Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win Explorer using way too much memory. Can't install/run AV


  • This topic is locked This topic is locked
9 replies to this topic

#1 Twol84

Twol84

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 10 February 2015 - 12:40 PM

Hello. Was hoping to get some help. I've tried to run the Farbar scan but on a recently downloaded version it tells me that the program isn't a win32 application. On an older file I have installed, it searches for updates and closes itself. My explorer tends to go into 2-4 gb of memory used, my browsers aren't very responsive, and the occasional file I download is usually corrupted.

 

I've tried to download some malware/rootkit programs, but I have trouble installing or running them. I get the win32 error/ an incompatible version error/something along those lines. Hoping to get some help. Thanks!



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:52 PM

Posted 14 February 2015 - 10:32 PM

Greetings Twol84 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Can you tell me if you have tried to run FRST while in Safe Mode?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Twol84

Twol84
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 16 February 2015 - 06:13 PM

Hello Gary. I managed to get a scan using Farbar a few days back. Here it is.
 
 
 
==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Realtek) C:\Program Files (x86)\ZyXEL\NWD2205\RtlService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Valve Corporation) D:\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(KMP Media co.,Ltd) C:\Program Files (x86)\The KMPlayer\KMPlayer.exe
() C:\Users\user\Desktop\RogueKiller.exe
(Pandora.TV) D:\The KMPlayer\KMPlayer.exe
(Farbar) C:\Users\user\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-10-27] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-10-27] (Atheros Commnucations)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe [8886592 2014-08-27] ()
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [273544 2011-06-14] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-16] (AVAST Software)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1219760732-2527639025-2652654918-1000\...\Run: [Steam] => D:\Steam\steam.exe [1942720 2015-01-24] (Valve Corporation)
HKU\S-1-5-21-1219760732-2527639025-2652654918-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1219760732-2527639025-2652654918-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1219760732-2527639025-2652654918-1000\...\MountPoints2: {35b7693e-9275-11e0-84c3-806e6f6e6963} - "F:\Diablo III Setup.exe"
HKU\S-1-5-21-1219760732-2527639025-2652654918-1000\...\MountPoints2: {6617739f-c0bc-11e3-9ebc-00268312b5c1} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\VoiceClient.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless N USB Utility.lnk
ShortcutTarget: Wireless N USB Utility.lnk -> C:\Program Files (x86)\ZyXEL\NWD2205\NWD2205.exe (ZyXEL)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => D:\IDM\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1219760732-2527639025-2652654918-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-1219760732-2527639025-2652654918-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
URLSearchHook: HKU\S-1-5-21-1219760732-2527639025-2652654918-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1219760732-2527639025-2652654918-1000 -> {1997AC4F-CCE5-4c56-A255-94ADCF110285} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1219760732-2527639025-2652654918-1000 -> {3FA98D57-6C08-4344-97AF-B249F3E2E4DA} URL = http://sg.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
SearchScopes: HKU\S-1-5-21-1219760732-2527639025-2652654918-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll ()
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} ->  No File
BHO-x32: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll ()
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9j9rlrzp.default
FF NewTab:
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.652 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.652 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1219760732-2527639025-2652654918-1000: @acestream.net/acestreamplugin,version=2.1.7 -> C:\Users\user\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Panda Security Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9j9rlrzp.default\Extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [2015-01-18]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9j9rlrzp.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-09-25]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-01-27]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-06-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-06-12]
FF HKU\S-1-5-21-1219760732-2527639025-2652654918-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-08-31&gen=cnet&ent=hp&u=44E299B3D8849CA922AFDD5402C86C70
CHR StartupUrls: Default -> "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-08-31&gen=cnet&ent=hp&u=44E299B3D8849CA922AFDD5402C86C70", "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> securesearch
CHR DefaultSearchURL: Default -> http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-08-31&gen=cnet&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-07]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-07]
CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-16]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-07-07]
