Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Replicating DLLHOST.EXE Virus Issue


  • This topic is locked This topic is locked
31 replies to this topic

#1 gfr4567

gfr4567

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 23 October 2014 - 09:04 AM

Good Morning Everyone:
 
I've browsed on your forum as a guest in the past and have been impressed with a lot of the help provided here. Now, the time has come where I need to create and post and ask for help with an issue I'm having.
 
 
 
I've been researching my issue and have been following the following help provided in this thread: http://www.bleepingcomputer.com/forums/t/551328/infected-with-replicating-dllhostexe-virus/[/size]
 
I have the same issue noted in this thread. When connected to the internet, my computer slows to a very lethargic pace. When monitoring the processes tab of Task Manager, I notice multiple dllhost.exe *32 hogging all of my usage. This is the culprit of the slowness. If I end these processes, my computer immediately speeds back up. I would like to take care of the issue.
 
Here are the steps I've taken so far:
 
- I've downloaded the latest version of Farbar Recovery Scan Tool and have saved it to my Desktop.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Press Scan button.
- The Scan process has completed and both the FRST.txt and Addition.txt files were created.
- I have downloaded the following file =>  fixlist.txt   1.5KB and have saved it to my Desktop. Both the FRST and fixlist.txt files are now on my Desktop.
- I've pressed the Fix button on FRST.
 
The FRST Fix has been running for 20 hours now. Is this normal for it to take this long to run? When attempting to simply move the FRST window on my screen, the program is "Not Responding" momentarily, but then always stops "Not Processing" and continues proccessing. How much time does this program need to run?
 
Thanks

Edited by Queen-Evie, 23 October 2014 - 09:22 AM.
moved from Vista to the appropriate forum


BC AdBot (Login to Remove)

 


#2 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 23 October 2014 - 09:10 AM

Hello, 
 
Unfortunately, you may have exacerbated the issue. 
 
It would have been prudent to consider the following point in the helper's opening post. 

Instructions that I give are for your system only!

 

The instructions issued to that user were for his machine, and his machine only. Carrying out instructions issued to others is dangerous, and could render your machine unbootable. 
 
If FRST is still running, please close the programme. 
I will request this topic be moved to the appropriate section, and issue instructions once done.

 

Please hang fire for now. 


Edited by LiquidTension, 23 October 2014 - 09:11 AM.

Posted Image

#3 gfr4567

gfr4567
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 23 October 2014 - 09:12 AM

To further note, I'm currently disconnected from the Internet on the computer running Farbar. The reason for this is that my computer will slow to such a slow pace when connected to the internet due to the replicating dllhost.exe processes, that the computer will eventually crash. When I read more about what Farbar does, I'm concerned I may need to be connected to the Internet while this runs.


Thanks for the reply Liquid - I will stop the process now.



#4 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 23 October 2014 - 09:40 AM

Hello gfr4567, welcome to Bleeping Computer's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. smile.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.  
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
     

======================================================
 
Please run the following diagnostic scans so I can ascertain the state of your computer.
 
STEP 1

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please delete your copy of FRST (right-click + Delete). 
  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 2
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt

Posted Image

#5 gfr4567

gfr4567
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 23 October 2014 - 11:35 AM

Hi Adam, thank you very much for the help. Please call me James.

 

I've completed your instructions.

 

Here is the FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014
Ran by James (administrator) on JAMES-PC on 23-10-2014 12:32:59
Running from C:\Users\James\Desktop
Loaded Profile: James (Available profiles: James & Mcx1 & Mcx2)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3428301087-2658185985-2608877242-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3428301087-2658185985-2608877242-1000\...\MountPoints2: {279a45f2-a885-11de-8b52-00248c137a98} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3428301087-2658185985-2608877242-1000\...\MountPoints2: {3c185330-4cc2-11e3-8d06-00248c137a98} - J:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3428301087-2658185985-2608877242-1000\...\MountPoints2: {804eb634-b742-11de-8d98-00248c137a98} - J:\SETUP.EXE
HKU\S-1-5-21-3428301087-2658185985-2608877242-1000\...\MountPoints2: {bbdf4061-111c-11e4-95ac-00248c137a98} - F:\LG_PC_Programs.exe
HKU\S-1-5-21-3428301087-2658185985-2608877242-1000\...\MountPoints2: {ddb88d99-954b-11e0-924b-00248c137a98} - K:\LaunchU3.exe -a
HKU\S-1-5-21-3428301087-2658185985-2608877242-1000\...\MountPoints2: {fc5e3cb4-4ce9-11e3-a4f0-806e6f6e6963} - J:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3428301087-2658185985-2608877242-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
BootExecute: autocheck autochk * lsdelete
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0CA19F08-F02D-43A4-A120-8019F3D68C3C} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM - {0CA19F08-F02D-43A4-A120-8019F3D68C3C} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM - {54A0B481-D8CF-4D52-9A62-36854FEB774D} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
SearchScopes: HKLM-x32 - {0CA19F08-F02D-43A4-A120-8019F3D68C3C} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 - {54A0B481-D8CF-4D52-9A62-36854FEB774D} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - DefaultScope {3CC636A9-21D7-4BFF-BAD5-A7069B5EC84C} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=242154&p={searchTerms}
SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL =
SearchScopes: HKCU - {3CC636A9-21D7-4BFF-BAD5-A7069B5EC84C} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=242154&p={searchTerms}
SearchScopes: HKCU - {54A0B481-D8CF-4D52-9A62-36854FEB774D} URL =
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
DPF: HKLM-x32 {22492231-AEF0-49FC-9180-CE8969AB1273} http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: HKLM-x32 {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.233.217.2 64.233.217.3

