014-6-4 115232]
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\Windows\System32\drivers\NNSNAHSL.sys [2014-1-16 46336]
R1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2014-6-4 95776]
R1 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2014-6-4 70176]
R1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2014-6-4 125984]
R1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2014-6-4 306720]
R1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2014-6-4 169504]
R1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2014-6-4 115744]
R1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2014-6-4 261152]
R1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2014-6-4 109088]
R1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2014-7-24 195616]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AdobeActiveFileMonitor12.0;Adobe Active File Monitor V12;C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [2013-9-3 181152]
R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-10-17 3975088]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]
R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2011-3-16 222720]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2014-9-6 151648]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2012-12-3 135824]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2014-3-20 925480]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2014-3-15 555304]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-12 13592]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-6-7 164520]
R2 NanoServiceMain;Panda Free Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [2014-7-24 141560]
R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2010-6-24 65856]
R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2012-9-14 2552176]
R2 PandaAgent;Panda Devices Agent;C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2014-7-23 61688]
R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2014-7-24 160800]
R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2014-7-24 120352]
R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2014-7-24 122400]
R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2014-7-24 132128]
R2 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2014-7-24 106016]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [2014-7-24 38136]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2012-8-6 301760]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-12-13 560528]
R2 WebUpdate4;Web Update Wizard Service V4;C:\Windows\SysWOW64\WebUpdateSvc4.exe [2007-6-25 229592]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2011-2-10 330416]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
R3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2014-10-3 60400]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2014-3-19 42184]
S2 !SASCORE;SAS Core Service;"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" --> C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-1-13 112496]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 EfiVariable;Efi Variable Service;C:\Windows\SysWOW64\drivers\variable64.sys [2012-5-18 18200]
S3 GladFileMonSvc;GladFileMonSvc;C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe [2012-2-10 29552]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-26 111616]
S3 iumsvc;Intel® Update Manager;C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-2-28 174368]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2010-2-24 726816]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-14 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-10-17 31800]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2010-7-24 52736]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);C:\Windows\System32\drivers\rusb3hub.sys [2012-8-27 114568]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);C:\Windows\System32\drivers\rusb3xhc.sys [2012-8-27 230280]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-12-14 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2011-10-3 16384]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-9 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\Program Files (x86)\JGsoft\EditPadLite\EditPadLite.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-10-03 05:04:45    60400    ----a-w-    C:\Windows\System32\drivers\PSKMAD.sys
2014-10-03 02:59:43    22752    ----a-w-    C:\Windows\System32\PCloudBroom64.exe
2014-10-02 21:23:24    --------    d-----w-    C:\ProgramData\panda_url_filtering
2014-09-20 17:01:44    --------    d-----w-    C:\Program Files (x86)\JabRef
2014-09-20 16:51:08    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-08 09:39:00    --------    d-----w-    C:\Users\Abba\AppData\Local\future_technologies
2014-09-08 09:37:49    --------    d-----w-    C:\Users\Abba\AppData\Roaming\EMG Future Technologies Inc
2014-09-05 21:21:24    10752    ----a-w-    C:\Windows\System32\E_GCINST.DLL
2014-09-05 21:21:23    120320    ----a-w-    C:\Windows\System32\E_ILMILE.DLL
2014-09-05 21:21:22    83968    ----a-w-    C:\Windows\System32\E_ID4BILE.DLL
.
==================== Find3M  ====================
.
2014-10-03 06:41:09    119512    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-27 11:38:12    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-27 11:38:12    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-24 18:24:04    132128    ----a-w-    C:\Windows\System32\drivers\PSINProt.sys
2014-07-24 18:24:04    106016    ----a-w-    C:\Windows\System32\drivers\PSINReg.sys
2014-07-24 18:24:03    195616    ----a-w-    C:\Windows\System32\drivers\PSINKNC.sys
2014-07-24 18:24:03    122400    ----a-w-    C:\Windows\System32\drivers\PSINProc.sys
2014-07-24 18:24:03    120352    ----a-w-    C:\Windows\System32\drivers\PSINFile.sys
2014-07-24 18:24:02    160800    ----a-w-    C:\Windows\System32\drivers\PSINAflt.sys
.
============= FINISH: 10:25:51.05 ===============
 

 

Attached File  Attach.txt   21.33KB   0 downloads



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:38 AM

Posted 03 October 2014 - 04:36 PM

Hello buznog,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.

     

    1.

    Please download AdwCleaner by Xplode and save to your Desktop.

    • Double click on AdwCleaner.exe to run the tool .
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer.
    • After the scan has finished...
    • Click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

     

    2.

    Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

    Please download Junkware Removal Tool to your desktop.

     

    • shut down your protection software now to avoid potential conflicts.
    • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
      the tool will open and start scanning your system
    • please be patient as this can take a while to complete depending on your system's specifications
    • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
    • post the contents of JRT.txt into your next Reply.

     

    3.

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:38 AM

Posted 05 October 2014 - 12:53 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 buznog

buznog
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 PM

Posted 05 October 2014 - 02:19 PM

Hi fireman4it 

 

I am eager to get your help. I didn't see your message until now because the notification wasn't delivered to my primary inbox. I have fixed this in gmail and will report back to you on the results of the tests you suggested in another few hours.

 

buznog



#5 buznog

buznog
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 PM

Posted 05 October 2014 - 05:22 PM

Ok fireman4it , have done the three scans. Am pasting the results below. Thanks a lot for your patience!

Buznog

 

========================================================

AdwCleaner[S0].txt 

 

 

# AdwCleaner v3.311 - Report created 05/10/2014 at 23:22:38
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Abba - ABBAWIN64
# Running from : C:\Dropbox\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : hshld
[#] Service Deleted : hsstrayservice
Service Deleted : hsswd
 
***** [ Files / Folders ] *****
 
[/!\] Not Deleted ( Junction ) : C:\Util
Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\hotspot shield
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Deleted : C:\Program Files (x86)\hotspot shield
Folder Deleted : C:\Windows\SysWOW64\hotspot shield
Folder Deleted : C:\Users\Abba\AppData\LocalLow\Conduit
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : DigitalSite
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\robotaskbaricon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\robotaskbaricon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\hotspotshield
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\hotspotshield
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
 
[ File : C:\Users\Abba\AppData\Roaming\Mozilla\Firefox\Profiles\91bsqbp5.default\prefs.js ]
 
 
[ File : C:\Users\Abba\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Abba restrored from old PC\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Download Energy Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&SearchSource=3&q={searchTerms}");
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Abba\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AyD0AyEyEyCtCtD0C0Azz0FtN0D0Tzu0CyCyBzztN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=571825459&ir=
Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1412089000&from=exp&uid=WDCXWD5000AAKS-00A7B2_WD-WCASYD07414174141&q={searchTerms}
Deleted [Search Provider] : hxxp://www.vew.hu-berlin.de/search?SearchableText={searchTerms}&x=0&y=0
 
[ File : C:\Users\Abba2\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AyD0AyEyEyCtCtD0C0Azz0FtN0D0Tzu0CyCyBzztN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=571825459&ir=
Deleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff
Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
 
*************************
 
AdwCleaner[R0].txt - [7936 octets] - [05/10/2014 22:53:23]
AdwCleaner[R1].txt - [8489 octets] - [05/10/2014 23:21:41]
AdwCleaner[S0].txt - [8260 octets] - [05/10/2014 23:22:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8320 octets] ##########
 