CHR Extension: (NoPremium.pl) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkakeeljjehllbdjjamgabdjpmdogc [2014-01-25]
CHR Extension: (Gargatron, the FPL stats machine) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpbaoamnogjcokjojimpmbdkdgobdhoe [2014-05-11]
CHR Extension: (Skype Click to Call) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-13]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-02]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-06-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-27] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-02] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-15] (SurfRight B.V.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [706864 2014-08-27] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-14] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
S2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [296760 2014-09-19] (Panda Security)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 Realtek11nCU; C:\Program Files (x86)\ZyXEL\NWD2205\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; D:\EEK\BIN\a2ddax64.sys [26176 2015-01-22] (Emsisoft GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-02] ()
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-22] (Emsisoft GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-13] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-13] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 MEMSWEEP2; C:\Windows\system32\F717.tmp [6144 2011-05-12] (Sophos Plc) [File not signed]
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-17] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
S3 panda_url_filteringd; C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-20] (Visicom Media Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-14] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-14] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-14] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation                           )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-13] ()
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
S3 WinRing0_1_2_0; D:\RealTemp_370\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
S3 getbus; \??\C:\Users\user\AppData\Local\Temp\getbus.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S1 SABKUTIL; \??\C:\Users\user\Downloads\SABKUTIL.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-13 23:20 - 2015-02-13 23:20 - 02134016 _____ (Farbar) C:\Users\user\Downloads\FRST64(1).exe
2015-02-13 22:52 - 2015-02-13 22:53 - 15431256 _____ () C:\Users\user\Desktop\RogueKiller.exe
2015-02-13 22:22 - 2015-02-13 22:22 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-02-13 00:31 - 2015-02-13 00:40 - 181991142 _____ () C:\Users\user\Downloads\South.Park.S11E13.PROPER.DVDRip.XviD-FoV.avi
2015-02-13 00:21 - 2015-02-13 00:21 - 00188692 _____ () C:\Users\user\Downloads\ESETPoweliksCleaner(1).exe
2015-02-13 00:21 - 2015-02-13 00:21 - 00154354 _____ () C:\Users\user\Downloads\ESETPoweliksCleaner.exe_20150213.002126.9096.log
2015-02-13 00:20 - 2015-02-13 00:20 - 00190152 _____ (ESET) C:\Users\user\Downloads\ESETPoweliksCleaner.exe
2015-02-13 00:15 - 2015-02-13 00:16 - 25414781 _____ () C:\Users\user\Downloads\cce_2.5.242177.201_x64.zip
2015-02-13 00:07 - 2014-03-25 21:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-02-12 23:29 - 2015-02-12 23:29 - 21076086 _____ () C:\Users\user\Desktop\SUPERAntiSpyware (1).exe
2015-02-12 23:21 - 2015-02-12 23:21 - 00804985 _____ () C:\Users\user\Downloads\RegpairSetup.exe
2015-02-12 23:21 - 2015-02-12 23:21 - 00001035 _____ () C:\Users\user\Desktop\Free Window Registry Repair.lnk
2015-02-12 23:21 - 2015-02-12 23:21 - 00001035 _____ () C:\Users\UpdatusUser\Desktop\Free Window Registry Repair.lnk
2015-02-12 23:21 - 2015-02-12 23:21 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2015-02-12 23:21 - 2015-02-12 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2015-02-12 23:21 - 2015-02-12 23:21 - 00000000 ____D () C:\Program Files (x86)\Free Window Registry Repair
2015-02-12 23:18 - 2015-02-12 23:22 - 03880096 _____ (solvusoft Corporation ) C:\Users\user\Downloads\Setup_WinThruster_2015 (1).exe
2015-02-12 23:16 - 2015-02-12 23:25 - 03890316 _____ (solvusoft Corporation ) C:\Users\user\Downloads\Setup_WinThruster_2015.exe
2015-02-12 23:16 - 2015-02-12 23:16 - 02112512 _____ () C:\Users\user\Downloads\adwcleaner_4.110.exe
2015-02-12 22:46 - 2015-02-10 22:24 - 05322888 _____ (Piriform Ltd) C:\Users\user\Desktop\ccsetup502pro.exe
2015-02-12 22:45 - 2015-02-10 22:01 - 21011984 _____ (SUPERAntiSpyware) C:\Users\user\Desktop\SUPERAntiSpyware.exe
2015-02-12 22:39 - 2015-02-12 22:39 - 00000000 ____D () C:\Windows\pss
2015-02-12 07:54 - 2015-02-12 07:54 - 00000632 _____ () C:\Users\user\Desktop\JRT.txt
2015-02-12 07:18 - 2015-02-12 07:18 - 01382434 _____ (Thisisu) C:\Users\user\Desktop\JRT(2).exe
2015-02-12 06:17 - 2015-01-13 11:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 06:17 - 2015-01-13 10:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 06:13 - 2014-11-26 11:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 06:13 - 2014-11-26 11:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-12 06:09 - 2014-12-08 11:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 06:09 - 2014-12-08 10:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-12 00:46 - 2015-02-12 00:46 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\user\Desktop\rkill64.scr