FireFox:
========
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\yq926b8t.default
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF DefaultSearchUrl: http://websearch.allsearches.info/?pid=3458&r=2014/10/13&hid=17613164758952316149&lg=EN&cc=US&unqvl=64&l=1&q=
FF DefaultSearchEngine: WebSearch
FF SelectedSearchEngine: WebSearch
FF Keyword.URL: hxxp://websearch.allsearches.info/?pid=3458&r=2014/10/13&hid=17613164758952316149&lg=EN&cc=US&unqvl=64&l=1&q=
FF Homepage: hxxp://websearch.allsearches.info/?pid=3458&r=2014/10/13&hid=17613164758952316149&lg=EN&cc=US&unqvl=64
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\James\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\James\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF user.js: detected! => C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\yq926b8t.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\yq926b8t.default\searchplugins\bing-zugo.xml
FF SearchPlugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\yq926b8t.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
FF Extension: PhotoJacker: Photo Album Downloader for Facebook (fka FacePAD) - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\yq926b8t.default\Extensions\facepad@lazyrussian.com [2011-01-14]
FF Extension: Lavasoft Search Plugin - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\yq926b8t.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-05-05]
FF Extension: BetterLinks - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\yq926b8t.default\Extensions\smartlinks@getsmartlinks.com [2011-08-13]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\yq926b8t.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-10-25]
FF Extension: Save now - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\yq926b8t.default\Extensions\50a07c16be939@50a07c16be973.com.xpi [2012-11-12]
FF Extension: Easy YouTube Video Downloader - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\yq926b8t.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012-06-02]
FF Extension: Adblock Plus - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\yq926b8t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-04-20]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-04-20]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-04-20]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2013-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-11]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-03-16]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-02-04]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: No Name - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\yq926b8t.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (GOSAvEE) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\enbnkjggommaianggidbnedlhmkpdgem [2014-10-12]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx [2013-08-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-01-23] (Macrovision Europe Ltd.) [File not signed]
S4 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [450904 2014-09-18] (Garmin Ltd or its subsidiaries)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
S4 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-09-02] (Nero AG)
S4 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-09-12] ()
R2 Sysevnt; C:\Windows\SysWOW64\argsvc.dll [71680 2012-05-18] () [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2014-05-27] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2014-05-27] (LG Electronics Inc.)
S3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-08-21] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2014-08-21] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-08-21] (BitDefender)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2014-07-10] (BitDefender LLC)
R1 bdftdif; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [119888 2014-07-10] (BitDefender LLC)
S3 CAXHWBS3; C:\Windows\System32\DRIVERS\CAXHWBS3.sys [287744 2008-09-10] (Conexant Systems, Inc.)
R3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2013-02-04] (GEAR Software Inc.)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [38456 2013-02-11] (GFI Software)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-05] (GFI Software)
S3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-07-10] (BitDefender LLC)
S3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1486336 2008-09-10] (Conexant Systems, Inc.)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2009-09-23] (Lavasoft AB)
S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [166944 2008-07-21] (NVIDIA Corporation)
R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2009-10-12] () [File not signed]
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
S3 vvftav; C:\Windows\System32\drivers\vvftav.sys [300800 2007-02-02] (Vimicro Corporation) [File not signed]
S3 ZSMC0305; C:\Windows\System32\Drivers\usbVM305.sys [1541120 2007-03-08] (Vimicro Corporation) [File not signed]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-10-21] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U2 NPF; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [X]
S3 PSSdk23; \??\C:\Windows\system32\Drivers\PsSdk23.drv [X]
S3 PsSdk30WOW64; \??\C:\Windows\SysWOW64\Drivers\PsSdk30.drv [X]
S1 qknfd; system32\drivers\qknfd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVCx32: Sysevnt -> C:\Windows\SysWOW64\argsvc.dll ()