========================================================

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.0 (10.05.2014:1)
OS: Windows 7 Professional x64
Ran by Abba on 06-Oct-14 at  0:29:20.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\GTaskMMC_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\GTaskMMC_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\FreeVoipDeal_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\FreeVoipDeal_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r420-n-bc_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r420-n-bc_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\GTaskMMC_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\GTaskMMC_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\FreeVoipDeal_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\FreeVoipDeal_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r420-n-bc_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r420-n-bc_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{90128774-E444-43AE-9716-1D985203ECEF}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54B02808-B60E-44CD-A72D-9865117E4E62}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{54B02808-B60E-44CD-A72D-9865117E4E62}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54B02808-B60E-44CD-A72D-9865117E4E62}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{54B02808-B60E-44CD-A72D-9865117E4E62}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\wininit.ini"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Abba\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Abba\AppData\Roaming\thinstall"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Abba\appdata\local\{49ADF131-A8B3-4ED4-B36B-EA6D4532868D}
Successfully deleted: [Empty Folder] C:\Users\Abba\appdata\local\{585DCCCF-0445-4C8F-8D1A-6772C6F3BB9F}
Successfully deleted: [Empty Folder] C:\Users\Abba\appdata\local\{59A882C5-BD85-4884-B893-7B479A3F5E3B}
Successfully deleted: [Empty Folder] C:\Users\Abba\appdata\local\{7AEA7DDF-DC35-4B69-A2E9-A6DF30BAE082}
Successfully deleted: [Empty Folder] C:\Users\Abba\appdata\local\{B8C15C00-50E2-4D22-820E-25C0BF40046C}
Successfully deleted: [Empty Folder] C:\Users\Abba\appdata\local\{C8999DB1-605D-4199-A66E-93E87F0AD35A}
Successfully deleted: [Empty Folder] C:\Users\Abba\appdata\local\{C9FE8E62-34DA-4229-BEA4-26D59265D6C4}
Successfully deleted: [Empty Folder] C:\Users\Abba\appdata\local\{D21A292A-74E8-4E5B-807D-0B5943ED2C8E}
Successfully deleted: [Empty Folder] C:\Users\Abba\appdata\local\{D5CAE9C1-1B15-483D-9591-FCE41AF4CD07}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06-Oct-14 at  0:32:56.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