2015-02-12 00:45 - 2015-02-10 22:46 - 05171136 _____ () C:\Users\user\Desktop\aswMBR.exe
2015-02-10 22:37 - 2015-02-10 22:32 - 05186064 _____ (AVAST Software) C:\Users\user\Desktop\muighiy.exe
2015-02-10 22:22 - 2015-02-10 22:24 - 05322888 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup502pro.exe
2015-02-10 22:20 - 2015-02-10 22:13 - 01987800 _____ () C:\acv123.exe
2015-02-10 22:13 - 2015-02-10 22:13 - 01987800 _____ () C:\Users\user\Downloads\MGtools.exe
2015-02-10 22:13 - 2015-02-10 22:13 - 01987800 _____ () C:\MGtools.exe
2015-02-10 21:59 - 2015-02-10 22:01 - 21011984 _____ (SUPERAntiSpyware) C:\Users\user\Downloads\SUPERAntiSpyware.exe
2015-02-10 21:55 - 2015-02-10 21:55 - 00002849 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
2015-02-10 21:55 - 2015-02-10 21:55 - 00000000 ____D () C:\Program Files (x86)\Windows Installer Clean Up
2015-02-10 21:54 - 2015-02-10 21:56 - 00000000 ____D () C:\Program Files (x86)\MSECACHE
2015-02-10 21:54 - 2015-02-10 21:54 - 00359656 _____ (Microsoft Corporation) C:\Users\user\Downloads\msicuu2.exe
2015-02-10 21:34 - 2015-02-10 21:34 - 00380416 _____ () C:\Users\user\Downloads\wowh9vn5.exe
2015-02-10 21:31 - 2015-02-10 21:31 - 00215528 _____ () C:\Users\user\Downloads\abc1234.exe
2015-02-10 21:30 - 2015-02-10 21:38 - 04194096 _____ () C:\Users\user\Downloads\sadqwdqw.exe
2015-02-10 21:21 - 2015-02-10 21:21 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\user\Desktop\rkill.scr
2015-02-10 08:51 - 2015-02-10 08:52 - 00000000 ____D () C:\ProgramData\WinZip
2015-02-10 08:51 - 2015-02-10 08:51 - 00002247 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-02-10 08:51 - 2015-02-10 08:51 - 00002241 _____ () C:\Users\Public\Desktop\WinZip.lnk
2015-02-10 08:51 - 2015-02-10 08:51 - 00000000 ____D () C:\Users\user\AppData\Local\WinZip
2015-02-10 08:51 - 2015-02-10 08:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-02-10 08:50 - 2015-02-10 08:51 - 00000000 ____D () C:\Program Files\WinZip
2015-02-10 08:50 - 2015-02-10 08:50 - 00003816 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1423529417
2015-02-10 08:50 - 2015-02-10 08:50 - 00001139 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-02-10 08:50 - 2015-02-10 08:50 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-02-10 08:50 - 2015-02-10 08:50 - 00000000 ____D () C:\Users\user\AppData\Roaming\Opera Software
2015-02-10 08:50 - 2015-02-10 08:50 - 00000000 ____D () C:\Users\user\AppData\Local\Opera Software
2015-02-10 08:49 - 2015-02-10 21:18 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-10 08:49 - 2015-02-10 08:49 - 00000000 ____D () C:\Program Files\File Association Helper
2015-02-10 08:48 - 2015-02-10 08:48 - 00881984 _____ ( ) C:\Users\user\Downloads\winzip19-dl.exe
2015-02-10 08:46 - 2015-02-10 08:46 - 05604630 _____ (Swearware) C:\Users\user\Desktop\ComboFix(1).exe
2015-02-10 08:24 - 2015-02-11 01:32 - 00000000 ____D () C:\Users\user\Downloads\FRST-OlderVersion
2015-02-10 01:38 - 2014-12-12 13:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 01:38 - 2014-12-12 13:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 01:38 - 2014-12-12 13:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 01:38 - 2014-12-12 13:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 01:38 - 2014-12-12 13:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 01:38 - 2014-12-12 13:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 01:38 - 2014-12-12 13:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-09 22:19 - 2015-02-09 22:19 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-09 22:19 - 2015-02-09 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-09 22:19 - 2015-02-09 22:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-09 22:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-09 21:24 - 2015-02-09 21:25 - 00000000 ____D () C:\EEK
2015-02-05 05:05 - 2015-02-05 05:05 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 05:05 - 2015-02-05 05:05 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 05:05 - 2015-02-05 05:05 - 00000000 ____D () C:\Program Files (x86)\GUM7FBF.tmp
2015-02-02 08:47 - 2015-02-13 22:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 08:47 - 2015-02-12 07:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-02 08:47 - 2015-02-12 00:46 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-02 08:46 - 2015-02-12 07:34 - 00000000 ____D () C:\Users\user\Desktop\mbar
2015-02-02 08:44 - 2015-02-02 08:44 - 16466552 _____ (Malwarebytes Corp.) C:\Users\user\Downloads\mbar-1.08.3.1004.exe
2015-02-02 08:26 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-02 00:50 - 2015-02-02 00:50 - 05598268 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe
2015-02-02 00:31 - 2015-02-02 00:31 - 00368240 _____ (RegNow.com) C:\Users\user\Downloads\Download_SpyHunter-Installer.exe
2015-02-02 00:12 - 2015-02-02 00:13 - 01706479 _____ (Thisisu) C:\Users\user\Downloads\JRT(1).exe
2015-02-02 00:10 - 2015-02-02 00:11 - 00056547 _____ () C:\Users\user\Downloads\Addition.txt
2015-02-02 00:09 - 2015-02-13 23:20 - 00032759 _____ () C:\Users\user\Downloads\FRST.txt
2015-02-02 00:08 - 2015-02-13 23:20 - 00000000 ____D () C:\FRST
2015-02-02 00:08 - 2015-02-10 08:24 - 02127152 _____ () C:\Users\user\Downloads\FRST64.exe
2015-02-01 23:58 - 2015-02-01 23:59 - 11934216 _____ () C:\Users\user\Downloads\AppRemover.exe
2015-02-01 23:55 - 2015-02-02 00:03 - 20429552 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.4.1028(2).exe
2015-02-01 23:55 - 2015-02-01 23:55 - 00299008 _____ () C:\Users\user\Downloads\RUNSAS.EXE