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 12:32 - 2014-10-23 12:33 - 00024205 _____ () C:\Users\James\Desktop\FRST.txt
2014-10-23 12:32 - 2014-10-23 12:32 - 02112000 _____ (Farbar) C:\Users\James\Desktop\FRST64.exe
2014-10-22 18:41 - 2014-10-23 12:33 - 00000000 ____D () C:\FRST
2014-10-22 08:36 - 2014-10-22 08:36 - 00002166 _____ () C:\Users\James\Desktop\Ad-Aware Antivirus.lnk
2014-10-22 08:14 - 2014-10-22 08:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-22 08:13 - 2014-10-22 08:13 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-22 08:13 - 2014-10-22 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-22 08:13 - 2014-10-22 08:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-22 08:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-22 08:13 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-22 08:09 - 2014-10-22 08:09 - 00000000 ____D () C:\Users\James\AppData\Roaming\Systweak
2014-10-19 21:26 - 2014-10-22 18:33 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3428301087-2658185985-2608877242-1000
2014-10-19 21:26 - 2014-10-22 18:33 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3428301087-2658185985-2608877242-1000
2014-10-19 01:30 - 2014-10-19 01:30 - 00000000 ____D () C:\Users\James\AppData\Roaming\Lavasoft
2014-10-19 00:58 - 2014-10-19 00:58 - 00000000 ____D () C:\ProgramData\BitDefender
2014-10-19 00:51 - 2014-07-10 14:09 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
2014-10-19 00:51 - 2014-07-10 14:08 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
2014-10-19 00:51 - 2014-07-10 14:08 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
2014-10-19 00:51 - 2014-07-10 14:08 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
2014-10-19 00:51 - 2014-07-10 14:08 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2014-10-19 00:51 - 2014-07-10 14:08 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
2014-10-19 00:51 - 2014-07-10 14:08 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
2014-10-19 00:51 - 2014-07-10 14:08 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
2014-10-19 00:50 - 2014-10-19 21:27 - 00002166 _____ () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus.lnk
2014-10-19 00:50 - 2014-10-19 00:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-10-19 00:47 - 2014-10-19 00:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-10-19 00:42 - 2014-10-19 00:42 - 00000000 ____D () C:\Program Files\Lavasoft
2014-10-19 00:41 - 2014-10-19 00:41 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-10-19 00:38 - 2014-10-19 00:38 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-10-18 23:08 - 2014-10-18 23:08 - 00000000 ____D () C:\Users\James\AppData\Local\Adobe
2014-10-18 20:43 - 2014-10-18 20:43 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-10-18 20:43 - 2014-10-18 20:43 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-10-18 20:43 - 2014-10-18 20:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-18 20:43 - 2014-10-18 20:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-18 20:43 - 2014-10-18 20:43 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-18 20:43 - 2014-10-18 20:43 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-18 20:43 - 2014-10-18 20:43 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-18 20:43 - 2014-10-18 20:43 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-10-18 20:43 - 2014-10-18 20:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-18 20:43 - 2014-10-18 20:43 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-10-18 20:43 - 2014-10-18 20:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-10-18 20:43 - 2014-10-18 20:43 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-10-18 20:43 - 2014-10-18 20:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-10-18 20:43 - 2014-10-18 20:43 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-18 20:43 - 2014-10-18 20:43 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-10-18 20:43 - 2014-10-18 20:43 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-18 20:43 - 2014-10-18 20:43 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-18 20:43 - 2014-10-18 20:43 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-10-18 20:43 - 2014-10-18 20:43 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-10-18 20:43 - 2014-10-18 20:43 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-18 20:43 - 2014-10-18 20:43 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-10-18 20:43 - 2014-10-18 20:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-10-18 20:43 - 2014-10-18 20:43 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-10-18 20:43 - 2014-10-18 20:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-18 20:43 - 2014-10-18 20:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-18 20:43 - 2014-10-18 20:43 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-18 20:43 - 2014-10-18 20:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-16 03:17 - 2014-09-27 19:41 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 03:17 - 2014-09-17 02:57 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 03:17 - 2014-09-16 12:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 03:11 - 2014-06-15 18:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 03:11 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 03:11 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 03:11 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 03:11 - 2014-06-13 13:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 03:11 - 2014-06-13 13:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 03:10 - 2014-09-04 19:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-12 22:22 - 2014-10-22 08:35 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-10-12 22:22 - 2014-10-19 21:18 - 00000000 ____D () C:\ProgramData\GoSAvie
2014-10-12 22:21 - 2014-10-19 01:35 - 00000000 ____D () C:\Program Files (x86)\GoSAvie
2014-10-12 22:21 - 2014-10-12 22:22 - 00000000 ____D () C:\ProgramData\5ba160fa1af948d3
2014-10-12 22:21 - 2014-10-12 22:21 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-12 22:21 - 2014-10-12 22:21 - 00000000 ____D () C:\Users\Mcx2\AppData\Local\Torch
2014-10-12 22:21 - 2014-10-12 22:21 - 00000000 ____D () C:\Users\Mcx2\AppData\Local\Google
2014-10-12 22:21 - 2014-10-12 22:21 - 00000000 ____D () C:\Users\Mcx2\AppData\Local\Comodo
2014-10-12 22:21 - 2014-10-12 22:21 - 00000000 ____D () C:\Users\Mcx2\AppData\Local\Chromatic Browser
2014-10-12 22:21 - 2014-10-12 22:21 - 00000000 ____D () C:\Users\Mcx1\AppData\Local\Torch
2014-10-12 22:21 - 2014-10-12 22:21 - 00000000 ____D () C:\Users\Mcx1\AppData\Local\Google
2014-10-12 22:21 - 2014-10-12 22:21 - 00000000 ____D () C:\Users\Mcx1\AppData\Local\Comodo
2014-10-12 22:21 - 2014-10-12 22:21 - 00000000 ____D () C:\Users\Mcx1\AppData\Local\Chromatic Browser
2014-10-12 22:21 - 2014-10-12 22:21 - 00000000 ____D () C:\Users\James\AppData\Local\Torch
2014-10-12 22:21 - 2014-10-12 22:21 - 00000000 ____D () C:\Users\James\AppData\Local\Comodo
2014-10-12 22:21 - 2014-10-12 22:21 - 00000000 ____D () C:\Users\James\AppData\Local\Chromatic Browser
