Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop won't open programmes very slow virus suspected


  • This topic is locked This topic is locked
17 replies to this topic

#1 appreciateyourhelp

appreciateyourhelp

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:40 PM

Posted 07 October 2014 - 08:23 AM

Hi there, without going into a long-winded story, my laptop has had a lot of difficulty operating. It is EXTREMELY slow to start up and once it's up I cannot seem to open any programmes as it just takes too long.  I suspect a virus/trojan/worm of some description, and I've done the usual things like CHKDSK, disk clean up as explained in the "Slow Computer" guide etc. I only been able to perform tasks in Safe Mode with Networking as I am unable to do ANYTHING if I start up in normal mode. My ZoneAlarm Virus Scan & Updater has also been disabled, along with my Windows Firewall (which doesn't usually run when I have ZA running anyway).

 

Many thanks for anyone who can help me with this - my life & work is on this laptop!

 

I will post the following DDS tx log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.5.1
Run by Katalyst at 13:57:34 on 2014-10-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3002.1898 [GMT 1:00]
.
AV: ZoneAlarm Internet Security Suite Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Internet Security Suite Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Internet Security Suite Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=easynote_th36&r=27361010l255l04h4z1m5f46j2e440
mStart Page = www.google.com
uURLSearchHooks: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRunOnce: [Report] C:\AdwCleaner\AdwCleaner[S1].txt
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [UIExec] "C:\Program Files (x86)\Etisalat USB modem\UIExec.exe"
StartupFolder: C:\Users\Katalyst\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Katalyst\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Katalyst\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\REALPL~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VIDEOW~1.LNK - C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{48768BCB-7B09-4B09-97B3-4AAD65F16C8A} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{48768BCB-7B09-4B09-97B3-4AAD65F16C8A}\244584572633D225937373 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{48768BCB-7B09-4B09-97B3-4AAD65F16C8A}\4777F6561627370207F63747 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{90BB4B1F-C197-4695-ABFC-1B0C52B489F4} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = www.google.com
x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} -
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [ISW] <no file>
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Katalyst\AppData\Roaming\Mozilla\Firefox\Profiles\0pn47my3.default-1406820672526\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-5 55856]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-11-23 50976]
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2012-11-25 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2013-8-18 29792]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-8-18 54104]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-4-14 75304]
S1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-11-5 177760]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 CrashPlanService;CrashPlan Backup Service;C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [2014-6-26 153088]
S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-14 325200]
S2 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-6-5 866336]
S2 GREGService;GREGService;C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-1-8 23584]
S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-10-6 127752]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-4-14 13336]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2010-8-27 33712]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2010-8-27 827560]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-23 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-23 860472]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-3-9 250368]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-6-10 39568]
S2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-7-1 1141848]
S2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-6-10 23552]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 UI Assistant Service;UI Assistant Service;C:\Program Files (x86)\Etisalat USB modem\AssistantServices.exe [2013-6-28 269648]
S2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-4-14 243232]
S2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [?]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2014-4-9 92176]
S3 Blackberry Device Manager;Blackberry Device Manager;"C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe" --> C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [?]
S3 HuaweiWiMAXUSB;HuaweiWiMAXUSB Device driver;C:\Windows\System32\drivers\HuaweiWiMAXUSB.sys [2011-12-4 75264]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-21 111616]
S3 massfilter;MBB Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2013-6-28 11776]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-9-23 25816]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-23 122584]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-23 63704]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-14 27136]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-10-6 31800]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-14 225280]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\System32\drivers\s0016bus.sys [2011-4-11 115240]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\System32\drivers\s0016mdfl.sys [2011-4-11 19496]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\System32\drivers\s0016mdm.sys [2011-4-11 158760]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s0016mgmt.sys [2011-4-11 137256]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\System32\drivers\s0016nd5.sys [2011-4-11 34344]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\System32\drivers\s0016obex.sys [2011-4-11 136744]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\System32\drivers\s0016unic.sys [2011-4-11 151592]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;"C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe" --> C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-11 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-28 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-10-07 12:50:06    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E8562518-9780-4CBB-9ADD-E62AD7BF5DE8}\offreg.dll
2014-10-06 20:59:01    --------    d-----w-    C:\ProgramData\Startup Manager
2014-10-06 20:59:01    --------    d-----w-    C:\Program Files (x86)\Startup Manager
2014-10-06 20:23:52    12872    ----a-w-    C:\Windows\System32\bootdelete.exe
2014-10-06 19:51:56    --------    d-----w-    C:\Program Files\HitmanPro
2014-10-06 19:50:37    --------    d-----w-    C:\ProgramData\HitmanPro
2014-10-06 19:23:06    --------    d-----w-    C:\AdwCleaner
2014-10-06 18:06:41    11578928    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E8562518-9780-4CBB-9ADD-E62AD7BF5DE8}\mpengine.dll
2014-10-06 18:03:17    --------    d-----w-    C:\Users\Katalyst\AppData\Local\VS Revo Group
2014-10-06 18:03:08    31800    ----a-w-    C:\Windows\System32\drivers\revoflt.sys
2014-10-06 18:03:08    --------    d-----w-    C:\ProgramData\VS Revo Group
2014-10-06 18:03:06    --------    d-----w-    C:\Program Files\VS Revo Group
2014-10-05 00:41:36    3675824    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-09-23 09:44:22    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-23 09:43:59    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-23 09:43:59    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-09-23 09:43:59    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-09-23 09:43:58    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-09-23 09:43:58    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-15 21:38:56    --------    d-----w-    C:\3c5d0a1a7868f742f7f7a06459
2014-09-15 21:33:00    2777088    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2014-09-15 21:32:59    2285056    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-10 16:36:06    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-09-10 16:36:05    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-09-10 16:36:05    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-09-10 16:36:05    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-09-10 16:36:05    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-09-10 16:35:09    578048    ----a-w-    C:\Windows\System32\aepdu.dll
2014-09-10 16:35:08    424448    ----a-w-    C:\Windows\System32\aeinv.dll
.
==================== Find3M  ====================
.
2014-09-15 08:06:02    278152    ------w-    C:\Windows\System32\MpSigStub.exe
2014-09-10 17:15:28    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 17:15:28    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-23 02:07:00    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01    3163648    ----a-w-    C:\Windows\System32\win32k.sys
2014-08-21 09:51:47    50976    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2014-07-25 14:02:12    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28    758272    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15    5824512    ----a-w-    C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05    72704    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47    597504    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47    4204032    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29    2087936    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49    2001920    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06    2266624    ----a-w-    C:\Windows\System32\wininet.dll
2014-07-25 10:05:23    1792512    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-07-16 03:23:41    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-07-16 02:46:02    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45    1216000    ----a-w-    C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58    664064    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
.
============= FINISH: 13:59:51.55 ===============
 