2015-02-01 23:46 - 2015-02-13 23:22 - 00002048 _____ () C:\Uninstall.dat
2015-02-01 23:45 - 2015-02-01 23:46 - 21186076 _____ (SUPERAntiSpyware) C:\Users\user\Desktop\SAS123.exe
2015-01-27 09:20 - 2015-01-27 09:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 17:25 - 2015-01-24 17:25 - 00003336 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1219760732-2527639025-2652654918-1000
2015-01-24 17:25 - 2015-01-24 17:25 - 00003200 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1219760732-2527639025-2652654918-1000
2015-01-22 23:44 - 2015-02-09 21:25 - 00000743 _____ () C:\Users\user\Desktop\Start Emsisoft Emergency Kit.lnk
2015-01-22 23:42 - 2015-01-22 23:43 - 167721360 _____ () C:\Users\user\Downloads\EmsisoftEmergencyKit.exe
2015-01-22 23:30 - 2015-01-22 23:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\abc123.exe
2015-01-22 23:27 - 2015-01-22 23:27 - 20383076 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-22 23:26 - 2015-02-01 13:20 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-22 23:24 - 2015-01-22 23:24 - 00061440 _____ () C:\Users\user\Downloads\Hitman Trial Rest.exe
2015-01-22 23:16 - 2015-01-22 23:18 - 04170597 _____ () C:\Users\user\Downloads\tdsskiller.zip
2015-01-21 04:03 - 2014-12-19 09:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-18 19:09 - 2015-02-13 22:19 - 00000000 ____D () C:\ProgramData\panda_url_filtering
2015-01-18 19:09 - 2015-01-18 19:09 - 00000000 ____D () C:\ProgramData\Panda Security URL Filtering
2015-01-18 19:07 - 2015-01-18 19:08 - 00000000 ____D () C:\Program Files (x86)\pandasecuritytb
2015-01-18 19:07 - 2015-01-18 19:07 - 00000000 ____D () C:\Users\user\AppData\Roaming\Panda Security
2015-01-18 19:06 - 2015-01-18 19:07 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-18 19:06 - 2015-01-18 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2015
2015-01-18 19:03 - 2015-01-18 19:07 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-18 19:03 - 2015-01-18 19:03 - 01630952 _____ () C:\Users\user\Downloads\PANDAFREEAV.exe
2015-01-14 05:30 - 2014-12-19 11:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 05:30 - 2014-12-12 01:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 05:30 - 2014-12-06 12:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 05:30 - 2014-12-06 11:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 05:30 - 2014-12-06 11:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-13 23:22 - 2014-04-12 10:55 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2015-02-13 23:10 - 2012-07-07 04:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-13 23:03 - 2012-08-05 21:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-13 22:54 - 2014-09-13 18:51 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-13 22:46 - 2011-06-09 16:58 - 01468468 _____ () C:\Windows\WindowsUpdate.log
2015-02-13 22:29 - 2009-07-14 12:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-13 22:29 - 2009-07-14 12:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-13 22:27 - 2014-03-06 01:22 - 00001013 _____ () C:\Users\user\Desktop\Dropbox.lnk
2015-02-13 22:27 - 2014-03-06 01:22 - 00000000 ___RD () C:\Users\user\Dropbox
2015-02-13 22:27 - 2014-03-06 01:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 22:27 - 2014-03-06 01:19 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dropbox
2015-02-13 22:22 - 2014-08-31 15:04 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-02-13 22:22 - 2011-06-09 17:12 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-02-13 22:21 - 2012-07-07 04:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-13 22:20 - 2014-10-22 15:42 - 00001736 _____ () C:\Windows\setupact.log
2015-02-13 22:20 - 2014-03-06 23:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-13 22:20 - 2012-08-05 22:02 - 00000256 _____ () C:\Windows\Tasks\RtlVistaStart.job
2015-02-13 22:20 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-13 22:17 - 2011-06-26 17:58 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
2015-02-13 03:03 - 2011-08-10 13:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-13 00:04 - 2014-09-13 19:16 - 00000000 ____D () C:\AdwCleaner
2015-02-12 22:50 - 2014-09-13 18:18 - 00004790 _____ () C:\Users\user\Desktop\Rkill.txt
2015-02-10 23:38 - 2009-07-14 13:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-10 03:18 - 2011-06-12 16:37 - 00554724 _____ () C:\Windows\PFRO.log
2015-02-09 22:19 - 2011-12-25 00:23 - 00000000 ____D () C:\Users\user\AppData\Roaming\Malwarebytes
2015-02-09 22:19 - 2011-12-25 00:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-07 09:04 - 2012-08-05 21:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-07 09:04 - 2012-08-05 21:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-07 09:04 - 2011-06-12 16:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-06 08:32 - 2012-07-07 04:05 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-31 19:23 - 2012-11-05 12:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-22 03:19 - 2009-07-14 12:45 - 00350896 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-18 19:07 - 2011-06-09 17:36 - 00068800 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-15 03:00 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:00 - 2012-07-06 09:53 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2011-06-12 17:46 - 2011-12-25 08:16 - 0000153 _____ () C:\Users\user\AppData\Roaming\default.rss
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\user\AppData\Local\setup.txt