2014-10-12 22:21 - 2014-10-12 22:21 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-10-12 22:21 - 2014-10-12 22:21 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-10-12 22:21 - 2014-10-12 22:21 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-10-12 22:21 - 2014-10-12 22:21 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-10-12 22:21 - 2014-10-12 22:21 - 00000000 ____D () C:\Users\Guest
2014-10-12 22:21 - 2014-10-12 22:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-10-12 22:21 - 2014-10-12 22:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-10-12 22:21 - 2014-10-12 22:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-10-12 22:21 - 2014-10-12 22:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-10-12 22:21 - 2014-10-12 22:21 - 00000000 ____D () C:\Users\Administrator
2014-10-06 22:00 - 2014-10-18 21:34 - 00000000 ___RD () C:\Users\James\Dropbox
2014-10-06 22:00 - 2014-10-06 22:00 - 00000983 _____ () C:\Users\James\Desktop\Dropbox.lnk
2014-10-06 21:59 - 2014-10-06 21:59 - 00000000 ____D () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-06 21:59 - 2014-10-06 21:59 - 00000000 ____D () C:\Program Files (x86)\Dropbox
2014-10-06 21:58 - 2014-10-18 21:22 - 00000000 ____D () C:\Users\James\AppData\Roaming\Dropbox
2014-10-04 16:39 - 2014-10-04 16:39 - 00000000 ____D () C:\Users\James\AppData\Local\Garmin
2014-10-04 16:36 - 2014-10-04 16:41 - 00000000 ____D () C:\Users\James\AppData\Roaming\Garmin
2014-10-04 16:36 - 2014-10-04 16:36 - 00000000 ____D () C:\Program Files\DIFX
2014-10-04 16:34 - 2014-10-04 16:39 - 00000000 ____D () C:\ProgramData\Garmin
2014-10-04 16:34 - 2014-10-04 16:35 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-10-04 16:34 - 2014-10-04 16:34 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-10-04 16:34 - 2014-10-04 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-10-04 11:08 - 2014-10-04 11:08 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-10-04 11:08 - 2014-10-04 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-09-23 20:21 - 2014-09-09 02:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 20:21 - 2014-09-09 02:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 12:29 - 2009-03-09 02:07 - 01673271 _____ () C:\Windows\WindowsUpdate.log
2014-10-23 12:28 - 2014-09-13 15:43 - 00002870 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_James
2014-10-23 12:28 - 2014-09-13 15:43 - 00000366 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_James.job
2014-10-23 12:14 - 2012-04-20 17:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-23 12:09 - 2010-09-26 18:58 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-23 12:02 - 2012-05-21 23:55 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3428301087-2658185985-2608877242-1000UA.job
2014-10-23 11:58 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-23 11:58 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-23 07:02 - 2012-05-21 23:55 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3428301087-2658185985-2608877242-1000Core.job
2014-10-22 22:09 - 2010-09-26 18:58 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-22 19:57 - 2014-09-13 15:43 - 00000376 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_James.job
2014-10-22 19:57 - 2009-12-06 12:38 - 00183676 _____ () C:\aaw7boot.log
2014-10-22 19:57 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-22 19:55 - 2006-11-02 11:42 - 00032588 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-22 18:30 - 2008-01-20 23:26 - 00565956 _____ () C:\Windows\PFRO.log
2014-10-22 08:35 - 2006-11-02 09:33 - 00000000 __RSD () C:\Windows\Media
2014-10-22 08:33 - 2014-03-11 18:04 - 00000000 ____D () C:\Users\James\AppData\Roaming\UpdaterEX
2014-10-22 08:33 - 2014-02-04 20:29 - 00000000 ____D () C:\Program Files\Conduit
2014-10-22 08:33 - 2013-05-12 14:18 - 00000000 ____D () C:\Users\James\AppData\Local\Conduit
2014-10-22 08:33 - 2013-05-12 14:18 - 00000000 ____D () C:\Program Files (x86)\Conduit
2014-10-22 08:33 - 2013-05-05 22:06 - 00000000 ____D () C:\ProgramData\Search Protection
2014-10-22 08:13 - 2009-12-11 16:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-21 18:18 - 2009-10-18 10:13 - 00000000 ____D () C:\Program Files (x86)\Diablo II
2014-10-21 00:34 - 2011-05-31 21:47 - 00003686 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B07BC19F-56D5-4664-A83D-51C8AA34D4CB}
2014-10-19 23:52 - 2014-09-22 08:03 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3428301087-2658185985-2608877242-1000
2014-10-19 23:52 - 2014-09-22 08:03 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3428301087-2658185985-2608877242-1000
2014-10-19 21:24 - 2013-11-14 01:30 - 00000000 ____D () C:\Users\James\AppData\Local\HTC MediaHub
2014-10-19 21:18 - 2013-11-14 00:54 - 00000000 ____D () C:\Temp
2014-10-19 15:11 - 2014-09-13 15:43 - 00002874 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_James
2014-10-19 15:11 - 2014-09-13 15:43 - 00000370 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_James.job
2014-10-19 04:19 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-10-19 01:36 - 2006-11-02 08:46 - 00765776 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-19 00:51 - 2009-06-06 00:13 - 00000000 ____D () C:\Users\James
2014-10-19 00:47 - 2006-11-02 11:27 - 00157291 _____ () C:\Windows\setupact.log
2014-10-18 22:35 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\rescache
2014-10-18 21:34 - 2009-12-12 01:40 - 00000000 ____D () C:\Windows\pss
2014-10-18 21:23 - 2009-03-06 11:53 - 00003580 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-10-18 21:16 - 2006-11-02 09:33 - 00000000 ___RD () C:\Windows\Offline Web Pages
2014-10-18 21:16 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-18 20:44 - 2011-05-31 21:30 - 00005660 _____ () C:\Windows\IE9_main.log
2014-10-18 20:44 - 2006-11-02 08:16 - 00008798 _____ () C:\Windows\SysWOW64\icrav03.rat
2014-10-18 20:44 - 2006-11-02 08:16 - 00001988 _____ () C:\Windows\SysWOW64\ticrf.rat
2014-10-18 20:44 - 2006-11-02 02:36 - 00008798 _____ () C:\Windows\system32\icrav03.rat
2014-10-18 20:44 - 2006-11-02 02:36 - 00001988 _____ () C:\Windows\system32\ticrf.rat
2014-10-17 19:54 - 2013-05-12 14:20 - 00000000 ____D () C:\Users\James\AppData\Roaming\vlc
2014-10-17 18:12 - 2009-09-20 16:18 - 00000000 ____D () C:\Users\James\AppData\Roaming\uTorrent
2014-10-16 03:39 - 2006-11-02 11:21 - 02335088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 03:14 - 2009-07-02 19:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 03:10 - 2013-08-13 23:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 03:01 - 2006-11-02 08:35 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-15 13:25 - 2009-10-21 16:55 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-12 22:21 - 2010-09-26 18:58 - 00000000 ____D () C:\Users\James\AppData\Local\Google
2014-10-12 22:21 - 2010-09-26 18:58 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-12 22:21 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-10-04 16:38 - 2014-09-14 18:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-02 15:53 - 2009-10-03 10:40 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-28 19:22 - 2011-10-18 21:11 - 00000000 ____D () C:\Users\James\Documents\Houses
2014-09-24 01:14 - 2012-04-20 17:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 01:14 - 2012-04-20 17:14 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 01:14 - 2011-05-29 19:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-23 08:24