Attached File  attach.txt   23.63KB   4 downloads



BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:40 AM

Posted 08 October 2014 - 12:42 AM

Hello appreciateyourhelp,

Welcome to Bleeping Computer:welcome:
 
My name is Cody and I'll be helping you clean up your computer.

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

Farbar Recovery Scan Tool (FRST)

  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

Edited by TheShooter93, 08 October 2014 - 12:42 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 appreciateyourhelp

appreciateyourhelp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:40 PM

Posted 09 October 2014 - 06:58 AM

Hi Cody, thanks so much for helping  me out.

Here are the logs:

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Katalyst (administrator) on KATALYST-PC on 09-10-2014 12:46:42
Running from C:\Users\Katalyst\Downloads
Loaded Profile: Katalyst (Available profiles: Katalyst)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-23] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [ISW] => C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-08-30] (Check Point Software Technologies)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [258560 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-04-25] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-30] (DivX, LLC)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Etisalat USB modem\UIExec.exe [139088 2011-04-02] ()
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4872712 2014-10-07] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1503819887-52786958-1450333311-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1503819887-52786958-1450333311-1001\...\MountPoints2: {abd6e1b7-1eac-11e1-bdc2-88ae1d0d935b} - E:\StartSetup.exe
HKU\S-1-5-21-1503819887-52786958-1450333311-1001\...\MountPoints2: {abd6e1bd-1eac-11e1-bdc2-88ae1d0d935b} - E:\StartSetup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VideoWebCamera.exe.lnk
ShortcutTarget: VideoWebCamera.exe.lnk -> C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe ()
Startup: C:\Users\Katalyst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Katalyst\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Katalyst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=easynote_th36&r=27361010l255l04h4z1m5f46j2e440
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
URLSearchHook: HKCU - (No Name) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - No File
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_enGB403GB403
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKCU - No Name - {3CE45C4F-BFFF-4988-9A3C-A75C1F491319} -  No File
DPF: HKLM-x32 {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: HKLM-x32 {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Katalyst\AppData\Roaming\Mozilla\Firefox\Profiles\0pn47my3.default-1406820672526
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.100 -> C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin-x32: @real.com/nppl3260;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-01]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-06]
FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4791872 2014-10-07] (Emsisoft GmbH)
S2 CrashPlanService; C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [153088 2014-06-26] (Code 42 Software) [File not signed]
S2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [866336 2010-03-17] (Acer Incorporated)
S2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-10-06] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [827560 2012-08-30] (Check Point Software Technologies)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [52288 2011-03-01] (NOS Microsystems Ltd.)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [File not signed]
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
S2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-07-01] (RealNetworks, Inc.)
S2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-10] () [File not signed]
S2 UI Assistant Service; C:\Program Files (x86)\Etisalat USB modem\AssistantServices.exe [269648 2011-08-25] ()
S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-04-25] (Check Point Software Technologies Ltd.)
S2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [92176 2014-04-09] (Check Point Software Technologies, Ltd.)
S3 Blackberry Device Manager; "C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe" [X]
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
S3 Sony Ericsson PCCompanion; "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe" [X]
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
S1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
S1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
S1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-21] (AVG Technologies)
S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-10-07] ()
S3 HuaweiWiMAXUSB; C:\Windows\System32\DRIVERS\HuaweiWiMAXUSB.sys [75264 2010-03-03] (HUAWEI Communication)
S2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-08-30] (Check Point Software Technologies)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-03-19] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2012-01-09] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-03-19] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490592 2014-03-19] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-03-19] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2014-03-19] (Kaspersky Lab)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177760 2014-03-19] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-06] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S3 s616bus; C:\Windows\System32\DRIVERS\s616bus.sys [108296 2007-04-03] (MCCI Corporation)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450968 2014-04-24] (Check Point Software Technologies Ltd.)
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-09 12:46 - 2014-10-09 12:47 - 00023319 _____ () C:\Users\Katalyst\Downloads\FRST.txt
2014-10-09 12:46 - 2014-10-09 12:46 - 00000000 ____D () C:\FRST
2014-10-09 12:44 - 2014-10-09 12:45 - 02109952 _____ (Farbar) C:\Users\Katalyst\Downloads\FRST64.exe
2014-10-07 23:39 - 2014-10-07 23:39 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-10-07 17:59 - 2014-10-07 17:59 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-10-07 14:26 - 2014-10-08 16:07 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-10-07 14:26 - 2014-10-07 14:26 - 00001063 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-10-07 14:26 - 2014-10-07 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-10-07 14:00 - 2014-10-07 14:04 - 00024199 _____ () C:\Users\Katalyst\Desktop\attach.txt
2014-10-07 14:00 - 2014-10-07 14:03 - 00025303 _____ () C:\Users\Katalyst\Desktop\dds.txt
2014-10-07 13:52 - 2014-10-07 13:53 - 00688992 ____R (Swearware) C:\Users\Katalyst\Downloads\dds.com
2014-10-07 13:51 - 2014-10-07 14:16 - 233663808 _____ (Emsisoft GmbH ) C:\Users\Katalyst\Downloads\EmsisoftAntiMalwareSetup.exe
2014-10-07 13:48 - 2014-10-07 13:50 - 00001788 _____ () C:\Users\Katalyst\Desktop\Rkill.txt
2014-10-07 13:48 - 2014-10-07 13:48 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Katalyst\Downloads\rkill64.com
2014-10-07 13:41 - 2014-10-07 13:48 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Katalyst\Downloads\rkill.com