========================================================

FRST.txt 

 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-10-2014
Ran by Abba (administrator) on ABBAWIN64 on 06-10-2014 00:34:59
Running from C:\0\Malware
Loaded Profile: Abba (Available profiles: Abba & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(ITSamples.com) C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe
(Outertech) C:\Program Files (x86)\Linkman\Linkman.exe
(Nenad Hrg SoftwareOK) F:\Util\DesktopOK\DesktopOK_x64.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Dexpot GbR) C:\Program Files (x86)\Dexpot\dexpot.exe
(Copernic, a division of N. Harris Copernic Systems) C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
() C:\Program Files (x86)\Recaps\recaps.exe
(Dropbox, Inc.) C:\Users\Abba\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Dexpot GbR) C:\Program Files (x86)\Dexpot\Dexpot64.exe
(Dexpot GbR) C:\Program Files (x86)\Dexpot\plugins\DexControl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Ghisler Software GmbH) C:\Program Files (x86)\totalcmd\TOTALCMD64.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
(Farbar) C:\0\Malware\FRST64 - farbar.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-04-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7743008 2009-04-27] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [390712 2010-08-21] (Acronis)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5459136 2010-08-21] (Acronis)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => :C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-13] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-07-24] (Panda Security, S.L.)
HKU\S-1-5-21-999577583-1692504744-3742257365-1000\...\Run: [NetworkIndicator] => C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe [192512 2010-06-30] (ITSamples.com)
HKU\S-1-5-21-999577583-1692504744-3742257365-1000\...\Run: [Linkman] => C:\Program Files (x86)\Linkman\Linkman.exe [1498488 2012-09-29] (Outertech)
HKU\S-1-5-21-999577583-1692504744-3742257365-1000\...\Run: [ISUSPM] => :C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-999577583-1692504744-3742257365-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-10-01] (AMD)
HKU\S-1-5-21-999577583-1692504744-3742257365-1000\...\Run: [Google Update] => C:\Users\Abba\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-03-04] (Google Inc.)
HKU\S-1-5-21-999577583-1692504744-3742257365-1000\...\Run: [DesktopOK] => C:\Util\DesktopOK\DesktopOK_x64.exe [374784 2012-05-05] (Nenad Hrg SoftwareOK)
HKU\S-1-5-21-999577583-1692504744-3742257365-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-03-11] (Siber Systems)
HKU\S-1-5-21-999577583-1692504744-3742257365-1000\...\Run: [Dexpot] => C:\Program Files (x86)\Dexpot\dexpot.exe [1841232 2013-09-20] (Dexpot GbR)
HKU\S-1-5-21-999577583-1692504744-3742257365-1000\...\Run: [Copernic Desktop Search 4] => C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe [1871936 2014-06-12] (Copernic, a division of N. Harris Copernic Systems)
HKU\S-1-5-21-999577583-1692504744-3742257365-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-999577583-1692504744-3742257365-1000\...\Policies\Explorer: [NoStartMenuMorePrograms] 0
Startup: C:\Users\Abba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Abba\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Abba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Abba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Recaps.lnk
ShortcutTarget: Recaps.lnk -> C:\Program Files (x86)\Recaps\recaps.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled ()
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
BootExecute: autocheck autochk * OODBSPCloudBroom64.exe \systemroot\system32\BroomData.bit
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/iat/us_il.aspx
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC7036728C71DCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: HKCU - (No Name) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - No File
SearchScopes: HKCU - {42C5D98E-CFCC-4CED-8873-54958BEEA8BA} URL = https://es.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKCU - {764E319D-E361-4E21-9A3E-CB12DD9E8CDC} URL = http://es.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AGFormHelperObj Class -> {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} -> C:\Program Files (x86)\agat\AGForm\AGFormsHelper.dll (Agat software solutions)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - &Linkman - {5C9DCA26-CEC4-4280-A831-D622D4DBF113} - C:\Program Files (x86)\Linkman\LinkmanCom.dll (Outertech)
Toolbar: HKLM-x32 - No Name - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} -  No File
Toolbar: HKLM-x32 - AGForms Toolbar - {8fe28f46-37ad-47b2-8258-34c128636ace} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKCU - No Name - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} -  No File
DPF: HKLM-x32 {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://samba.huji.ac.il/+CSCOL+/csvrloader32.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://samba.huji.ac.il/CACHE/stc/6/binaries/vpnweb.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {FD18DD5E-B398-452A-B22A-B54636BA9F0D} http://www.pictor.co.il/site/Upload/ImageUploader2.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Abba\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Abba restrored from old PC
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Photosynth,version=2.0 -> C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Abba\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Abba\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Abba\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Abba\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin8.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Abba\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Abba\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Abba\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Abba\AppData\Roaming\Mozilla\Firefox\Profiles\91bsqbp5.default\searchplugins\yahoo_ff.xml
FF Extension: FEBE - C:\Users\Abba\AppData\Roaming\Mozilla\Firefox\Profiles\91bsqbp5.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2010-07-12]
FF Extension: LinkmanFox - C:\Users\Abba\AppData\Roaming\Mozilla\Firefox\Profiles\91bsqbp5.default\Extensions\LinkmanFox.xpi [2010-05-18]
FF Extension: No Name - C:\Users\Abba\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Abba restrored from old PC\Extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}-trash [2010-07-12]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-27]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-09-27]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-09-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-07-08]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-03-11]
FF HKCU\...\Firefox\Extensions: [{E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}] - C:\Program Files (x86)\Copernic Desktop Search - Home\Firefox36Connector
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKCU\...\Firefox\Extensions: [{b9aa91db-385d-4c69-8a2f-96790aa9405b}] - c:\program files (x86)\copernic\desktopsearch4\firefoxconnector
FF Extension: Copernic Desktop Search - Search Firefox content - c:\program files (x86)\copernic\desktopsearch4\firefoxconnector [2014-07-31]
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Abba\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin8.dll (Apple Inc.)
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Abba\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (EagleGet32) - C:\Program Files (x86)\EagleGet\npEagleget.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Photosynth) - C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll ()
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Google Update) - C:\Users\Abba\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Abba\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Abba\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
CHR Profile: C:\Users\Abba\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Abba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-03]
CHR Extension: (Google Drive) - C:\Users\Abba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Abba\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Abba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-03]
CHR Extension: (Google Search) - C:\Users\Abba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-03]
CHR Extension: (Session Buddy) - C:\Users\Abba\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-09-30]
CHR Extension: (Gmail Offline) - C:\Users\Abba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-03-11]
CHR Extension: (Readium) - C:\Users\Abba\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2014-08-01]