==================== End Of Log ============================

 

 

 

Here is the Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-10-2014
Ran by James at 2014-10-23 12:33:52
Running from C:\Users\James\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 1.8.4 - )
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft)
AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19480 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.0.19480 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (HKLM-x32\...\Adobe_a04a925a57548091300ada368235fc6) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Illustrator CS3 (x32 Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (x32 Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.6) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.0.0.564 - Amazon Services LLC)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version:  - )
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Citrix online plug-in (DV) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 12.0.0.6410 - Citrix Systems, Inc.)
Citrix online plug-in (PNA) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (SSON) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2111 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 6.0.2111 - CyberLink Corp.) Hidden
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2321 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.2321 - CyberLink Corp.) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version:  - )
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Elevated Installer (x32 Version: 3.2.19.0 - Garmin Ltd or its subsidiaries) Hidden
Enhanced Multimedia Keyboard Solution (HKLM-x32\...\KBD) (Version: 1.0.9.2 - Hewlett-Packard)
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
FL Studio 9 (HKLM-x32\...\FL Studio 9) (Version:  - Image-Line)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit PhantomPDF Standard (HKLM-x32\...\{A652C696-8733-4681-820C-95465A19512B}) (Version: 6.2.1.618 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Free Studio version 2013 (HKLM-x32\...\Free Studio_is1) (Version: 6.0.0.128 - DVDVideoSoft Ltd.)
Garmin Express (HKLM-x32\...\{447c27b7-3a63-4cb2-a49c-864050f9a50f}) (Version: 3.2.19.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.19.0 - Garmin Ltd or its subsidiaries) Hidden
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoSAvie (HKLM-x32\...\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}) (Version: 3.0.0.1715 - ) <==== ATTENTION
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
Hardcore (HKLM-x32\...\Hardcore) (Version:  - Image-Line)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.4976.17 - PC-Doctor, Inc.)
HP Active Support Library (HKLM-x32\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{64B9E2F5-558E-4C56-B419-A1679518F6E7}) (Version: 5.7.0.2784 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.0.2401 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 2.0.2401 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2217 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 2.0.2217 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}) (Version: 2.0.8 - Hewlett-Packard)
HP Picasso Media Center Add-In (x32 Version: 9.1.7.0 - Hewlett-Packard Development Company, L.P.) Hidden
HP Recovery Manager RSS (x32 Version: 91.0.0.10 - Hewlet Packard Company) Hidden
HP Total Care Advisor (HKLM-x32\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.5106.2815 - Hewlett-Packard)
HP Total Care Setup (HKLM-x32\...\{38058455-8C21-4C2F-B2F6-14ED166039CB}) (Version: 1.1.1983.2818 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{368E4EF8-E840-40EE-A224-50B8D1DC2B12}) (Version: 2.4.36.0 - HTC)
ieSpell (HKLM-x32\...\ieSpell) (Version: 2.5.1 (build 106) - Red Egg Software)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
InstaCodecs (HKLM-x32\...\InstaCodecs_is1) (Version: 1.0 - )
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.15.36013 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKCU\...\Juniper_Term_Services) (Version: 7.1.15.25271 - Juniper Networks)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.18.20140626 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{15A5D29A-F209-49FD-BA47-5E4C882FF496}) (Version: 3.12.1.0 - LG Electronics)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{4FAB5122-775E-4418-B8D9-E2873BC93570}) (Version: 3.0.541.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
MusicBee 2.3 (HKLM-x32\...\MusicBee) (Version: 2.3 - Steven Mayall)
muvee Reveal (HKLM-x32\...\{19506BDB-4EA7-491F-E8AB-E97109FDB296}) (Version: 7.0.35.7315 - muvee Technologies Pte Ltd)
Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
Paint.NET v3.36 (HKLM\...\{43602F34-1AA3-44FB-AEB2-D08C2C737440}) (Version: 3.36.0 - dotPDN LLC)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.2.2.36204 - Grinding Gear Games)
PCIe Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.0.0 - Conexant Systems)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.7 - Hewlett-Packard Company)
PoiZone (HKLM-x32\...\PoiZone) (Version:  - Image-Line)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2112 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2112 - CyberLink Corp.) Hidden
PowerDirector (Version: 11.0 - CyberLink Corp.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version:  - )
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Python 2.5.2 (HKLM-x32\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5708 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Sawer (HKLM-x32\...\Sawer) (Version:  - Image-Line)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
TheMatrix Screen Saver version 1.14 (HKLM-x32\...\{23FBECC1-FA31-472A-83FB-27520B81EC3A}_is1) (Version: 1.14 - Meticulous Software)
Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version:  - Image-Line)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.601  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 12.1 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}) (Version: 12.1.8497 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3428301087-2658185985-2608877242-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3428301087-2658185985-2608877242-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-3428301087-2658185985-2608877242-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\James\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3428301087-2658185985-2608877242-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\James\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3428301087-2658185985-2608877242-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3428301087-2658185985-2608877242-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\James\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3428301087-2658185985-2608877242-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3428301087-2658185985-2608877242-1000_Classes\CLSID\{9E385F0A-0BA2-430C-96AA-4399C5E40F6C}\localserver32 -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3428301087-2658185985-2608877242-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-3428301087-2658185985-2608877242-1000_Classes\CLSID\{D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}\localserver32 -> C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE (Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3428301087-2658185985-2608877242-1000_Classes\CLSID\{DCA74850-096D-40CD-BB81-17034E51ACB6}\localserver32 -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3428301087-2658185985-2608877242-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\James\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3428301087-2658185985-2608877242-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3428301087-2658185985-2608877242-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\James\AppData\Local\Temp\457738.exe No File
CustomCLSID: HKU\S-1-5-21-3428301087-2658185985-2608877242-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3428301087-2658185985-2608877242-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3428301087-2658185985-2608877242-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3428301087-2658185985-2608877242-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3428301087-2658185985-2608877242-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3428301087-2658185985-2608877242-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3428301087-2658185985-2608877242-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3428301087-2658185985-2608877242-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3428301087-2658185985-2608877242-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\James\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