Files to move or delete:
====================
C:\Users\user\ALZip812.exe
C:\Users\user\Firefox Setup 4.0.1.exe
C:\Users\user\install_flash_player.exe


Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\dllnt_dump.dll
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkpjusk.dll
C:\Users\user\AppData\Local\Temp\HitmanPro.exe
C:\Users\user\AppData\Local\Temp\KMP_3.2.0.0.exe
C:\Users\user\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE
C:\Users\user\AppData\Local\Temp\ose00000.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\SETUP_AFTERBURNER.EXE
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll
C:\Users\user\AppData\Local\Temp\_is9368.exe
C:\Users\user\AppData\Local\Temp\{8035CFEF-ED87-403D-B2B3-1B3AC4F63F4E}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 01:00

==================== End Of Log ============================

Edited by Oh My!, 16 February 2015 - 06:21 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:52 PM

Posted 16 February 2015 - 06:41 PM

Do you have an Addition.txt file on your desktop? If so, please copy and paste the information but don't put it in a code box.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Twol84

Twol84
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 18 February 2015 - 10:07 AM

Hello, posted here :)

 

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Antivirus Pro 2015 (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Panda Antivirus Pro 2015 (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Panda Firewall (Enabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

77zip (HKLM-x32\...\77zip) (Version:  - )
7Go Games (HKLM-x32\...\7Go Games) (Version: 1.0.0.0 - 7go.com)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ace Stream Media 2.1.7 (HKU\S-1-5-21-1219760732-2527639025-2652654918-1000\...\AceStream) (Version: 2.1.7 - Ace Stream Media)
Ad-Aware Antivirus (HKLM\...\{E39A80AE-0CC0-43EE-AB6B-BE11DC4F969F}_AdAwareUpdater) (Version: 11.3.6321.0 - Lavasoft)
AdAwareInstaller (Version: 11.3.6321.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.3.6321.0 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
ALTools Update (HKLM-x32\...\ALUpdate_is1) (Version: v11.4 - ESTsoft Corp.)
ALZip 8.51 (HKLM-x32\...\ALZip_is1) (Version: v8.51 - ESTsoft Corp.)
AMD Catalyst Install Manager (HKLM\...\{20384EBF-4F10-13F0-07C6-7A6C87FD83DF}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.51118 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.800.0 - ATI Technologies) Hidden
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.40 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ComicRack v0.9.142 (HKLM\...\ComicRack) (Version: v0.9.142 - cYo Soft)
CPUID CPU-Z 1.63.0 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DAEMON Tools Lite Free Download Packages (HKU\S-1-5-21-1219760732-2527639025-2652654918-1000\...\DAEMON Tools Lite Free Download Packages) (Version:  - ) <==== ATTENTION
Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.4.11327 - Blizzard Entertainment)
Driver Support (HKLM-x32\...\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 8.1 - Driver Support)
Dropbox (HKU\S-1-5-21-1219760732-2527639025-2652654918-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FlashGet 3.3 (HKLM-x32\...\FlashGet 3.3) (Version: 3.3.0.1092 - http://www.FlashGet.com)
Football Manager 2013 (HKLM-x32\...\Steam App 207890) (Version:  - Sports Interactive)
Football Manager 2014 (HKLM-x32\...\Football Manager 2014_is1) (Version: Football Manager 2014 - )
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version:  - Sports Interactive)
GetFLV 9.5.7.9 (HKLM-x32\...\GetFLV_is1) (Version:  - GetFLV, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
HydraVision (x32 Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java™ 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
JDownloader 0.9 (HKLM-x32\...\1489-3350-5074-6281) (Version: 0.9 - AppWork GmbH)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.58.2 - JMicron Technology Corp.)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Magic Workstation 0.94f (HKLM-x32\...\Magic Workstation_is1) (Version:  - Magic Technology)
Marvel Heroes 2015 (HKLM-x32\...\Steam App 226320) (Version:  - Gazillion Entertainment)
marvell 91xx console driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1045 - Marvell)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiPony 2.0.4 (HKLM-x32\...\MiPony) (Version: 2.0.4 - )
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-GB)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSI Afterburner 2.0.0 (HKLM-x32\...\Afterburner) (Version: 2.0.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MTG GamePack for Magic Workstation (HKLM-x32\...\MTG GamePack for Magic Workstation_is1) (Version:  - Magic Technology)
Nero 9 Essentials (HKLM-x32\...\{918d472b-e9ba-4fff-b25b-059887a93afa}) (Version:  - Nero AG)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Panda Antivirus Pro 2015 (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Antivirus Pro 2015 (Version: 7.23.00.0000 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Security Toolbar (HKLM-x32\...\pandasecuritytb) (Version: 4.2.1.7 - Panda Security and Visicom Media Inc.)
Panda Security URL Filtering (HKLM-x32\...\Panda Security URL Filtering) (Version: 2.0.2.0 - Panda Security)
Pandora Service (HKLM-x32\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version:  - Pandora.TV) <==== ATTENTION
PSTViewer Pro (HKLM-x32\...\{4F85459F-8086-41F5-9EAB-42E121609096}) (Version: 4.5.1.1433 - Encryptomatic, LLC)
Raptor (HKLM-x32\...\Raptor) (Version: 3.0 - DotEmu)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Toolbox for RAR 1.1 (HKLM-x32\...\Recovery Toolbox for RAR_is1) (Version:  - Recovery Toolbox, Inc.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version:  - Sega)
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version:  - EA - Maxis)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SopCast 3.2.4 (HKLM-x32\...\SopCast) (Version: 3.2.4 - SopCast.com)
Sophos Anti-Rootkit 1.5.20 (HKLM-x32\...\Sophos-AntiRootkit) (Version: 1.5.20 - Sophos Plc)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version:  - Pandemic Studios)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
The KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 3.4.0.59 - KMP Media co., Ltd)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Virtua Tennis 4 (HKLM-x32\...\Steam App 71390) (Version:  - SEGA)
Watson (HKLM-x32\...\{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}) (Version: 1.0.0 - Windows Live Safety Center)
WBFS to ISO (HKLM-x32\...\{55F0E086-2E1C-4478-B52E-DA6025A46434}_is1) (Version:  - wbfstoiso.com)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM-x32\...\Windows Live OneCare safety scanner) (Version:  - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wireless N USB Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.00.0154 - ZyXEL)
X-Men™ Legends 2 (HKLM-x32\...\InstallShield_{C8A122DE-ACB5-47BB-8661-369D8E46BF92}) (Version: 1.00.0000 - Activision)
X-Men™ Legends 2 (x32 Version: 1.00.0000 - Activision) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1219760732-2527639025-2652654918-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1219760732-2527639025-2652654918-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1219760732-2527639025-2652654918-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1219760732-2527639025-2652654918-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1219760732-2527639025-2652654918-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1219760732-2527639025-2652654918-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1219760732-2527639025-2652654918-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1219760732-2527639025-2652654918-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1219760732-2527639025-2652654918-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