2014-10-07 13:40 - 2014-10-07 13:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-07 13:19 - 2014-10-07 13:19 - 01375089 _____ () C:\Users\Katalyst\Downloads\AdwCleaner(1).exe
2014-10-06 21:59 - 2014-10-06 22:00 - 00000000 ____D () C:\Program Files (x86)\Startup Manager
2014-10-06 21:59 - 2014-10-06 21:59 - 00000985 _____ () C:\Users\Katalyst\Desktop\Startup Manager.lnk
2014-10-06 21:59 - 2014-10-06 21:59 - 00000000 ____D () C:\ProgramData\Startup Manager
2014-10-06 21:59 - 2014-10-06 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Manager
2014-10-06 21:57 - 2014-10-06 21:57 - 01017888 _____ (Glenn Van Loon ) C:\Users\Katalyst\Downloads\StM_setup242-re.exe
2014-10-06 21:53 - 2014-10-06 21:53 - 01156136 _____ (Ruiware) C:\Users\Katalyst\Downloads\wpsetup.exe
2014-10-06 21:37 - 2014-10-06 21:37 - 00028998 _____ () C:\Users\Katalyst\Documents\HitmanPro_20141006_2137.log
2014-10-06 21:23 - 2014-10-06 21:23 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-10-06 20:51 - 2014-10-06 20:51 - 00001905 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-10-06 20:51 - 2014-10-06 20:51 - 00000000 ____D () C:\Program Files\HitmanPro
2014-10-06 20:50 - 2014-10-06 21:23 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-06 20:49 - 2014-10-06 20:50 - 11194928 _____ (SurfRight B.V.) C:\Users\Katalyst\Downloads\HitmanPro_x64.exe
2014-10-06 20:23 - 2014-10-07 13:23 - 00000000 ____D () C:\AdwCleaner
2014-10-06 20:22 - 2014-10-06 20:22 - 01375089 _____ () C:\Users\Katalyst\Downloads\AdwCleaner.exe
2014-10-06 19:03 - 2014-10-06 19:03 - 00001089 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-10-06 19:03 - 2014-10-06 19:03 - 00000000 ____D () C:\Users\Katalyst\AppData\Local\VS Revo Group
2014-10-06 19:03 - 2014-10-06 19:03 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-10-06 19:03 - 2014-10-06 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-10-06 19:03 - 2014-10-06 19:03 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-10-06 19:03 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-10-06 11:58 - 2014-10-06 11:58 - 00003246 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1503819887-52786958-1450333311-1001
2014-10-06 11:56 - 2014-10-06 11:56 - 00003374 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1503819887-52786958-1450333311-1001
2014-10-05 01:41 - 2014-10-05 01:41 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-23 22:37 - 2014-09-23 22:37 - 00010184 _____ () C:\bootsqm.dat
2014-09-23 10:44 - 2014-10-06 13:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 10:44 - 2014-09-23 10:44 - 00001074 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-23 10:44 - 2014-09-23 10:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-23 10:43 - 2014-09-23 10:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-23 10:43 - 2014-09-23 10:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-23 10:43 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-23 10:43 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-23 10:43 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-19 15:38 - 2014-09-19 15:49 - 00000000 _____ () C:\Users\Katalyst\AppData\Local\{7A6AB8E0-462C-44AC-BEBF-1F6DD0E383C3}
2014-09-15 22:38 - 2014-09-15 22:39 - 00000000 ____D () C:\3c5d0a1a7868f742f7f7a06459
2014-09-15 22:33 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-15 22:32 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 17:36 - 2014-07-07 03:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 17:36 - 2014-07-07 03:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 17:36 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 17:36 - 2014-07-07 02:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 17:36 - 2014-07-07 02:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 17:35 - 2014-09-05 03:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 17:35 - 2014-09-05 03:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-09 12:42 - 2014-07-15 17:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-09 12:38 - 2013-06-28 16:54 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-10-08 16:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-10-08 16:21 - 2012-07-01 09:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-08 16:07 - 2010-10-27 14:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-08 16:03 - 2010-10-27 14:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-08 15:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-08 15:51 - 2009-07-14 05:51 - 00164426 _____ () C:\Windows\setupact.log
2014-10-07 23:48 - 2010-06-05 15:44 - 02057501 _____ () C:\Windows\WindowsUpdate.log
2014-10-07 23:42 - 2011-06-15 13:20 - 00000000 ___RD () C:\Users\Katalyst\Dropbox
2014-10-07 18:55 - 2011-06-15 13:18 - 00000000 ____D () C:\Users\Katalyst\AppData\Roaming\Dropbox
2014-10-07 18:55 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-07 18:55 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-07 18:29 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-07 17:47 - 2010-10-27 14:50 - 00000000 ____D () C:\Users\Katalyst\AppData\Roaming\CheckPoint
2014-10-07 17:39 - 2010-10-28 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-10-07 17:39 - 2010-10-28 16:46 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-10-07 13:25 - 2010-04-14 12:52 - 00708808 _____ () C:\Windows\PFRO.log
2014-10-07 05:29 - 2009-07-14 06:13 - 00792792 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-06 19:52 - 2010-04-14 12:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-06 19:45 - 2010-10-27 11:24 - 00000000 ____D () C:\Program Files (x86)\OEM
2014-10-05 01:08 - 2011-04-15 11:24 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E8EC8316-59D0-4AD4-B2C4-64F64DFFD71C}
2014-10-05 00:53 - 2011-10-31 00:25 - 00000000 ____D () C:\Users\Katalyst\AppData\Local\ROUTE 66 Sync 9
2014-09-23 11:25 - 2012-08-31 13:32 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-09-22 20:30 - 2011-06-15 13:20 - 00001041 _____ () C:\Users\Katalyst\Desktop\Dropbox.lnk
2014-09-22 20:29 - 2011-06-15 13:19 - 00000000 ____D () C:\Users\Katalyst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-22 19:26 - 2011-07-29 09:59 - 00431188 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2014-09-19 17:07 - 2014-07-31 14:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-19 17:07 - 2010-10-27 11:48 - 00000000 ____D () C:\Users\Katalyst\AppData\Local\Google
2014-09-15 22:39 - 2013-07-21 03:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-15 22:39 - 2010-10-28 11:39 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-15 22:32 - 2014-05-07 14:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-15 22:25 - 2010-04-14 12:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-15 22:14 - 2013-10-12 14:09 - 00000000 ____D () C:\Users\Katalyst\AppData\Local\FA3D3CEA-DF74-4760-BBE5-97CE105453C9.aplzod
2014-09-15 22:14 - 2010-10-27 15:36 - 00000000 ____D () C:\Users\Katalyst\Documents\Outlook Files
2014-09-15 09:06 - 2010-10-27 12:02 - 00278152 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-10 18:15 - 2012-07-01 09:37 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 18:15 - 2012-07-01 09:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 18:15 - 2011-12-23 14:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Katalyst\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpczmpao.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-22 21:57