26-09-2014 04:00:04 Scheduled Checkpoint
27-09-2014 04:00:04 Scheduled Checkpoint
28-09-2014 04:00:04 Scheduled Checkpoint
29-09-2014 04:00:15 Scheduled Checkpoint
30-09-2014 04:00:03 Scheduled Checkpoint
30-09-2014 05:58:31 Windows Update
01-10-2014 04:00:04 Scheduled Checkpoint
04-10-2014 20:30:53 Garmin Express
04-10-2014 20:31:58 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
04-10-2014 20:35:55 Device Driver Package Install: Silicon Labs Software Universal Serial Bus controllers
04-10-2014 20:36:31 Device Driver Package Install: Dynastream Innovations, Inc.
07-10-2014 05:59:13 Windows Update
13-10-2014 03:44:42 Scheduled Checkpoint
14-10-2014 23:53:18 Scheduled Checkpoint
15-10-2014 05:50:26 Windows Update
16-10-2014 07:00:32 Windows Update
17-10-2014 05:00:33 Scheduled Checkpoint
17-10-2014 23:39:31 Removed Compatibility Pack for the 2007 Office system
18-10-2014 04:25:50 Windows Modules Installer
19-10-2014 00:39:55 Windows Update
19-10-2014 04:38:59 AA11
22-10-2014 04:48:16 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2013-03-16 14:47 - 00006936 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activation.guitar-pro.com
127.0.0.1 3dns-2.adobe.com #192.150.22.22
127.0.0.1 3dns-3.adobe.com #192.150.14.21
127.0.0.1 3dns-4.adobe.com #192.150.18.247
127.0.0.1 3dns-5.adobe.com #192.150.22.46
127.0.0.1 adobe-dns.adobe.com #192.150.11.30
127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247
127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30
127.0.0.1 adobe.activate.com #69.175.22.26
127.0.0.1 activate.adobe.com #192.150.22.40
127.0.0.1 activate.wip3.adobe.com #192.150.22.40
127.0.0.1 activate.wip4.adobe.com #192.150.22.40
127.0.0.1 activate-sea.adobe.com #192.150.22.40
127.0.0.1 activate-sjc0.adobe.com #192.150.14.69
127.0.0.1 ereg.adobe.com #192.150.18.103
127.0.0.1 ereg.wip3.adobe.com #192.150.18.63
127.0.0.1 ereg.wip4.adobe.com #192.150.18.103
127.0.0.1 practivate.adobe.com #192.150.18.54
127.0.0.1 www.wip3.adobe.com #192.150.8.60
127.0.0.1 www.wip4.adobe.com #192.150.18.200
127.0.0.1 www.adobeereg.com #75.125.24.83
127.0.0.1 adobeereg.com #207.66.2.10
127.0.0.1 hl2rcv.adobe.com #192.150.14.174
127.0.0.1 wwis-dubc1-vip30.adobe.com #192.150.8.30
127.0.0.1 wwis-dubc1-vip31.adobe.com #192.150.8.31
127.0.0.1 wwis-dubc1-vip32.adobe.com #192.150.8.32
127.0.0.1 wwis-dubc1-vip33.adobe.com #192.150.8.33
127.0.0.1 wwis-dubc1-vip34.adobe.com #192.150.8.34
127.0.0.1 wwis-dubc1-vip35.adobe.com #192.150.8.35

There are 89 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0C32FFF1-F0DA-4E0C-B1EE-214E41B6F9F4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3428301087-2658185985-2608877242-1000Core => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {2501506C-8C18-4009-8293-CA6225DDA01D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {3BDF3D6A-FFB3-4839-B5DE-BA5F8E0BAEA7} - System32\Tasks\ReclaimerUpdateXML_James => C:\Users\James\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-13] (RealNetworks, Inc.)
Task: {3D591D17-63E1-48F7-A453-74E7667F834B} - System32\Tasks\HPCeeScheduleForAdministrator => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-09-16] (Hewlett-Packard)
Task: {4C8325B8-18E2-44B4-B548-62C7B249E81F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {5A969917-9492-463E-A763-ED79AF5162FC} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3428301087-2658185985-2608877242-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {69DFD55A-4DA3-4CD4-A202-C327B65A1AA7} - System32\Tasks\RNUpgradeHelperLogonPrompt_James => C:\Users\James\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-13] (RealNetworks, Inc.)
Task: {6D8810D8-5E7F-404E-90A1-4A616D5F5D5E} - \SW-Booster-S-792098896 No Task File <==== ATTENTION
Task: {71C67F92-A235-4739-A234-195B35DFE85B} - System32\Tasks\ReclaimerUpdateFiles_James => C:\Users\James\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-13] (RealNetworks, Inc.)
Task: {75907A98-1205-4D18-8363-8536E8D3595E} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {946AF3A4-BE98-4D68-BA01-3769005DBFB3} - System32\Tasks\UpdaterEX => C:\Users\James\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {A945435A-8093-4ED6-A583-812392762E35} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {B2ADD945-155F-4037-9048-E69EF81F00E2} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3428301087-2658185985-2608877242-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B575A6E6-7947-4AB4-BA4A-7F16489A60A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D30F42A7-BE2B-458B-B482-552F8B215B96} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D657664E-4286-4D27-8DD2-66371908AA79} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3428301087-2658185985-2608877242-1000UA => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {D8E10991-9F2D-4699-84F4-6D01F714E5F1} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-09-18] ()
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {ED73741F-4268-4D3F-8D36-D6875D7A8D11} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3428301087-2658185985-2608877242-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {F8F4B668-DE16-4358-84D2-8A3B112D70D2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3428301087-2658185985-2608877242-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {F900153C-F019-42B7-8B0B-866BD7F9716A} - System32\Tasks\RNUpgradeHelperResumePrompt_James => C:\Users\James\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-13] (RealNetworks, Inc.)
Task: {FA8709B3-3DA7-4CA6-8124-8F400FB6D1AF} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {FFA9D280-F55A-4263-B146-8A44DB35C963} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3428301087-2658185985-2608877242-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3428301087-2658185985-2608877242-1000Core.job => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3428301087-2658185985-2608877242-1000UA.job => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAdministrator.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_James.job => C:\Users\James\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_James.job => C:\Users\James\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_James.job => C:\Users\James\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\James\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-11-14 01:24 - 2012-12-07 18:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-10-15 14:03 - 2014-10-15 14:03 - 02753360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareShellExtension.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\RCF.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_filesystem-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_system-vc100-mt-1_55.dll
2013-07-25 21:32 - 2012-05-18 23:52 - 00071680 ___SH () c:\windows\syswow64\argsvc.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: HTCMonitorService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Lavasoft Ad-Aware Service => 2
MSCONFIG\Services: LavasoftAdAwareService11 => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: XAudioService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Online plug-in.lnk => C:\Windows\pss\Online plug-in.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^James^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: Amazon Music => "C:\Users\James\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BigDog305 => C:\Windows\VM305_STI.EXE USB PC Camera VC305
MSCONFIG\startupreg: BrowserPlugInHelper => "C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe"
MSCONFIG\startupreg: CLMLServer for HP TouchSmart => "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: DivXMediaServer => "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: DVDAgent => "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Google => C:\Users\James\AppData\Roaming\GD1.exe
MSCONFIG\startupreg: Google Update => "C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KBD => C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: PWRISOVM.EXE => "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchProtection => C:\ProgramData\Search Protection\_run.bat
MSCONFIG\startupreg: SmartMenu => %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: TSMAgent => "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
MSCONFIG\startupreg: UpdateP2GoShortCut => "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDIRShortCut => "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
MSCONFIG\startupreg: WSHelperSetup.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3428301087-2658185985-2608877242-500 - Administrator - Disabled)
Guest (S-1-5-21-3428301087-2658185985-2608877242-501 - Limited - Disabled)
James (S-1-5-21-3428301087-2658185985-2608877242-1000 - Administrator - Enabled) => C:\Users\James
Mcx1 (S-1-5-21-3428301087-2658185985-2608877242-1001 - Administrator - Enabled) => C:\Users\Mcx1
Mcx2 (S-1-5-21-3428301087-2658185985-2608877242-1002 - Administrator - Enabled) => C:\Users\Mcx2