CHR Extension: (Email Print Page Cleaner) - C:\Users\Abba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcdmmaobjagbplobejomeefggahclkf [2014-10-05]
CHR Extension: (Google Wallet) - C:\Users\Abba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Abba\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2014-09-30]
CHR Extension: (Linkman) - C:\Users\Abba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pchnedaeogijkjjkjigbijhbcanbdjkc [2014-03-11]
CHR Extension: (Gmail) - C:\Users\Abba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-03]
CHR Extension: (RoboForm) - C:\Users\Abba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-03-11]
CHR HKCU\...\Chrome\Extension: [cnnbdaahphjgdgfhliignpepgnbnfomp] - c:\program files (x86)\copernic\desktopsearch4\ChromeConnector\ChromeConnector.crx [2014-06-12]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2011-03-16] (CrashPlan) [File not signed]
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [141560 2014-07-24] (Panda Security, S.L.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-04-07] (Hewlett-Packard) [File not signed]
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2552176 2012-09-14] (O&O Software GmbH)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [61688 2014-07-23] (Panda Security, S.L.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-04-07] (Hewlett-Packard) [File not signed]
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-07-24] (Panda Security, S.L.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [301760 2012-08-06] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2008-11-25] ()
S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WebUpdate4; C:\Windows\SysWOW64\WebUpdateSvc4.exe [229592 2007-06-25] (Data Perceptions / PowerProgrammer)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [36960 2011-05-06] (Asmedia Technology)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
S3 CrystalSysInfo; C:\Program Files\MediaCoder\SysInfoX64.sys [18128 2007-09-25] ()
S3 EfiVariable; C:\Windows\SysWOW64\Drivers\variable64.sys [18200 2010-10-28] (Windows ® Server 2003 DDK provider)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2010-01-17] (Paragon Software Group)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [54984 2014-03-19] (AnchorFree Inc.)
R1 HWiNFO32; C:\Program Files\HWiNFO64\HWiNFO64A.SYS [30592 2012-02-07] (REALiX™)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-03-26] (Apple Inc.) [File not signed]
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [160800 2014-07-24] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [120352 2014-07-24] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [106016 2014-07-24] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [52736 2009-07-23] (Realtek Semiconductor Corporation                           )
S3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
S3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2011-05-02] () [File not signed]
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-03-19] (Anchorfree Inc.)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [48144 2010-01-17] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [158736 2010-01-17] (Paragon)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc.)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP4\WNt500x64\Sandra.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-06 00:34 - 2014-10-06 00:35 - 00000000 ____D () C:\FRST
2014-10-06 00:32 - 2014-10-06 00:32 - 00003946 _____ () C:\Users\Abba\Desktop\JRT.txt
2014-10-06 00:29 - 2014-10-06 00:29 - 00000000 ____D () C:\Windows\ERUNT
2014-10-05 23:18 - 2014-10-05 23:18 - 00019803 _____ () C:\Users\Abba\Downloads\percent income support.xlsx
2014-10-05 22:53 - 2014-10-05 23:23 - 00000000 ____D () C:\AdwCleaner
2014-10-05 22:53 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-05 20:30 - 2014-10-05 20:30 - 00091243 _____ () C:\Users\Abba\Downloads\Assaf+Yossi positionality paper.zip
2014-10-05 17:07 - 2014-10-05 23:18 - 00010239 _____ () C:\Users\Abba\Downloads\MS need & eligibility indicators.xlsx
2014-10-05 15:14 - 2014-10-05 15:21 - 01022111 _____ () C:\Users\Abba\Downloads\Jerusalem apartment search map.pptx
2014-10-05 14:09 - 2014-10-05 14:10 - 00000000 ____D () C:\Program Files (x86)\SysTools EML Viewer
2014-10-05 14:09 - 2014-10-05 14:09 - 00001109 _____ () C:\Users\Public\Desktop\EML Viewer.lnk
2014-10-05 14:09 - 2014-10-05 14:09 - 00000000 ____D () C:\Users\Abba\AppData\Roaming\CDTPL
2014-10-05 14:09 - 2014-10-05 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EML Viewer
2014-10-05 14:09 - 2014-10-05 14:09 - 00000000 ____D () C:\ProgramData\CDTPL
2014-10-05 09:09 - 2014-10-05 09:09 - 00319106 _____ () C:\Users\Abba\Downloads\rehome.zip
2014-10-04 18:30 - 2014-10-04 18:30 - 00167317 _____ () C:\Users\Abba\Downloads\last try regressions + AL new charts +MS v2 + AL.xlsx
2014-10-04 18:13 - 2014-10-04 18:13 - 00010421 _____ () C:\Users\Abba\Downloads\Loyalty benefits and who pays them.xlsx
2014-10-04 14:50 - 2014-10-04 14:50 - 00001502 _____ () C:\Users\Abba\Desktop\Chrome malware.lnk
2014-10-04 13:12 - 2014-10-04 13:12 - 00001024 _____ () C:\Users\Abba\Desktop\Audacity sound editor.lnk
2014-10-04 13:09 - 2014-10-04 13:09 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-04 13:09 - 2014-10-04 13:09 - 00000827 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-04 12:49 - 2014-10-04 12:49 - 00002514 _____ () C:\Users\Abba\Desktop\Nero Express.lnk
2014-10-04 09:41 - 2014-10-04 09:41 - 00096717 _____ () C:\Users\Abba\Downloads\benefit plans regressions +MS + AL +MS + AL2 +MS 22.09 + inc 3.10.xlsx
2014-10-03 23:25 - 2014-10-03 23:30 - 00000000 ____D () C:\Users\Abba\Desktop\Nexus Pix
2014-10-03 22:38 - 2014-10-03 23:20 - 00174517 _____ () C:\Users\Abba\Downloads\last try regressions + AL new charts +MS v2.xlsx
2014-10-03 22:20 - 2014-10-03 22:20 - 00154716 _____ () C:\Users\Abba\Downloads\last try regressions + AL new charts +MS +AL.xlsx
2014-10-03 16:50 - 2014-10-03 16:50 - 00161671 _____ () C:\Users\Abba\Downloads\last try regressions + AL new charts +MS.xlsx
2014-10-03 14:29 - 2014-10-03 14:29 - 00005534 _____ () C:\Users\Abba\Downloads\Word Customizations desktop 3.10.14.exportedUI
2014-10-03 10:41 - 2014-10-03 16:20 - 00161671 _____ () C:\Users\Abba\Downloads\last try regressions MS3 +AL fixes cmts +MS v3 + AL new charts.xlsx
2014-10-03 10:41 - 2014-10-03 10:41 - 00074858 _____ () C:\Users\Abba\Downloads\gov support regressions.xlsx
2014-10-03 10:26 - 2014-10-03 10:26 - 00021840 _____ () C:\Users\Abba\Downloads\Attach.txt
2014-10-03 10:00 - 2014-10-03 10:26 - 00034729 _____ () C:\Users\Abba\Downloads\DDS.txt
2014-10-03 09:59 - 2014-10-03 09:59 - 00688992 ____R (Swearware) C:\Users\Abba\Downloads\dds.com
2014-10-03 08:04 - 2014-03-25 16:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-10-03 05:59 - 2014-10-03 05:59 - 00013026 _____ () C:\Windows\SysWOW64\BroomData.bit
2014-10-03 05:59 - 2013-04-08 16:30 - 00022752 _____ () C:\Windows\system32\PCloudBroom64.exe
2014-10-03 00:29 - 2014-10-03 00:29 - 00001287 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-10-03 00:29 - 2014-10-03 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-10-03 00:23 - 2014-10-03 00:23 - 00000000 ____D () C:\ProgramData\panda_url_filtering
2014-10-03 00:22 - 2014-10-03 00:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2014-10-03 00:15 - 2014-10-03 00:15 - 01329312 _____ () C:\Users\Abba\Downloads\PANDAFREEAV.exe
2014-09-30 19:01 - 2014-09-30 19:01 - 00000000 ____D () C:\Users\Abba\Desktop\Old Firefox Data
2014-09-30 15:52 - 2014-09-30 15:55 - 00022877 _____ () C:\Users\Abba\Downloads\Leumi card Jan-Spet 2014.xlsx
2014-09-27 16:22 - 2014-09-27 16:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-27 15:59 - 2014-09-27 15:59 - 01476894 _____ () C:\Users\Abba\Downloads\Why was Mum born so beautiful.mov
2014-09-22 13:15 - 2014-09-22 13:15 - 00044370 _____ () C:\Users\Abba\Downloads\benefit plans regressions +MS + AL +MS + AL2.xlsx
2014-09-22 08:37 - 2014-04-30 15:32 - 03721616 _____ (Ghisler Software GmbH) C:\Users\Abba\Downloads\tcm851ax32.exe
2014-09-20 20:50 - 2012-04-02 03:13 - 00007966 _____ () C:\Users\Abba\Downloads\Friday afternoon - michael.shalev@gmail.com - Gmailnoon - michael.shalev@gmail.com - Gmail
2014-09-20 20:01 - 2014-09-20 20:01 - 00001854 _____ () C:\Users\Public\Desktop\JabRef 2.10.lnk
2014-09-20 20:01 - 2014-09-20 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JabRef
2014-09-20 20:01 - 2014-09-20 20:01 - 00000000 ____D () C:\Program Files (x86)\JabRef