==================== End Of Log ============================

 

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by Katalyst at 2014-10-09 12:48:46
Running from C:\Users\Katalyst\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ZoneAlarm Internet Security Suite Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: Emsisoft Anti-Malware (Disabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Disabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: ZoneAlarm Internet Security Suite Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Internet Security Suite Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.100 - NOS Microsystems Ltd.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.28 - Avanquest Software)
Backup Manager Basic (x32 Version: 2.0.0.60 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Callnote Premium version 2.0.0.53 (HKLM-x32\...\{048CD767-219E-4F04-AA84-3128F6A35948}_is1) (Version: 2.0.0.53 - Kandasoft)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.6.0.12 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.2.7 - Canon Inc.)
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version:  - Canon Inc.)
Canon MG3100 series On-screen Manual (HKLM-x32\...\Canon MG3100 series On-screen Manual) (Version:  - )
Canon MG3100 series User Registration (HKLM-x32\...\Canon MG3100 series User Registration) (Version:  - )
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.1.0.31 - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon RAW Codec (HKLM-x32\...\Canon RAW Codec) (Version: 1.8.0.68 - Canon Inc.)
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.5 (HKLM-x32\...\DPP) (Version: 3.5.2.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.5.1.1 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.0.0.3 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.4.2.0 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Canon Utilities WFT-E1/E2/E3/E4 Utility (HKLM-x32\...\WFTK) (Version: 3.3.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.2.1.31 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.0.9 - Canon Inc.)
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
Cela.C.M (HKLM-x32\...\Cela.C.M) (Version: 300.001.010.050 - Huawei Technologies Co.,Ltd)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CrashPlan (HKLM-x32\...\{D49C4EF5-6FD0-4D0F-A378-065AF9917AD3}) (Version: 3.6.3 - Code 42 Software)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Digital Media Converter 3.1 (HKLM-x32\...\Digital Media Converter 3.0_is1) (Version:  - Deskshare Inc.)
Digital Media Converter 4.1 (HKLM-x32\...\Digital Media Converter 4.0_is1) (Version:  - Deskshare Inc.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DVD-Cover Printmaster 1.4 (HKLM-x32\...\{38AFE2B1-19DB-432A-BA4A-410BFBA78DCE}) (Version: 1.4 - biu software)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
Etisalat USB modem (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - ZTE)
FileZilla Client 3.7.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.7.0.2 - FileZilla Project)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
HyperCam 2 (HKLM\...\HyperCam 2) (Version: 2.28.01 - Hyperionics Technology LLC)
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.27.01 - Hyperionics Technology LLC)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Packard Bell)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020F0}) (Version: 6.0.200 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.6 - Packard Bell)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MP3MyMP3 3.1 (HKLM-x32\...\MP3MyMP3_is1) (Version:  - Bruce McArthur)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{78f0cac1-eba2-4a31-8c0e-2596f1335acc}) (Version:  - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.6.2.101 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.27.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.33.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Odboso FileRetrieval 1.9.2 (HKLM-x32\...\Odboso FileRetrieval_is1) (Version:  - Odboso, Inc.)
OpenOffice.org 3.2 (HKLM-x32\...\{09DF00E6-520C-49D5-B7E0-9612165CACA8}) (Version: 3.2.9502 - OpenOffice.org)
Packard Bell InfoCentre (HKLM-x32\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell)
Packard Bell MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.60 - NewTech Infosystems)
Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3003 - Packard Bell)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.03.3002 - Packard Bell)
Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0414.2010 - Packard Bell )
Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 1.0.1517 - CyberLink Corp.)
Packard Bell Social Networks (x32 Version: 1.0.1517 - CyberLink Corp.) Hidden
Packard Bell Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Packard Bell)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PDFlite 0.8 (HKLM-x32\...\PDFlite) (Version: 0.8 - Amnis Technology Ltd)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.7.7 - )
pidgin-otr 3.2.0-1 (HKLM-x32\...\pidgin-otr) (Version: 3.2.0-1 - Cypherpunks CA)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
QuickTime MPEG2 (HKLM-x32\...\{12EAE4F0-8770-451C-B4AD-76B569678973}) (Version: 7.60.92.0 - Apple Inc.)
RealDownloader (x32 Version: 17.0.11 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.10 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6074 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - Amnis Technology Ltd)
RescuePRO Deluxe 5.0 (HKLM-x32\...\{4EE63BCE-7D9C-40E0-B770-07C6181EF55C}_is1) (Version: 5.0 - LC Technology International, Inc.)
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Startup Manager 2.4.2 (HKLM-x32\...\Startup_Manager_is1) (Version: 2.4.2 - Glenn Van Loon)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Web Camera (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 2.0.3.3 - liteon)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VodBurner (HKLM-x32\...\{656957B8-41DB-4E43-AAA1-B128C2213D50}) (Version: 1.1.0 - Netralia)