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2014 07:57:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/22/2014 06:31:48 PM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: %James-PC27 Real-Time Protection checkpoint has encountered an error and failed to start.

 User: James-PC\James

 Checkpoint ID: 27

 Error Code: 0x80070005

 Error description: Access is denied.

Error: (10/22/2014 06:30:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/22/2014 08:37:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/22/2014 08:37:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/22/2014 08:37:12 AM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: %James-PC27 Real-Time Protection checkpoint has encountered an error and failed to start.

 User: James-PC\James

 Checkpoint ID: 27

 Error Code: 0x80070005

 Error description: Access is denied.

Error: (10/22/2014 08:37:07 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

Error: (10/22/2014 08:37:07 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

Error: (10/22/2014 08:36:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/21/2014 06:07:04 PM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: %James-PC27 Real-Time Protection checkpoint has encountered an error and failed to start.

 User: James-PC\James

 Checkpoint ID: 27

 Error Code: 0x80070005

 Error description: Access is denied.

System errors:
=============
Error: (10/22/2014 07:59:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update Service (gupdate)%%3

Error: (10/22/2014 07:58:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/22/2014 07:57:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: qknfd
StarOpen

Error: (10/22/2014 07:57:02 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/22/2014 07:21:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E385F0A-0BA2-430C-96AA-4399C5E40F6C}

Error: (10/22/2014 06:32:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update Service (gupdate)%%3

Error: (10/22/2014 06:31:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/22/2014 06:31:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (10/22/2014 06:30:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: qknfd
StarOpen

Error: (10/22/2014 06:30:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-10-23 12:33:46.125
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-23 12:33:45.503
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-23 12:33:44.880
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-23 12:33:44.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-23 12:33:43.496
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-23 12:33:42.863
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-23 12:33:42.238
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-23 12:33:41.603
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-22 20:08:33.950
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-22 20:08:33.295
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 5400+
Percentage of memory in use: 59%
Total physical RAM: 3838.31 MB
Available physical RAM: 1543.21 MB
Total Pagefile: 7891.15 MB
Available Pagefile: 5974.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:452.64 GB) (Free:194.72 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.11 GB) (Free:1.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: EB70BD06)
Partition 1: (Active) - (Size=452.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Edited by gfr4567, 23 October 2014 - 11:37 AM.


#6 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 23 October 2014 - 11:58 AM

Hi James, 
 
There are several issues with this machine; including the presence of a backdoor and cracked software. Please read the following warning on the dangers of a backdoor.
 

goGMWSt.gifBACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.

Please disconnect your computer from the Internet immediately. If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc). 

Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following article for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Whilst the identified infection(s) can be removed, there is no way to guarantee that your computer will be trustworthy again unless you reformat your Hard Drive and reinstall your Operating System. This is due to the nature of the infection, which allows the attacker complete control over the computer. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat/reinstall. Please read the following articles for more information.

You have a choice between cleaning the infection(s) or reformatting your computer. Ultimately, the decision is personal, and up to you. Please let me know how you wish to proceed, and if you have any questions.

 

If you would like to proceed with cleaning, you must also consider the warning below. Unfortunately, I am unable to continue providing assistance unless all cracked software is removed. This includes Adobe Photoshop, and other cracked Adobe software. All must be removed. 
 

goGMWSt.gifCRACKED SOFTWARE WARNING

------------------------------

One or more of the identified infections is a result of downloading cracked/pirated/keygen software. Participating in the use of such software is a security risk; your infected computer is evidence. Were you aware your machine has cracked software installed? We do not approve of nor support illegal software.

Malware authors promote and release cracked software to spread their infections. I strongly recommend you refrain from participating in this activity; your computer will be reinfected otherwise. Simply visiting a cracked software site can result in infection from exploitation of vulnerabilities in software.

Continuing in this practice will ensure your computer is continuously susceptible to malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your Hard Drive and reinstall your Operating System. Please read the following articles for more information.

I am prepared to continue providing assistance as long as you agree to remove all traces of cracked software immediately.

 
If you would like to proceed with cleaning having considered the backdoor warning, AND have removed all traces of cracked software, please complete the two steps below. 
 