2014-09-20 19:51 - 2014-09-20 19:51 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-20 19:51 - 2014-09-20 19:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-20 19:51 - 2014-09-20 19:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-20 19:51 - 2014-09-20 19:51 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-20 19:51 - 2014-09-20 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-20 19:50 - 2014-07-28 08:15 - 00918440 _____ (Oracle Corporation) C:\Users\Abba\Downloads\JSC.exe
2014-09-20 19:39 - 2014-09-20 19:39 - 00027709 _____ () C:\Users\Abba\Downloads\EN test.xml
2014-09-20 16:28 - 2014-09-20 16:28 - 05407278 _____ (EagleGet ) C:\Users\Abba\Downloads\eagleget_2.0.1.6.exe
2014-09-19 17:17 - 2014-09-19 17:17 - 00000277 _____ () C:\Users\Abba\Downloads\scholar (4).enw
2014-09-19 17:15 - 2014-09-19 17:15 - 00001205 _____ () C:\Users\Abba\Downloads\endnote-citations.enw
2014-09-19 10:35 - 2014-09-19 10:37 - 00006570 _____ () C:\Users\Abba\Downloads\Excel Customizations Desktop 19.09.14.exportedUI
2014-09-08 12:51 - 2014-09-08 12:51 - 00099049 _____ () C:\Users\Abba\Downloads\VMessage.wav
2014-09-08 12:39 - 2014-09-08 12:39 - 00000000 ____D () C:\Users\Abba\AppData\Local\future_technologies
2014-09-08 12:37 - 2014-09-08 12:53 - 00000000 ____D () C:\Users\Abba\AppData\Roaming\EMG Future Technologies Inc
2014-09-08 12:37 - 2014-09-08 12:37 - 00933888 _____ () C:\Users\Abba\Downloads\vmailsetup.msi
2014-09-06 01:39 - 2014-09-06 01:39 - 00001191 _____ () C:\Users\Abba\Desktop\EPSON XP-205 207 Series.lnk
2014-09-06 00:22 - 2014-09-06 00:22 - 00002426 _____ () C:\Users\Public\Desktop\User's Guide EPSON XP-205 207 Series.lnk
2014-09-06 00:21 - 2011-04-20 03:03 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMILE.DLL
2014-09-06 00:21 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BILE.DLL
2014-09-06 00:21 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-06 00:27 - 2013-05-21 16:33 - 00000000 ____D () C:\0
2014-10-06 00:13 - 2011-01-24 01:02 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-05 23:47 - 2012-03-04 23:13 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-999577583-1692504744-3742257365-1000UA.job
2014-10-05 23:38 - 2013-05-07 18:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-05 23:31 - 2009-07-14 07:45 - 00025552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-05 23:31 - 2009-07-14 07:45 - 00025552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-05 23:29 - 2009-07-14 08:13 - 00872082 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-05 23:28 - 2010-07-07 13:45 - 01647700 _____ () C:\Windows\WindowsUpdate.log
2014-10-05 23:24 - 2012-11-27 21:06 - 00567004 _____ () C:\Windows\system32\oodbs.lor
2014-10-05 23:24 - 2012-04-25 19:55 - 00000000 ____D () C:\Users\Abba\AppData\Roaming\Dropbox
2014-10-05 23:24 - 2011-01-24 01:02 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-05 23:24 - 2010-07-10 00:26 - 00000000 ___RD () C:\Dropbox
2014-10-05 23:24 - 2010-07-09 12:59 - 00462730 _____ () C:\Windows\PFRO.log
2014-10-05 23:24 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-05 23:24 - 2009-07-14 07:51 - 00261534 _____ () C:\Windows\setupact.log
2014-10-05 23:18 - 2010-10-05 22:21 - 00000000 ____D () C:\Users\Abba\AppData\Roaming\Skype
2014-10-05 14:13 - 2013-10-02 23:07 - 00000000 ____D () C:\Users\Abba\Documents\Outlook Files
2014-10-05 09:21 - 2012-03-04 23:13 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-999577583-1692504744-3742257365-1000Core.job
2014-10-05 02:00 - 2010-09-06 16:30 - 00000000 ____D () C:\Users\Abba\AppData\Local\Adobe
2014-10-04 14:44 - 2011-09-27 21:11 - 00143864 _____ () C:\Users\Abba\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-04 14:43 - 2010-09-06 20:38 - 00000000 ____D () C:\Windows\pss
2014-10-04 14:42 - 2009-07-14 07:45 - 03577904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-04 14:23 - 2010-07-20 09:14 - 00000000 ____D () C:\Windows\Minidump
2014-10-04 14:16 - 2011-02-07 10:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-04 13:55 - 2010-07-07 13:46 - 00000000 ____D () C:\Users\Abba
2014-10-04 13:54 - 2013-09-16 20:46 - 00000000 ____D () C:\Users\Abba\Documents\Linkman
2014-10-04 13:54 - 2013-07-02 17:01 - 00000000 ____D () C:\Users\Abba2
2014-10-04 13:54 - 2011-10-05 14:22 - 00000000 ____D () C:\Users\DefaultAppPool
2014-10-04 13:54 - 2010-07-07 16:52 - 00000000 ____D () C:\Program Files (x86)\totalcmd
2014-10-04 13:54 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\registration
2014-10-04 13:41 - 2009-07-14 06:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-04 13:40 - 2013-10-04 14:41 - 00000000 ____D () C:\ProgramData\r2 Studios
2014-10-04 13:39 - 2010-07-07 14:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-04 13:38 - 2010-07-12 09:10 - 00172548 _____ () C:\Windows\DPINST.LOG
2014-10-04 13:35 - 2010-07-12 09:10 - 00000000 ____D () C:\Program Files (x86)\Nokia
2014-10-04 13:35 - 2010-07-12 09:09 - 00000000 ____D () C:\ProgramData\Installations
2014-10-04 13:34 - 2010-09-27 16:48 - 00000000 ____D () C:\Program Files (x86)\nLite
2014-10-04 13:24 - 2010-07-10 00:21 - 00000000 ____D () C:\Program Files (x86)\LatentGOLD4.5
2014-10-04 13:19 - 2010-09-03 14:21 - 00000000 ____D () C:\Users\Abba\AppData\Roaming\ImTOO
2014-10-04 13:18 - 2011-02-14 20:41 - 00000000 ____D () C:\Program Files (x86)\HP
2014-10-04 13:17 - 2012-07-16 12:50 - 00000000 ____D () C:\Users\Abba\AppData\Roaming\gnokii
2014-10-04 13:16 - 2012-05-03 02:55 - 00000000 ____D () C:\Users\Abba\AppData\Local\eMule
2014-10-04 13:16 - 2011-04-23 22:28 - 00000000 ____D () C:\ProgramData\eMule
2014-10-04 13:15 - 2011-07-16 13:28 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-10-04 13:12 - 2013-06-30 17:49 - 00000000 ___RD () C:\Users\Abba\Desktop\MULTIMEDIA
2014-10-04 13:09 - 2011-02-07 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-04 12:44 - 2014-07-29 14:39 - 00000000 ____D () C:\Users\Abba\AppData\Roaming\DVDVideoSoft
2014-10-03 09:41 - 2014-04-27 10:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-03 09:14 - 2010-07-09 19:51 - 00000000 ____D () C:\Users\Abba\AppData\Roaming\uTorrent
2014-10-03 00:36 - 2013-07-10 13:30 - 00000000 ____D () C:\Users\Abba\AppData\Roaming\GnuPG
2014-10-03 00:29 - 2010-07-10 13:42 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-10-03 00:22 - 2010-07-10 13:43 - 00000000 ____D () C:\Users\Abba\AppData\Roaming\Panda Security
2014-10-03 00:22 - 2010-07-10 13:42 - 00000000 ____D () C:\ProgramData\Panda Security
2014-10-03 00:16 - 2012-04-23 22:53 - 00000000 ____D () C:\Windows\ERDNT
2014-09-30 20:15 - 2010-07-20 02:05 - 00007653 _____ () C:\Users\Abba\AppData\Local\Resmon.ResmonCfg
2014-09-30 19:58 - 2014-04-27 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-30 19:58 - 2014-04-27 10:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-30 19:58 - 2013-07-03 00:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-30 19:58 - 2010-07-23 21:56 - 00000000 ____D () C:\Users\Abba\AppData\Local\Google
2014-09-30 19:58 - 2010-07-14 21:17 - 00000000 ____D () C:\Users\Abba\AppData\Roaming\IrfanView
2014-09-30 18:29 - 2010-07-07 13:46 - 13107200 ___SH () C:\Users\Abba\ntuser.bak
2014-09-30 18:29 - 2009-07-14 05:34 - 95420416 _____ () C:\Windows\system32\config\software.bak
2014-09-30 18:29 - 2009-07-14 05:34 - 37486592 _____ () C:\Windows\system32\config\system.bak
2014-09-30 18:29 - 2009-07-14 05:34 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-09-30 18:29 - 2009-07-14 05:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-09-30 18:29 - 2009-07-14 05:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-09-30 17:40 - 2014-04-07 10:52 - 00001166 _____ () C:\Users\Abba\Desktop\PRIMER.lnk
2014-09-28 22:23 - 2011-05-21 00:05 - 00000000 ____D () C:\Users\Abba\AppData\Roaming\vlc
2014-09-28 08:42 - 2012-04-27 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-27 14:38 - 2013-05-07 18:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-27 14:38 - 2012-04-25 19:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-27 14:38 - 2011-05-19 09:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-26 13:46 - 2011-09-28 17:15 - 00000000 ____D () C:\Users\Abba\AppData\Local\GHISLER
2014-09-21 21:42 - 2013-04-09 11:44 - 00000000 ____D () C:\Users\Abba\Downloads\ISDC - Data Request Form_files
2014-09-20 19:53 - 2013-10-19 15:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-20 19:51 - 2011-06-09 15:42 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-18 08:06 - 2012-04-25 19:58 - 00001019 _____ () C:\Users\Abba\Desktop\Dropbox.lnk
2014-09-18 08:06 - 2012-04-25 19:56 - 00000000 ____D () C:\Users\Abba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-17 19:17 - 2014-07-29 00:46 - 00002610 _____ () C:\Users\Abba\Desktop\Duplicate File detective.dfd
2014-09-16 08:05 - 2009-07-14 08:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-06 00:21 - 2014-09-05 18:15 - 00000935 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-09-06 00:21 - 2010-09-18 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
 