Web Stream Recorder (HKLM-x32\...\{8AAD9D0F-567C-4F8C-A0DA-1AB5B1243F68}_is1) (Version: 2013 - Bolide Software)
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.01.3002 - Packard Bell)
WIDCOMM Bluetooth Software 6.2.0.5800 (HKLM\...\{E464702F-5433-46EC-8F65-159276C0A54F}) (Version: 6.2.0.5800 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Xvid 1.2.1 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
YTD Video Downloader 4.8.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.2 - GreenTree Applications SRL)
ZoneAlarm Antivirus (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Internet Security Suite (HKLM-x32\...\ZoneAlarm Internet Security Suite) (Version: 13.1.211.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKLM-x32\...\ZoneAlarm Security Toolbar) (Version:  - Check Point Software Technologies LTD)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1503819887-52786958-1450333311-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Katalyst\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1503819887-52786958-1450333311-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Katalyst\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1503819887-52786958-1450333311-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Katalyst\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1503819887-52786958-1450333311-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Katalyst\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1503819887-52786958-1450333311-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Katalyst\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1503819887-52786958-1450333311-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Katalyst\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1503819887-52786958-1450333311-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Katalyst\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1503819887-52786958-1450333311-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Katalyst\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1503819887-52786958-1450333311-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Katalyst\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1503819887-52786958-1450333311-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Katalyst\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1503819887-52786958-1450333311-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Katalyst\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {056DB602-7580-420E-989D-D8D2140CEF4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-31] (Google Inc.)
Task: {0A2FC40F-2A17-42CC-B769-E9F939990D46} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {24C33A76-F69D-4074-9E86-08670A855C41} - System32\Tasks\{6833612B-45FA-4DD7-83A2-05E5774A0D34} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {2BAA59C8-62A3-4055-A82C-A0E8101BA4A6} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1503819887-52786958-1450333311-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {3534D410-0C24-4FE0-B5DC-4AFBF0393559} - System32\Tasks\{F5446F12-D631-4908-95AE-5F1790FBB750} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.179.370&amp;LastError=12002
Task: {7F7D23B6-6B61-4F43-8218-642D4595B162} - System32\Tasks\{5E518DFF-D2E2-4D71-A1B5-E145A71C78A9} => Chrome.exe
Task: {90F8F8A5-576C-4B58-BAD4-3F662C229C29} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1503819887-52786958-1450333311-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {957D5C86-9A77-4E58-801E-974C67C1CB86} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1503819887-52786958-1450333311-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-06-10] (RealNetworks, Inc.)
Task: {9F3ABD63-4321-4E79-88C5-ACDBC34DC59B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1503819887-52786958-1450333311-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {A4D609DD-40B1-4AFB-A78D-CD8854195B2E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {A8C6FF6D-AA65-4807-A1C1-429662AB9A39} - System32\Tasks\{3F03458F-714B-4F1A-93A7-70D77E5D6386} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {BF019CE8-8306-4B05-89F5-848AC29FB52F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-31] (Google Inc.)
Task: {DBE6531A-04EA-46EE-A0A9-096DF09D2157} - System32\Tasks\{9219E18C-D9DA-47DE-B9FD-CFAA673F1A85} => C:\program files (x86)\real\realplayer\RealPlay.exe [2014-07-01] (RealNetworks, Inc.)
Task: {DDD9A36A-CD63-497C-8F47-471B3FEA2079} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1503819887-52786958-1450333311-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {DE4C4437-BA85-4883-B1CE-3C5BB85A0444} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {EA70FEA4-9207-4B93-81FF-35F4228CDD36} - System32\Tasks\{F45C9AC8-D151-4828-940E-B0DCE255F116} => C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe
Task: {F47D3E56-D900-45C4-9F88-38D0615CB5FB} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Katalyst\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-12-25 00:33 - 2013-12-25 00:33 - 01816576 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\update\UpdSdk.dll
2014-10-07 13:40 - 2014-10-07 13:40 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-01 16:55 - 2014-07-01 16:55 - 00573528 _____ () c:\program files (x86)\real\realplayer\RPDS\Lib\r1api.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KL1 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\kl2 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnkCommon Startup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VideoWebCamera.exe.lnk => C:\Windows\pss\VideoWebCamera.exe.lnkCommon Startup
MSCONFIG\startupfolder: C:^Users^Katalyst^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnkStartup
MSCONFIG\startupfolder: C:^Users^Katalyst^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\Windows\pss\OpenOffice.org 3.2.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: GrpConv => grpconv -o
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