01-02-2015 19:46:28 Checkpoint by HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2012-07-11 08:08 - 00000575 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {055E362C-60B9-4934-AF20-414EA96177B8} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2013-11-14] (PC Drivers Headquarters)
Task: {0D167421-0806-4ADF-9E18-C34D60CA03C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {10188DAD-9D09-409B-AA84-B04A0E0D3B51} - \{3E9C3AB0-7E1B-453B-ACF1-9E7D3A9C3CF2} No Task File <==== ATTENTION
Task: {11633187-7D12-425D-B522-FCAFDD803EBF} - \{8135A372-F66F-40F8-A7E5-3BB6DA7C925B} No Task File <==== ATTENTION
Task: {11EE3DA1-8590-4504-BF10-912BE497B1BA} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {40A53FBB-E061-479B-B9D4-E44FFC289454} - \{424F5814-DB60-4CF3-9B51-7B62BA19FCD1} No Task File <==== ATTENTION
Task: {57AE3146-6C31-4A34-97AF-86D90AB5E66D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5F0EAE2B-C3ED-4313-8D09-6EEEAF9F6960} - \ASP No Task File <==== ATTENTION
Task: {6B75E7BF-24C0-4899-A150-237778C061F4} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2013-11-14] (PC Drivers Headquarters)
Task: {7D4D9338-16A1-4CA1-9C00-28A5EAC333BC} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2013-11-14] (PC Drivers Headquarters)
Task: {903A9A2E-5947-4308-95DC-3C6E6B4CE070} - \{B207D4F2-F8AB-4112-BFDA-6D3748233D92} No Task File <==== ATTENTION
Task: {9BB0557B-081A-4990-A97E-3E24A0540BE7} - \{2A9E52BA-4EEB-4FF1-8609-18FBC77DB26B} No Task File <==== ATTENTION
Task: {A533E0E9-6182-456C-B4A8-646D7798D87B} - \avast! Emergency Update No Task File <==== ATTENTION
Task: {AF6A7ABE-8276-4777-A242-2B3314438802} - \{4048651B-4234-482C-9424-4FFB477EADBF} No Task File <==== ATTENTION
Task: {B70049EE-5F46-4822-A7BC-131884F0206D} - \{6DA4BBB2-B2DB-454B-8A67-822B5C8A8E05} No Task File <==== ATTENTION
Task: {BC4A5891-7BFE-4D41-B567-88A83F1FFCF0} - \{377EC171-074D-4970-BFE6-23C0F04A5744} No Task File <==== ATTENTION
Task: {C348D376-53D3-48A3-8425-EE56CF6B9671} - \RtlVistaStart No Task File <==== ATTENTION
Task: {CD6638B0-8C90-4E13-B3B3-7D95B728972F} - \{02F39F95-B57F-4DE9-9953-8D964CC84046} No Task File <==== ATTENTION
Task: {CE7C0DC7-C7DA-4D6A-A8FA-122AE860E9CE} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {E2F612BA-4D54-44CB-87D3-C9572AE119A7} - \{C2EEBF4A-1AB0-4045-8A5E-F998FC799076} No Task File <==== ATTENTION
Task: {E4DB1B16-822F-49ED-BE0F-948F77522196} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1219760732-2527639025-2652654918-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {E7F11ABC-0021-41AD-8A3C-B6F931F06A3C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1219760732-2527639025-2652654918-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {F20E5437-B338-434B-AF7B-E4CA7E6E5082} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {F5BE4AF9-33DD-4D85-B834-2854DE65DC2B} - \{957D044B-D697-4596-B231-F9058E290BEB} No Task File <==== ATTENTION
Task: {FB262640-40A9-44A6-AB68-18D357283628} - \{304FB880-94AA-4B60-86FB-819354E8582B} No Task File <==== ATTENTION
Task: {FEC23AC2-BDAD-46B1-98FA-252A4A591564} - \ESTsoft RunAsStdUser 909735Task No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RtlVistaStart.job => C:\Program Files (x86)\ZyXEL\NWD2205\NWD2205.exe