Some content of TEMP:
====================
C:\Users\Abba\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp247vyq.dll
C:\Users\Abba\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\Abba\AppData\Local\Temp\Quarantine.exe
C:\Users\Abba\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Abba\AppData\Local\Temp\_isEDF5.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-03 12:55
 
==================== End Of Log ============================
 

========================================================

Addition.txt 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-10-2014
Ran by Abba at 2014-10-06 00:35:34
Running from C:\0\Malware
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Panda Free Antivirus (Disabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Disabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.5 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Acronis True Image Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.5105 - Acronis)
Active@ Partition Manager (HKLM-x32\...\{A98E3354-AD08-427C-A0AC-32221A3E6598}) (Version: 1.3.12 - LSoft Technologies Inc)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.2 - Adobe Systems)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe PDF iFilter 9 for 64-bit platforms (HKLM\...\{5EA12CF3-8162-47F6-ACAF-45AD03EFB08F}) (Version: 9.0.0 - Adobe)
Adobe Premiere Elements 12 (HKLM\...\PremElem120) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 12 (Version: 12.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{C8807716-1F6F-5C43-3C32-7295A45CF060}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.2.6.000 - Asmedia Technology)
ATI AVIVO64 Codecs (Version: 10.10.0.41001 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.745.0 - ATI Technologies) Hidden
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: version 2.0 - Auslogics Software Pty Ltd)
AutoIt v3.3.10.2 (HKLM-x32\...\AutoItv3) (Version: 3.3.10.2 - AutoIt Team)
Belarc Advisor 8.1 (HKLM-x32\...\Belarc Advisor) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05152 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05152 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Copernic Desktop Search 4 (HKLM-x32\...\CopernicDesktopSearch4) (Version: 4.1.2.5606 - Copernic)
Copernic Desktop Search 4 (x32 Version: 4.1.2.5606 - Copernic) Hidden
CrashPlan (HKLM\...\{FAF63FF7-1DB6-44D4-91C3-E9422166E8F9}) (Version: 3.0.3 - CrashPlan)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3017 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 7.0.3017 - CyberLink Corp.) Hidden
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
Defraggler (HKLM\...\Defraggler) (Version: 2.09 - Piriform)
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dexpot (HKCU\...\Dexpot) (Version: 1.6.10 - Dexpot GbR)
Download Navigator (HKLM-x32\...\{D0353B68-A142-4F89-A46E-1C9A7745D636}) (Version: 3.4.1 - SEIKO EPSON CORPORATION)
Driver Magician 3.49 (HKLM-x32\...\Driver Magician_is1) (Version:  - GoldSolution Software, Inc.)
DriverMax 5 (HKLM-x32\...\DMX5_is1) (Version: 5.7.0.800 - Innovative Solutions)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Dropbox Folder Sync addon (HKLM-x32\...\{E0B7CA7A-98B0-4EF1-87F5-FF6B02DC06A9}_is1) (Version: 2.7 - Sowrabh & Satyadeep)
Duplicate File Detective 5 (HKLM-x32\...\Duplicate File Detective 5 5.0.70) (Version: 5.0.70 - Key Metric Software)
Duplicate File Detective 5 (Version: 5.0.70 - Key Metric Software) Hidden
E-GOV.IL Sign&Verify Software - AGForm toolbar (HKLM-x32\...\{68880887-285F-4260-989B-8B22020D756F}) (Version: 13.0.1.9 - GOV.IL)
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.1.0.7705 - Thomson Reuters)
Epson Easy Photo Print 2 (HKLM-x32\...\{30E01116-5666-4807-8EF1-D80E9FF16717}) (Version: 2.3.2.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.103 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
Free MP3 Joiner 3.6.1.2 (HKLM-x32\...\Free MP3 Joiner_is1) (Version:  - FreeAudioVideoSoftTech, Inc.)
FreeUndelete (HKLM-x32\...\{A35883BD-9C83-4625-82F3-90F86728C662}) (Version: 2.0 - Recoveronix)
FreeVoipDeal (HKLM-x32\...\FreeVoipDeal_is1) (Version: 4.13 build 735 - Finarea S.A. Switzerland)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM-x32\...\{B700113B-24A8-4D4C-8484-0CC944F764C8}) (Version: 3.0.3117 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Harzing's Publish or Perish 4.6.3.5156 (HKLM\...\{5676F50B-9B69-415A-ACB5-E591BF48D282}) (Version: 4.6.3.5156 - Tarma Software Research Pty Ltd)
HotKey Detective (PC Magazine) (HKLM-x32\...\HotKey Detective_is1) (Version: 2.1 - Ziff Davis Media, Inc.)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
HWiNFO64 Version 3.95 (HKLM\...\HWiNFO64_is1) (Version: 3.95 - Martin Malík - REALiX)
HydraVision (x32 Version: 4.2.114.0 - ATI Technologies Inc.) Hidden
IBM SPSS Statistics 22 (HKLM\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.0 - IBM Corp)
Intel® Network Connections 16.1.53.0 (HKLM\...\PROSetDX) (Version: 16.1.53.0 - Intel)
Intel® Network Connections 16.1.53.0 (Version: 16.1.53.0 - Intel) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden
Intel® SSD Toolbox (HKLM-x32\...\{06D085C8-1F00-11B2-96A7-8f0CE39193ED}) (Version: 3.2.3.400 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
JabRef 2.10 (HKLM-x32\...\JabRef 2.10) (Version: 2.10 - JabRef Team)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JDVoiceMail 2.50 (HKLM-x32\...\JDVoiceMail) (Version: 2.50 - JDVoiceMail Software)
JMP 9 (HKLM-x32\...\{9DED7CDC-128A-4958-BCA2-FB9C9AA92A62}) (Version: 9.0 - SAS Institute Inc.)
JMP Profiler Core (HKLM-x32\...\{E3699351-FCC8-40C1-BB00-23E555A0E87E}) (Version: 1.0.0 - SAS Institute Inc.)
JMP Profiler GUI (HKLM-x32\...\{0BBA8AC3-ACD0-4C10-8451-0A79D14227ED}) (Version: 1.0.0 - SAS Institute Inc.)
Junction Link Magic 2.0 (HKLM\...\Junction Link Magic_is1) (Version:  - )
Just Great Software EditPad Lite 6.6.4 (HKLM-x32\...\EditPad Lite) (Version: 6.6.4 - Just Great Software)
K-Lite Codec Pack 4.0.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 4.0.0 - )
LangOver 5 (HKLM-x32\...\LangOver 5) (Version: 5.0 - LangOver.com)
LatentGOLD 5.0 (HKLM-x32\...\LatentGOLD5.0) (Version: 5.0.0.13353 - Statistical Innovations Inc.)
Linkman (HKLM-x32\...\Linkman) (Version: 8.70 - Outertech)
LockHunter 2.0 beta 2, 64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich, Ltd)
Logitech Unifying Software 2.00 (HKLM\...\Logitech Unifying) (Version: 2.00.43 - Logitech)
Macrium Reflect Free Edition (HKLM\...\{F6C6CBF2-D607-4BF1-908C-E4A948010B89}) (Version: 5.0.4908 - Paramount Software (UK) Ltd.)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MediaCoder x64 2011 (HKLM\...\MediaCoder x64) (Version: 2011 - Broad Intelligence)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Hebrew) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Hebrew) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Hebrew) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Hebrew) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2010 - Hebrew עברית (HKLM-x32\...\Office14.OMUI.he-il) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office O MUI (Hebrew) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Hebrew) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Hebrew) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Hebrew) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Arabic) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Hebrew) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Russian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Hebrew) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Hebrew) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Hebrew) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Hebrew) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (Hebrew) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Hebrew) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (Hebrew) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MP3 Cutter 1.8 (HKLM-x32\...\MP3 Cutter_is1) (Version:  - Aiv Software)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Network Activity Indicator for Windows 7 (HKLM-x32\...\NetworkIndicator_is1) (Version: 1.5 - IT Samples)
Network Guide EPSON XP-205 207 Series (HKLM-x32\...\EPSON XP-205 207 Series Netg) (Version:  - )
Nokia Multimedia Player (HKLM-x32\...\InstallShield_{4D6183C0-005C-4B1F-8261-4B0F71F1C4A5}) (Version: 5.00.5010 - Nokia)
Nokia Multimedia Player (x32 Version: 5.00.5010 - Nokia) Hidden
O&O Defrag Professional (HKLM\...\{07D8F982-2B93-4805-B15D-7569023A394D}) (Version: 16.0.139 - O&O Software GmbH)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Outlook4Gmail 2.6 (HKLM-x32\...\{6A53C42D-DCCD-46B7-9143-51071726A6F6}_is1) (Version:  - Scand Ltd.)
palmOne (HKLM-x32\...\{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}) (Version: 4.1.0420 - palmOne, Inc.)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.104 - Panda Security)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.03 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.01.0000 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Pano2exe 2.12 (HKLM-x32\...\Pano2exe) (Version:  - )
Paragon Hard Disk Manager™ 2010 Professional (HKLM\...\{1E104AF0-EA49-11DE-AC07-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDFTK Builder 3.5.3 (HKLM-x32\...\PDFTK Builder_is1) (Version:  - )
Photosynth 2.0110.317.1042 (HKLM-x32\...\{E14035D2-EE43-4C3D-AC15-1CD7B7FEC055}) (Version: 3.3.3.3 - Microsoft)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
PRE12 STI 64Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PTGui Pro 8.3.3 (HKLM-x32\...\PTGui) (Version:  - New House Internet Services B.V.)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
RAD Video Tools (HKLM-x32\...\RADVideo) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5841 - Realtek Semiconductor Corp.)
Recaps (HKLM-x32\...\Recaps_is1) (Version:  - gooli.org)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
Revo Uninstaller Pro 2.5.8 (HKLM\...\Revo Uninstaller Pro_is1) (Version: 2.5.8 - )
RoboForm 7-9-5-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-5-7 - Siber Systems)
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAS 9.2 (32) (HKLM-x32\...\{F9390B82-786C-43CF-A970-D39E23EF0366}) (Version: 9.2 - SAS Institute Inc.)
SAS Drivers for ODBC (HKLM-x32\...\{D85900D5-6E2F-45BE-944D-DFF7010A50B5}) (Version: 9.2 - SAS Institute Inc.)
SAS OnlineDoc 9.2 for Windows (HKLM-x32\...\{1D7BEDED-455C-4029-85EC-433D4C5EAAE1}) (Version: 9.2 - SAS Institute Inc.)
SAS SQL Library for C 9.2 (HKLM-x32\...\bf1457d11228156984995deaf43189b2) (Version:  - )
SAS Universal Viewer 1.0 (HKLM-x32\...\{7F110DE3-59ED-4F90-BC36-D8C96CB4BFCF}) (Version: 1.0 - SAS)
SAS XML Mapper 9.2 (HKLM-x32\...\ce2680d8fcce11da826c907caf147e85) (Version:  - )
SAS/Graph Java Applets for 9.2 (HKLM-x32\...\36ac3ae4fcc511dab0f6f685d746a93a) (Version:  - )
SAS/GRAPH NV Workshop 2.1 (HKLM-x32\...\{139EC523-67BF-4593-BB79-DD48B8C70769}) (Version: 9.2 - SAS)
SAS/GRAPH ODS Graphics Editor 9.2 (HKLM-x32\...\e0deb9bff1c91f7dfffd6ad7081cde67) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-040D-0000-0000000FF1CE}_Office14.OMUI.he-il_{687F46DC-5532-4DDE-843D-EBF8AC32AA9D}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SigmaPlot 11.0 (HKLM-x32\...\{B1A88375-BAB9-4081-B58F-A137FC6ED2A4}) (Version: 11.0 - Systat Software, Inc.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.3.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (x32 Version: 3.0.3.0 - SmartSound Software Inc) Hidden