========================= Accounts: ==========================

Administrator (S-1-5-21-1503819887-52786958-1450333311-500 - Administrator - Disabled)
Guest (S-1-5-21-1503819887-52786958-1450333311-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1503819887-52786958-1450333311-1006 - Limited - Enabled)
Katalyst (S-1-5-21-1503819887-52786958-1450333311-1001 - Administrator - Enabled) => C:\Users\Katalyst

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/08/2014 03:58:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0x8e0
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3

Error: (10/08/2014 03:57:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rndlresolversvc.exe, version: 0.0.0.0, time stamp: 0x5397a7db
Faulting module name: rndlresolversvc.exe, version: 0.0.0.0, time stamp: 0x5397a7db
Exception code: 0xc0000005
Fault offset: 0x00003035
Faulting process id: 0x990
Faulting application start time: 0xrndlresolversvc.exe0
Faulting application path: rndlresolversvc.exe1
Faulting module path: rndlresolversvc.exe2
Report Id: rndlresolversvc.exe3

Error: (10/08/2014 03:55:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x8a0
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3

Error: (10/07/2014 11:41:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: a2wizard.exe, version: 9.0.0.4519, time stamp: 0x54257dc2
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00057e9c
Faulting process id: 0x13b0
Faulting application start time: 0xa2wizard.exe0
Faulting application path: a2wizard.exe1
Faulting module path: a2wizard.exe2
Report Id: a2wizard.exe3

Error: (10/07/2014 06:31:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0xe98
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3

Error: (10/07/2014 05:48:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0xc70
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3

Error: (10/07/2014 05:27:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x730
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (10/07/2014 00:17:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xaf4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (10/07/2014 11:50:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x7dc
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (10/07/2014 11:06:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x564
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3


System errors:
=============
Error: (10/09/2014 00:47:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/09/2014 00:47:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/09/2014 00:47:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/09/2014 00:47:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (10/09/2014 00:47:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/09/2014 00:47:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/09/2014 00:47:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/09/2014 00:46:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/09/2014 00:46:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/09/2014 00:46:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (10/08/2014 03:58:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a8e001cfe307ec5c588eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe9ef158c3-4efb-11e4-b841-88ae1d0d935b

Error: (10/08/2014 03:57:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rndlresolversvc.exe0.0.0.05397a7dbrndlresolversvc.exe0.0.0.05397a7dbc00000050000303599001cfe3080b55603eC:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exeC:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe6a506c34-4efb-11e4-b841-88ae1d0d935b

Error: (10/08/2014 03:55:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd8a001cfe307da0d6312C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll276c00c1-4efb-11e4-b841-88ae1d0d935b

Error: (10/07/2014 11:41:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: a2wizard.exe9.0.0.451954257dc2ntdll.dll6.1.7601.18247521ea8e7c000000500057e9c13b001cfe254b28f5e2bC:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2wizard.exeC:\Windows\SysWOW64\ntdll.dll1e38b546-4e73-11e4-a0e0-88ae1d0d935b

Error: (10/07/2014 06:31:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8ae9801cfe2546e57961aC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exebea8c7ff-4e47-11e4-a0e0-88ae1d0d935b

Error: (10/07/2014 05:48:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8ac7001cfe24e6a7edd0bC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exebaaebbad-4e41-11e4-8d2d-88ae1d0d935b

Error: (10/07/2014 05:27:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd73001cfe24b7b3a9413C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllc6e7f750-4e3e-11e4-a58f-88ae1d0d935b

Error: (10/07/2014 00:17:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdaf401cfe2204602e227C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll9161b7fb-4e13-11e4-9d87-88ae1d0d935b

Error: (10/07/2014 11:50:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd7dc01cfe21c7cb8fa51C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllc7bafa7a-4e0f-11e4-9f37-88ae1d0d935b

Error: (10/07/2014 11:06:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd56401cfe21642e0175aC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll8cef4b27-4e09-11e4-9f37-88ae1d0d935b


CodeIntegrity Errors:
===================================
  Date: 2014-10-07 23:45:47.657
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-22 22:58:21.805
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-22 22:58:21.803
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-22 22:58:05.285
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-22 22:58:05.282
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-22 22:51:22.165
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-22 22:51:04.938
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 11:32:26.519
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 11:32:26.516
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 11:32:18.909
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 33%
Total physical RAM: 3001.97 MB
Available physical RAM: 2005.13 MB
Total Pagefile: 6002.13 MB
Available Pagefile: 5075.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:219.78 GB) (Free:50.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: DA8EEA4D)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=219.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:40 AM

Posted 09 October 2014 - 02:27 PM

Hello appreciateyourhelp,
 
Your DDS log isn't showing much, so let's do the following. 
 