==================== Loaded Modules (whitelisted) =============

2014-03-06 23:58 - 2013-10-23 16:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-27 12:32 - 2014-08-27 12:32 - 00706864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
2014-08-27 12:53 - 2014-08-27 12:53 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_thread-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_system-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_chrono-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_date_time-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_filesystem-vc100-mt-1_55.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 11947856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareServiceKernel.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\RCF.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00788824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_regex-vc100-mt-1_55.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00734536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareActivation.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 02167640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareApplicationUpdater.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00813896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareGamingMode.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00098624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareReset.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00120128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTime.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00943960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdater.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00869224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01105224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIgnoreList.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00247624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareQuarantine.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00988504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiMalwareEngine.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiRootkitEngine.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01172816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerHistory.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01277248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScanner.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_timer-vc100-mt-1_55.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00975192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerScheduler.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01109336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareRealTimeProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIncompatibles.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00891720 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiSpam.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00843088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiPhishing.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 03090768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareParentalControl.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 02624848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareWebProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01067344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareEmailProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01290584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNetworkProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01004352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePromo.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00343880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareFeedback.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 02787160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareThreatWorkAlliance.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01238848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePinCode.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01004864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNotice.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00928072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAvcEngine.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00154944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\SecurityCenter.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 08886592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe
2014-08-27 12:53 - 2014-08-27 12:53 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_locale-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 02101568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\HtmlFramework.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\DllStorage.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00832848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTrayDefaultSkin.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\Localization.dll
2014-10-17 03:30 - 2014-10-17 03:30 - 00208384 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\XPBurnComponent\2fe2ecc4b0316a6b55afe3f1fce92a42\XPBurnComponent.ni.dll
2013-01-25 12:18 - 2013-11-14 21:19 - 00412064 _____ () C:\Program Files (x86)\Driver Support\Driver Support\Agent.Communication.XmlSerializers.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 02745168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareShellExtension.dll
2014-10-02 21:18 - 2014-10-02 21:18 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-02-01 19:15 - 2015-02-01 19:15 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020100\algo.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-13 01:23 - 2013-04-13 01:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2013-01-04 12:10 - 2012-10-22 11:15 - 01277952 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll
2013-01-04 12:10 - 2012-07-09 17:57 - 02090496 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avcodec-53.dll
2013-01-04 12:10 - 2011-12-06 16:19 - 00133632 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avutil-51.dll
2013-01-04 12:10 - 2012-03-23 10:07 - 00224768 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\libupnp.dll
2014-08-31 14:33 - 2014-12-02 05:31 - 02396672 _____ () D:\Steam\libavcodec-56.dll
2014-08-31 14:33 - 2014-12-02 05:31 - 00442880 _____ () D:\Steam\libavutil-54.dll
2014-08-31 14:33 - 2014-12-02 05:31 - 00479744 _____ () D:\Steam\libavformat-56.dll
2014-08-31 14:33 - 2014-12-02 05:31 - 00332800 _____ () D:\Steam\libavresample-2.dll
2013-03-12 17:10 - 2014-11-12 02:47 - 00774656 _____ () D:\Steam\SDL2.dll
2015-01-22 03:21 - 2014-12-02 08:29 - 05002752 _____ () D:\Steam\v8.dll
2015-01-22 03:21 - 2014-12-02 08:29 - 01612800 _____ () D:\Steam\icui18n.dll
2015-01-22 03:21 - 2014-12-02 08:29 - 01210368 _____ () D:\Steam\icuuc.dll
2014-05-27 23:11 - 2015-01-24 06:34 - 02227904 _____ () D:\Steam\video.dll
2014-08-31 14:33 - 2014-12-02 05:31 - 00485888 _____ () D:\Steam\libswscale-3.dll
2013-01-19 13:14 - 2015-01-24 06:33 - 00696512 _____ () D:\Steam\bin\chromehtml.DLL
2014-10-02 21:18 - 2014-10-02 21:18 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-01-19 13:14 - 2015-01-16 07:42 - 34641288 _____ () D:\Steam\bin\libcef.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00750080 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-01 15:07 - 2015-02-01 15:07 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpj2twbc.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00047616 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00863744 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00200704 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-27 09:20 - 2015-01-27 09:20 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-25 12:03 - 2015-01-25 12:03 - 16844976 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
2015-01-27 23:56 - 2015-01-25 14:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-27 23:56 - 2015-01-25 14:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-27 23:56 - 2015-01-25 14:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
2015-01-27 23:56 - 2015-01-25 14:08 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\user\Documents\20140917_095646.mp4:com.dropbox.attributes
AlternateDataStreams: C:\Users\user\Documents\Actor Promos.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\Actor Promos.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\Actor Promos1.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\Actor Promos1.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\arena.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\arena.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\basics.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\basics.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\blue lands.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\blue lands.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\bsm.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\bsm.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\Cake order form.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\Cake order form.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\cake order form2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\cake order form2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\drits.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\drits.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\drits1.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\drits1.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\drits2.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\drits2.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\folk.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\folk.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\gurus.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\gurus.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\HT.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\HT.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\Image (42).jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\Image (42).jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\is.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\is.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\isl.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\isl.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\jace1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\jace1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\jace2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\jace2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\jf1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\jf1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\jf2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\jf2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\jpcradles.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\jpcradles.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\jpcradles2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\jpcradles2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\Jud Lands.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\Jud Lands.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\Jud Lands.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\Jud Lands.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\Jud Lands1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\Jud Lands1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\Jud(1).jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\Jud(1).jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\Jud(2).jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\Jud(2).jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\jud1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\jud1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\lb.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\lb.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\loi.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\loi.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\md1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\md1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\md2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\md2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\miscut basics.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\miscut basics.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\ms1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\ms1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\ms1b.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\ms1b.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\ms2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\ms2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\naughtynice.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\naughtynice.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\nh.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\nh.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\nn.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\nn.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\oisland.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\oisland.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\pestilence.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\pestilence.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\pestilence.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\pestilence.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\plains.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\plains.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\Scan Data from FX-7DD71B.mht.eml:OECustomProperty
AlternateDataStreams: C:\Users\user\Documents\scm.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\scm.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\sdrit.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\sdrit.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\sponge.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\sponge.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\spontaneous.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\spontaneous.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\sswamp.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\sswamp.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\test printing swamp.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\test printing swamp.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\textless basics.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\textless basics.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\TP.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\TP.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\tpback.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\tpback.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\ts.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\ts.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\usea1.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\usea1.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\vault.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\vault.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\whb.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\whb.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\whf.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\whf.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\wild growth.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\wild growth.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\user\Documents\wurm.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\user\Documents\wurm.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