Stat/Transfer Nine (HKLM-x32\...\Stat/Transfer) (Version: Nine - Circle Systems)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}) (Version: 4.5.5.0 - Husdawg, LLC)
SysTools EML Viewer version v3.0 (HKLM-x32\...\{37a5b3d8-a1e5-4c5b-9985-25e71d5269d5}_is1) (Version: v3.0 - SysTools Software)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.51a - Ghisler Software GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
UnicodeCSVAddin (HKCU\...\55678431C3151FCBB127E83EB655F638F556745E) (Version: 1.0.0.0 - Jaimon Mathew)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0100-040D-0000-0000000FF1CE}_Office14.OMUI.he-il_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.he-il_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.he-il_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0419-0000-0000000FF1CE}_Office14.OMUI.he-il_{E61D2005-D8F8-4C83-A08E-7E43C1D8588B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-040D-0000-0000000FF1CE}_Office14.OMUI.he-il_{0C2F1EBB-1F4D-49B5-AD10-F27181F4C6FB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-040D-0000-0000000FF1CE}_Office14.OMUI.he-il_{50B8128B-D2EA-4B8E-9B39-AB61C583F0F3}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
User's Guide EPSON XP-205 207 Series (HKLM-x32\...\EPSON XP-205 207 Series Useg) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VC90_CRT_x64 (x32 Version: 1.00.0000 - Intel Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Web Update Wizard (Redistributable) 4.0 (HKLM-x32\...\Web Update Wizard (Redistributable)) (Version: 4.0 - PowerProgrammer)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Privacy Tools (HKLM-x32\...\Windows Privacy Tools) (Version: 1.0rc2 - Windows Privacy Tools Team)
Windows Updates Downloader (HKLM-x32\...\Windows Updates Downloader) (Version: 2.50 Build 1002 - Supremus Corporation)
WinHTTrack Website Copier 3.43-9C (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.43.9 - HTTrack)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Winrar Activator version 1.2 (HKLM-x32\...\{AE0B3F2A-EB65-4D01-A3E1-6D879C6AAF2A}_is1) (Version: 1.2 - Rarlab)
WinSCP 4.2.8 (HKLM-x32\...\winscp3_is1) (Version: 4.2.8 - Martin Prikryl)
WPanorama (HKCU\...\WPanorama) (Version:  - )
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.1) (Version: 1.3.1 - Xvid Team)
XY Chart Labeler 7.1 (HKLM-x32\...\XY Chart Labeler 7.1) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-999577583-1692504744-3742257365-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Abba\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-999577583-1692504744-3742257365-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Abba\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-999577583-1692504744-3742257365-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Abba\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-999577583-1692504744-3742257365-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Abba\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-999577583-1692504744-3742257365-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Abba\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-999577583-1692504744-3742257365-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Abba\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-999577583-1692504744-3742257365-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Abba\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-999577583-1692504744-3742257365-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Abba\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-999577583-1692504744-3742257365-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Abba\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-999577583-1692504744-3742257365-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Abba\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-999577583-1692504744-3742257365-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Abba\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
04-10-2014 09:46:09 Revo Uninstaller Pro's restore point - Email Extractor
04-10-2014 10:43:26 4.10.14 before CCcleaner
04-10-2014 10:53:11 Restore Operation
04-10-2014 11:48:58 Chrome OK
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-07-29 16:49 - 2014-07-29 16:49 - 00001765 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 validation.sls.microsoft.com
127.0.0.1 activate.adobe.com
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 lmlicenses.wip4.adobe.com lm.licenses.adobe.com na1r.services.adobe.com hlrcv.stage.adobe.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {06210127-F48C-4474-9745-9054711C91FA} - System32\Tasks\Intel_C_CVCV202503AB120BGN => C:\Program Files (x86)\Intel\Intel® SSD Toolbox\Intel SSD Toolbox.exe [2014-07-17] (Intel)
Task: {178385C4-18A1-47A7-8888-374E0AE927D9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {1C874548-015D-47AA-9589-E1653545F76E} - System32\Tasks\AdobeAAMUpdater-1.0-AbbaWin64-Abba => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {1F372133-D3A6-447A-9F9B-D8DFB7D49551} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-24] (Google Inc.)
Task: {4C665AD5-B339-4752-9EA0-8733E1102F23} - System32\Tasks\{6180010F-BDF9-4B4E-B1F4-604B188C97BE} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.114/en/abandoninstall?page=tsMain
Task: {65AA4038-9DFA-42D9-8B12-ACF836F2B8F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-24] (Google Inc.)
Task: {8E813BAF-A12D-4C05-9B68-2BD6D384E1C4} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {9A3FF7D8-AD12-4328-A0D2-21D902C29D05} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {A3228483-41EA-4F07-8DE6-C7F1431482B8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-999577583-1692504744-3742257365-1000UA => C:\Users\Abba\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-04] (Google Inc.)
Task: {A3F20E53-66E8-4C88-89F2-D4175A04B146} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File <==== ATTENTION
Task: {AC3D41FB-D56E-4C4C-B157-1F577887E978} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-27] (Adobe Systems Incorporated)
Task: {B970B2D3-0765-436E-BFF1-27B25A1BF4C0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {C8DDCD17-9138-40EC-865A-9D097DE7F52F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {CCBB91EC-2749-45EE-AE0C-53CDDE36AD60} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-999577583-1692504744-3742257365-1000Core => C:\Users\Abba\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-04] (Google Inc.)
Task: {CCFB281F-AA4D-4667-BF62-91FFA6FF7D38} - System32\Tasks\{82D0708B-D93E-48A7-A122-2C8766C4E815} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain
Task: {FAE005A5-1AB6-43DC-B333-32196DFC401F} - System32\Tasks\{D17CA607-8618-41AD-BBB2-85DABECA7548} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {FD08FFD3-A401-41AF-BEFC-1018D36DEA8B} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-999577583-1692504744-3742257365-1000Core.job => C:\Users\Abba\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-999577583-1692504744-3742257365-1000UA.job => C:\Users\Abba\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-03-27 08:33 - 2012-03-27 08:33 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll
2014-02-26 23:40 - 2014-02-26 23:40 - 00230400 _____ () C:\Program Files\CrashPlan\cpnative64.dll
2014-06-23 23:01 - 2008-05-26 18:15 - 00065536 _____ () C:\Program Files (x86)\Recaps\recaps.exe
2012-08-06 15:24 - 2012-08-06 15:24 - 00301760 _____ () C:\Program Files\Macrium\Reflect\ReflectService.exe
2011-07-16 13:38 - 2008-11-25 21:59 - 00247152 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-09-05 02:17 - 2013-09-05 02:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-12-13 01:36 - 2013-12-13 01:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-04-12 20:23 - 2013-04-12 20:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2011-01-31 11:45 - 2011-01-31 11:45 - 00559244 _____ () C:\Program Files (x86)\Linkman\sqlite3.dll
2013-09-05 02:14 - 2013-09-05 02:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-06-12 11:29 - 2014-06-12 11:29 - 01563200 _____ () C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.System.RT.dll
2014-10-05 23:24 - 2014-10-05 23:24 - 00043008 _____ () c:\users\abba\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp247vyq.dll
2013-08-23 22:01 - 2013-08-23 22:01 - 25100288 _____ () C:\Users\Abba\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-18 14:21 - 2014-02-18 14:21 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll
2012-05-12 21:41 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-01-03 16:10 - 2012-01-03 16:10 - 00249232 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\sqlite.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Abba\Desktop\PCO.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\20140131_075854[1].jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Aerial view Sunday Oct 7.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Aviva video.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Closeup aerial view Sunday Oct 7.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Divest.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Facebook-20140907-013112.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\image001.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Jerusalem apartment search map Heb).jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\junk.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Lev article.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Malmo.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Manu at colosseum.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Manu+Michael at Bali's wedding SML.JPG:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\photo.JPG:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Protest chart for Jac.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Route Sunday Oct 7.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Shalevs at wedding.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Spatial political map.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\temp.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\To Copernic.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Under the Chuppah SML.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\unnamed.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Why was Mum born so beautiful.mov:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Yossi TAU financial report Feb 2014.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\הצעה לקייטרינג .jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\משפחה.jpg:com.dropbox.attributes
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Abba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Google Chrome.lnk => C:\Windows\pss\Google Chrome.lnk.Startup
MSCONFIG\startupreg: APSDaemon => :"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DivXMediaServer => :C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => :"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: DriverMax => :
MSCONFIG\startupreg: DriverMax_RESTART => :
MSCONFIG\startupreg: hddled.exe => :
MSCONFIG\startupreg: LangOver => :C:\Program Files (x86)\LangOver\LangOver.exe
MSCONFIG\startupreg: UpdatePDRShortCut => :"C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: VirtualCloneDrive => :"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
 