If possible, please do these while in Windows normally. Otherwise, Safe Mode is fine.  :)

 

=============================================================
 
Event Viewer - CHKDSK Report

  • Please follow the instructions found here to retrieve the details of the CHKDSK you previously performed.
  • The timestamp of the CHKDSK you performed is: 07/10/2014 12:11:32
  • Copy and paste the contents of the CHKDSK report in your next post.

=============================================================
 
CHKDSK

  • Press and hold the Windows button + R on your keyboard.
  • In the Run box, type CMD and hit Enter.
  • In Command Prompt, type CHKDSK /r and hit Enter.
  • At the prompt, type Y and hit Enter.
  • Reboot the machine.
  • Let me know how this CHKDSK goes and the contents of any result messages you see.

=============================================================
 

FRST

 

Lastly, please do not forget about the FRST log I requested in my introductory post.   :)

=============================================================

What I'd like to see in your next post:    :thumbup2:

  • CHKDSK Report.
  • Run new CHKDSK.
  • FRST logs.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#5 appreciateyourhelp

appreciateyourhelp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:40 PM

Posted 09 October 2014 - 05:40 PM

Hi Cody,

This is the only CHK DSK log that I could find that closely resembles the timestamp it's not exact but nearly:

 

Checking file system on \\?\Volume{45b6c0d1-70b0-11df-baf5-806e6f6e6963}
The type of the file system is NTFS.
Volume label is PQSERVICE.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
  512 file records processed.                                          File verification completed.
  0 large file records processed.                                      0 bad file records processed.                                        0 EA records processed.                                              0 reparse records processed.                                       CHKDSK is verifying indexes (stage 2 of 3)...
  612 index entries processed.                                         Index verification completed.
  0 unindexed files scanned.                                           0 unindexed files recovered.                                       CHKDSK is verifying security descriptors (stage 3 of 3)...
  512 file SDs/SIDs processed.                                         Cleaning up 7 unused index entries from index $SII of file 0x9.
Cleaning up 7 unused index entries from index $SDH of file 0x9.
Cleaning up 7 unused security descriptors.
Security descriptor verification completed.
  51 data files processed.                                            CHKDSK is verifying Usn Journal...
  230432 USN bytes processed.                                             Usn Journal verification completed.
Windows has checked the file system and found no problems.

  13639153 KB total disk space.
  11160828 KB in 321 files.
       116 KB in 52 indexes.
         0 KB in bad sectors.
     67133 KB in use by the system.
     65536 KB occupied by the log file.
   2411076 KB available on disk.

      4096 bytes in each allocation unit.
   3409788 total allocation units on disk.
    602769 allocation units available on disk.

Internal Info:
00 02 00 00 81 01 00 00 6a 02 00 00 00 00 00 00  ........j.......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

 

 

And I already sent you the FRST log as above plus the other one you asked for.

i am now running the new chskdsk and will post that next. thanks, Sharon.

 

 



#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:40 AM

Posted 09 October 2014 - 08:02 PM

Hello Sharon,

 

Thank you for getting me the CHKDSK and FRST logs. 

 

Will be waiting to hear how the new CHKDSK goes.  :thumbup2:


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#7 appreciateyourhelp

appreciateyourhelp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:40 PM

Posted 10 October 2014 - 06:24 AM

Here 'tis ...:)

 

Checking file system on C:
The type of the file system is NTFS.
Volume label is Packard Bell.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x185155 for possibly 0x2 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x1fc68 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 130152.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x3189c4 for possibly 0x2 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x2cf66 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 184166.
  355072 file records processed.                                          File verification completed.
  1973 large file records processed.                                      0 bad file records processed.                                        0 EA records processed.                                              61 reparse records processed.                                       CHKDSK is verifying indexes (stage 2 of 5)...
  428946 index entries processed.                                         Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file WO30DA~1.MAN (130152) into directory file 14723.
Recovering orphaned file wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_fcb841e5ba70d1da.manifest (130152) into directory file 14723.
Recovering orphaned file WOB61A~1.MAN (135361) into directory file 14723.
Recovering orphaned file wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22379_none_fc86373dba95bd39.manifest (135361) into directory file 14723.
Recovering orphaned file WOC771~1.217 (139006) into directory file 8370.
Recovering orphaned file wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3 (139006) into directory file 8370.
Recovering orphaned file WO2D27~1.223 (169100) into directory file 8370.
Recovering orphaned file wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22379_none_fc86373dba95bd39 (169100) into directory file 8370.
Recovering orphaned file WOB437~1.MAN (172402) into directory file 14723.
Recovering orphaned file wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_fcbb64efba6df328.manifest (172402) into directory file 14723.
Recovering orphaned file WOB684~1.217 (173907) into directory file 8370.
Recovering orphaned file wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_fcbb64efba6df328 (173907) into directory file 8370.
Recovering orphaned file WOCBC9~1.MAN (184166) into directory file 14723.
Recovering orphaned file wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3.manifest (184166) into directory file 14723.
Recovering orphaned file WOE1AD~1.221 (248128) into directory file 8370.
Recovering orphaned file wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_fcb841e5ba70d1da (248128) into directory file 8370.
Recovering orphaned file WOW64_~3.222 (258402) into directory file 8370.
Recovering orphaned file wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22209_none_fcd1e4cbba5cfc7b (258402) into directory file 8370.
Recovering orphaned file WO8319~1.MAN (259264) into directory file 14723.
Recovering orphaned file wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22209_none_fcd1e4cbba5cfc7b.manifest (259264) into directory file 14723.
Recovering orphaned file WOBE3F~1.MAN (261289) into directory file 14723.
Recovering orphaned file wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22091_none_fc688f63baad32ee.manifest (261289) into directory file 14723.
  12 unindexed files scanned.                                         CHKDSK is recovering remaining unindexed files.
  1 unindexed files recovered.                                       CHKDSK is verifying security descriptors (stage 3 of 5)...
  355072 file SDs/SIDs processed.                                         Cleaning up 504 unused index entries from index $SII of file 0x9.
Cleaning up 504 unused index entries from index $SDH of file 0x9.
Cleaning up 504 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 130152.
Inserting data attribute into file 184166.
  36940 data files processed.                                            CHKDSK is verifying Usn Journal...
  37106376 USN bytes processed.                                             Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc0000185 at offset 0x14a66f8000 for 0x6000 bytes.
Read failure with status 0xc0000185 at offset 0x14a66fd000 for 0x1000 bytes.
Windows replaced bad clusters in file 334284
of name \PROGRA~3\CRASHP~1\log\SERVIC~1.0.
  355056 files processed.                                                 File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  13274872 free clusters processed.                                         Free space verification is complete.
Adding 1 bad clusters to the Bad Clusters File.
Correcting errors in the master file table's (MFT) BITMAP attribute.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