STEP 1
XrDFflh.png CKScanner

  • Please download CKScanner and save the file to your Desktop.
  • Right-Click CKScanner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Please run this programme only once.
  • A log (CKFiles.txt) will be created on your DesktopCopy the contents of the log and paste in your next reply.
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Would you like to proceed with cleaning?
  • If you would, have all traces of cracked software been removed? 
  • CKFiles.txt
  • FRST.txt
  • Addition.txt

Posted Image

#7 gfr4567

gfr4567
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 23 October 2014 - 07:12 PM

Thank you very much Adam for taking a look at the posted results. This is obviously a very serious matter. With that said, I'be disconnected my computer from the internet and am writing this message from my phone.

I've read the links you've posted for me review. I'm leaning towards reformatting and reinstalling. Thank you again for the help on this and I have a lot of work to do it seems.

Have a good day Adam and thanks again for the analyzation.

#8 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 24 October 2014 - 01:24 AM

No problem, and you're welcome. 

 

Now that you have decided to reformat, do you require assistance with doing this? 


Posted Image

#9 gfr4567

gfr4567
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 24 October 2014 - 08:35 AM

You're so helpful!

 

I've made the decision to reformat/reinstall, as it sounds as if that's the only completely safe method. Before proceeding, I need to make sure a few things are in line. And some of these things I do have questions about:

 

I need to first find my Windows Vista install disc. I'm assuming there is a disc (I've never reformatted and reinstalled like this).

 

I need to also obviously backup data that I would like to save. This is where I have a question - some documentation reccommends that when backing up data prior to a reformat, you should simply backup your entire drive. Some reccommend to only take the data you absolutely need.

Should I simply copy the documents, pictures, music and videos that are most important to me and leave the rest? Or, should I backup the entire disc using some sort of backup utility?

 

I really can't thank you enough Adam for the knowledge share and quick responses.



#10 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 24 October 2014 - 11:57 AM

Hi James, 
 

I need to first find my Windows Vista install disc. I'm assuming there is a disc (I've never reformatted and reinstalled like this).

You have a recovery partition on your computer. This can be used to restore to factory image, and does not require the use of an installation disc. 
 
What is the make and model of your computer? I can provide instructions on how you can use your recovery partition. 
 

This is where I have a question - some documentation reccommends that when backing up data prior to a reformat, you should simply backup your entire drive.

You would be backing up the malware if you were to do this. 
 

Some reccommend to only take the data you absolutely need.
Should I simply copy the documents, pictures, music and videos that are most important to me and leave the rest? Or, should I backup the entire disc using some sort of backup utility?

If you wish to backup your data, I suggest doing the following.
STEP 1 involves using a clean PC to protect your external drive against autorun infections, and STEP 2 discusses which files you should and should not backup. 
 
STEP 1
ypeNg1J.png Panda USB Vaccine

  • Using a clean PC, please download Panda USB Vaccine and save the file to your Desktop.
  • Double-click USBVaccineSetup.exe to install the programme.
  • Read and accept the license agreement, then click Next.
  • Upon completion of the setup, ensure Launch Panda USB Vaccine is checked and click Finish.
  • Click the Vaccinate Computer button. It should now show a green checkmark and confirm Computer vaccinated
  • Hold down the Shift key on your keyboard and insert your USB drive.
  • When the name of the drive appears in the Panda USB Vaccine dialog box, click the Vaccinate USB drive(s) button.
  • Exit the programme when done.

-- Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.
 
 
STEP 2
LRQ3fDK.png.pagespeed.ce.hTS_jnvNgO.png Backup Data
The safest practice is not to backup any executable (.exe), screensavers (.scr), dynamic link library (.dll), autorun (.ini) or script (.php,.asp.htm.html.xml) files because they may be infected by malware. You should also avoid backing up compressed (.zip.cab.rar) files that have executables inside as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may disguise itself by hiding a file extension or by adding double file extensions and/or space(s) in the file's name to hide the real extension, so be sure you look closely at the full file name.

  • Backing up documents, image, music and video is fine.
  • Specially crafted Word/Excel/PDF can be used for malicious intent, so I recommend only backing up documents you created, or know to come from a clean source. 
  • To repeat, do not backup up files with the following extensions:
.exe, .scr, .bat, .com, .cmd, .msi, .pif, .ini, .htm, .html, .hta, .php, .asp, .xml, .zip, .rar, .cab
  • Hold the shift key on your infected PC, and insert your USB drive. 
  • Copy the files you wish to backup onto your USB drive, and remove from your PC once done. 
     

I really can't thank you enough Adam for the knowledge share and quick responses.

You're more than welcome.


Posted Image

#11 gfr4567

gfr4567
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 24 October 2014 - 12:16 PM

Thanks again Adam - I'm going to start steps 1 and 2 later tonight when I have time to dedicate.

 

For Step 2, three questions:

 

- To backup individual files, this is simply copying them from the PC to the flash drive, correct?

- Are .txt and .vbs unadvisable to backup as well?

- Are .rar. and .zip files that I've created personally alright to backup? (I have .rar and .zip files that contain all picture and music files)



#12 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 24 October 2014 - 01:19 PM

Hi James, 
 

To backup individual files, this is simply copying them from the PC to the flash drive, correct?

Yes, that is correct. 
 

- Are .txt and .vbs unadvisable to backup as well?
- Are .rar. and .zip files that I've created personally alright to backup? (I have .rar and .zip files that contain all picture and music files)

No problem backing up .txt files and .vbs files you've created yourself. Same goes .rar and .zip as long as you are certain the contents are clean. 
I would double-check first.

 

--------

 

Let me know how you get on. 

I also need to know the make/model of your machine.


Posted Image

#13 gfr4567

gfr4567
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 24 October 2014 - 01:30 PM

My apologies for not clarifying the make/model of my machine yet. I'll update all of this data when I get home today and confirm what I have.

 

Thanks



#14 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 24 October 2014 - 02:25 PM

No problem. 

I'll look out for your response.


Posted Image

#15 gfr4567

gfr4567
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 24 October 2014 - 04:23 PM

Hi Adam:

I access the internet on the infected PC through hardwire.

Make: HP
Model: s3707c

I'm starting my data backup now!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users