========================= Accounts: ==========================
 
Abba (S-1-5-21-999577583-1692504744-3742257365-1000 - Administrator - Enabled) => C:\Users\Abba
Administrator (S-1-5-21-999577583-1692504744-3742257365-500 - Administrator - Disabled)
Guest (S-1-5-21-999577583-1692504744-3742257365-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-999577583-1692504744-3742257365-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 29%
Total physical RAM: 8182.37 MB
Available physical RAM: 5753.64 MB
Total Pagefile: 19091.91 MB
Available Pagefile: 16649.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (SSD_C) (Fixed) (Total:111.79 GB) (Free:39.03 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (Big_HDD) (Fixed) (Total:931.51 GB) (Free:405.8 GB) NTFS
Drive g: (Small_HDD) (Fixed) (Total:465.75 GB) (Free:269.55 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F1B8F1B8)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7C2C89B2)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: A2CBB01A)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

 



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:38 AM

Posted 05 October 2014 - 06:18 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   12.55KB   1 downloads

 

How is the machine running after running this fix?

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 buznog

buznog
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 PM

Posted 06 October 2014 - 03:38 AM

Dear Bleepin' Fireman,

 

Thanks very much for your assistance.

 

Actually, it looks like something that I did before running the fix solved the problem with Chrome. But I decided to run the fix anyway since I saw from the fixlist that there were some things worth cleaning. However, I also saw some things that concerned me.

 

1. Before running the fix I deleted 4 lines from the fixlist that would have prevented my antivirus software (panda) from automatically running in safe mode.

 

2. I prevented my hosts file (which lists hosts I have intentionally blocked) from being altered or deleted.
 
3. The  fixlist referenced a number of harmless files (e.g. all of the graphics files in my downloads folder) which I deleted or moved before running the fix. Other files are shown in the fixlog as "moved". Where to?
 
The fixlog is pasted below. 
 
buznog
 
===============================================================================================================
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014
Ran by Abba at 2014-10-06 11:14:51 Run:1
Running from C:\0\Malware
Loaded Profile: Abba (Available profiles: Abba & DefaultAppPool)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled ()
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
BootExecute: autocheck autochk * OODBSPCloudBroom64.exe \systemroot\system32\BroomData.bit
URLSearchHook: HKCU - (No Name) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - No File
Toolbar: HKLM-x32 - No Name - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} -  No File
Toolbar: HKCU - No Name - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} -  No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
FF Extension: No Name - C:\Users\Abba\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Abba restrored from old PC\Extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}-trash [2010-07-12]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-09-27]
FF HKCU\...\Firefox\Extensions: [{b9aa91db-385d-4c69-8a2f-96790aa9405b}] - c:\program files (x86)\copernic\desktopsearch4\firefoxconnector
FF Extension: Copernic Desktop Search - Search Firefox content - c:\program files (x86)\copernic\desktopsearch4\firefoxconnector [2014-07-31]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP4\WNt500x64\Sandra.sys [X]
C:\Users\Abba\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp247vyq.dll
C:\Users\Abba\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\Abba\AppData\Local\Temp\Quarantine.exe
C:\Users\Abba\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Abba\AppData\Local\Temp\_isEDF5.exe
Task: {FD08FFD3-A401-41AF-BEFC-1018D36DEA8B} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTION 
2014-07-29 16:49 - 2014-07-29 16:49 - 00001765 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 validation.sls.microsoft.com
127.0.0.1 activate.adobe.com
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 lmlicenses.wip4.adobe.com lm.licenses.adobe.com na1r.services.adobe.com hlrcv.stage.adobe.com
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Abba\Desktop\PCO.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\20140131_075854[1].jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Aerial view Sunday Oct 7.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Aviva video.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Closeup aerial view Sunday Oct 7.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Divest.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Facebook-20140907-013112.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\image001.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Jerusalem apartment search map Heb).jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\junk.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Lev article.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Malmo.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Manu at colosseum.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Manu+Michael at Bali's wedding SML.JPG:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\photo.JPG:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Protest chart for Jac.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Route Sunday Oct 7.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Shalevs at wedding.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Spatial political map.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\temp.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\To Copernic.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Under the Chuppah SML.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\unnamed.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Why was Mum born so beautiful.mov:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\Yossi TAU financial report Feb 2014.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\הצעה לקייטרינג .jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Abba\Downloads\משפחה.jpg:com.dropbox.attributes
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
MSCONFIG\startupreg: DriverMax => :
MSCONFIG\startupreg: DriverMax_RESTART => :  
 
 
*****************
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled => Moved successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp]" => Key not found.
"HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending]" => Key not found.
"HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot]" => Key not found.
"HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared]" => Key not found.
"HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}" => Key not found.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ad708c09-d51b-45b3-9d28-4eba2681febf} => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4A1C6093-14F9-44D7-860E-5D265CFCA9D9} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{4A1C6093-14F9-44D7-860E-5D265CFCA9D9}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4A1C6093-14F9-44D7-860E-5D265CFCA9D9} => value deleted successfully.
"HKCR\CLSID\{4A1C6093-14F9-44D7-860E-5D265CFCA9D9}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{AD708C09-D51B-45B3-9D28-4EBA2681FEBF} => value deleted successfully.
"HKCR\CLSID\{AD708C09-D51B-45B3-9D28-4EBA2681FEBF}" => Key not found.
"HKCR\PROTOCOLS\Handler\belarc" => Key deleted successfully.
"HKCR\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F}" => Key not found.
C:\Users\Abba\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Abba restrored from old PC\Extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}-trash => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com => Moved successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\{b9aa91db-385d-4c69-8a2f-96790aa9405b} => value deleted successfully.
c:\program files (x86)\copernic\desktopsearch4\firefoxconnector => Moved successfully.
dgderdrv => Service deleted successfully.
NLNdisMP => Service deleted successfully.
NLNdisPT => Service deleted successfully.
pccsmcfd => Service deleted successfully.
SANDRA => Service deleted successfully.
"C:\Users\Abba\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp247vyq.dll" => File/Directory not found.
C:\Users\Abba\AppData\Local\Temp\GLB1A2B.EXE => Moved successfully.
C:\Users\Abba\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Abba\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Abba\AppData\Local\Temp\_isEDF5.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD08FFD3-A401-41AF-BEFC-1018D36DEA8B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD08FFD3-A401-41AF-BEFC-1018D36DEA8B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => Key deleted successfully.
C:\Windows\system32\Drivers\etc\hosts => Moved successfully.
127.0.0.1 validation.sls.microsoft.com => Error: No automatic fix found for this entry.
127.0.0.1 activate.adobe.com => Error: No automatic fix found for this entry.
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com => Error: No automatic fix found for this entry.
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com => Error: No automatic fix found for this entry.
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com => Error: No automatic fix found for this entry.
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com => Error: No automatic fix found for this entry.
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net => Error: No automatic fix found for this entry.
127.0.0.1 lmlicenses.wip4.adobe.com lm.licenses.adobe.com na1r.services.adobe.com hlrcv.stage.adobe.com => Error: No automatic fix found for this entry.
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\Users\Abba\Desktop\PCO.jpg => ":com.dropbox.attributes" ADS removed successfully.
"C:\Users\Abba\Downloads\20140131_075854[1].jpg" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\Aerial view Sunday Oct 7.png" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\Aviva video.png" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\Closeup aerial view Sunday Oct 7.png" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\Divest.png" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\Facebook-20140907-013112.jpg" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\image001.png" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\Jerusalem apartment search map Heb).jpg" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\junk.png" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\Lev article.png" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\Malmo.png" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\Manu at colosseum.jpg" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\Manu+Michael at Bali's wedding SML.JPG" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\photo.JPG" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\Protest chart for Jac.png" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\Route Sunday Oct 7.png" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\Shalevs at wedding.jpg" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\Spatial political map.jpg" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\temp.png" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\To Copernic.png" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\Under the Chuppah SML.jpg" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\unnamed.jpg" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\Why was Mum born so beautiful.mov" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\Yossi TAU financial report Feb 2014.jpg" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\הצעה לקייטרינג .jpg" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Abba\Downloads\משפחה.jpg" => ":com.dropbox.attributes" ADS not found.
C:\ProgramData\Temp => ":0FF263E8" ADS removed successfully.
MSCONFIG\startupreg: DriverMax => : => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: DriverMax_RESTART => : => Error: No automatic fix found for this entry.
 
==== End of Fixlog ====


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:38 AM

Posted 07 October 2014 - 12:48 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:38 AM

Posted 07 October 2014 - 12:48 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users