 230453952 KB total disk space.
 176727964 KB in 233813 files.
    159188 KB in 36940 indexes.
         4 KB in bad sectors.
    467308 KB in use by the system.
     65536 KB occupied by the log file.
  53099488 KB available on disk.

      4096 bytes in each allocation unit.
  57613488 total allocation units on disk.
  13274872 allocation units available on disk.

Internal Info:
00 6b 05 00 ae 21 04 00 01 70 07 00 00 00 00 00  .k...!...p......
28 65 00 00 3d 00 00 00 00 00 00 00 00 00 00 00  (e..=...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.
 


I also noticed on the FRST logs that there appears to be a LOT of errors ... ?!



#8 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:40 AM

Posted 10 October 2014 - 01:55 PM

Hello appreciateyourhelp,

 

I will be addressing other things soon, but first I need to know how your computer is doing.

 

Do you see any improvement after performing the latest CHKDSK?


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#9 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:40 AM

Posted 10 October 2014 - 03:49 PM

Hi appreciateyourhelp,

 

In addition to my last post, I need to warn you of the following:

Windows replaced bad clusters in file 334284

The line above in your latest CHKDSK indicates a failing harddrive. I believe this report and the slowness you are experiencing are related.

 

I suggest you backup the information on that disk as soon as possible and look into the purchase of a replacement drive, or if the computer is still under warranty, to contact the computer manufacturer. Not replacing this disk may lead to irrecoverable data loss.

 

Let me know if you have any further questions.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#10 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:40 AM

Posted 14 October 2014 - 07:06 AM

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#11 appreciateyourhelp

appreciateyourhelp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:40 PM

Posted 14 October 2014 - 07:08 AM

Hi Cory, apologies for the delay in responding - I am busy trying to finish a project. OK so my hard drive is failing that's bad, but not surprising. I did a Vista Complete PC backup not long before my computer started playing up, but on the external HD back up I'm pretty sure it says it's only 80GB when my hard drive on the PC has used up at least 150GB or something, so I wonder if if hasn't done a full back up, I want to make sure all my emails, photos, documents etc are backed up. I will attempt to do a manual file back up soon, but I fear that it will be impossible to do as the computer is so slow that it just won't work. I will try and check the external HD back up and see if it works on another laptop or something. I haven't had a chance to check how my laptop is running since the CHKDSK but will do so in the next couple of days. 

 

If I leave the laptop and don't use it until I attempt to back up my data will that be ok or should I just bite the bullet and take it to a PC repair place and get them to do a data recovery on it and then reset to factory default? Thanks.



#12 appreciateyourhelp

appreciateyourhelp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:40 PM

Posted 14 October 2014 - 07:09 AM

Cody - I mean! My Macbook is doing autocorrect on me .. I was just writing the previous post when you posted again … Do you think all the problems I'm having are because the HD is failing  or because of malware/worms/viruses etc or is the HD failing because of malware/trojans/viruses? If you see what I mean … ;)


Edited by appreciateyourhelp, 14 October 2014 - 07:11 AM.


#13 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:40 AM

Posted 14 October 2014 - 07:22 AM

If I leave the laptop and don't use it until I attempt to back up my data will that be ok or should I just bite the bullet and take it to a PC repair place and get them to do a data recovery on it and then reset to factory default?

 

Performing a factory reset will not repair the physical problems with your harddrive. The drive needs to be backed up and replaced.

 

Do you think all the problems I'm having are because the HD is failing  or because of malware/worms/viruses etc or is the HD failing because of malware/trojans/viruses?

 

I have not been able to find any malware on your computer. I suspect the cause of the slowness is due to your drive failing. Which again, you need to backup (if you find your previous backup is not complete) and replace the harddrive.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#14 appreciateyourhelp

appreciateyourhelp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:40 PM

Posted 14 October 2014 - 07:37 AM

OK thanks Cody.  I meant - I was thinking to do a Data Recovery if my back up doesn't work and then I meant replace the hard drive and then do a factory reset … but good to know that you don't think there are any viruses/malware.  In any respect I obviously need to urgently back everything up and replace HD.   thanks.



#15 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:40 AM

Posted 14 October 2014 - 07:55 AM

You're welcome. :)

 

Do you have any further questions?


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users