========================= Accounts: ==========================

Administrator (S-1-5-21-1219760732-2527639025-2652654918-500 - Administrator - Disabled)
Guest (S-1-5-21-1219760732-2527639025-2652654918-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1219760732-2527639025-2652654918-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-1219760732-2527639025-2652654918-1003 - Limited - Enabled) => C:\Users\UpdatusUser
user (S-1-5-21-1219760732-2527639025-2652654918-1000 - Administrator - Enabled) => C:\Users\user

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/02/2015 00:10:35 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (02/02/2015 00:09:11 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (02/02/2015 00:08:38 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (02/02/2015 00:08:37 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (02/02/2015 00:03:41 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (02/01/2015 11:59:08 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (02/01/2015 11:59:08 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (02/01/2015 11:59:05 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (02/01/2015 11:59:04 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (02/01/2015 11:59:02 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.


System errors:
=============
Error: (02/01/2015 11:56:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SABKUTIL service failed to start due to the following error:
%%2

Error: (02/01/2015 03:05:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (02/01/2015 03:02:28 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (02/01/2015 01:58:11 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (02/01/2015 01:54:36 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (02/01/2015 01:24:07 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (02/01/2015 01:22:20 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/01/2015 01:21:44 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (01/31/2015 07:24:18 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/31/2015 07:21:52 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.


Microsoft Office Sessions:
=========================
Error: (01/12/2012 04:22:37 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 873264 seconds with 300 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-02-01 19:46:53.703
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\user\AppData\Local\Temp\HitmanPro.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-01 19:46:52.476
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\user\AppData\Local\Temp\HitmanPro.exe because the set of per-page image hashes could not be found on the system.

  Date: 2012-03-03 17:31:12.139
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\F717.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-03-03 17:31:12.107
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\F717.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-03-03 17:26:02.303
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\F717.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-03-03 17:26:02.272
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\F717.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-03-03 17:26:02.228
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\F717.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-03-03 17:26:02.197
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\F717.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-03-03 17:26:01.955
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\F717.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-03-03 17:26:01.923
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\F717.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 57%
Total physical RAM: 8168.95 MB
Available physical RAM: 3468.38 MB
Total Pagefile: 14118.12 MB
Available Pagefile: 5208.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:292.87 GB) (Free:5.59 GB) NTFS
Drive d: () (Fixed) (Total:1863.01 GB) (Free:4.09 GB) NTFS
Drive e: () (Fixed) (Total:638.54 GB) (Free:5.82 GB) NTFS
Drive g: (My Passport) (Fixed) (Total:1862.98 GB) (Free:498.2 GB) NTFS
Drive h: (Favian's Hard Disk) (Fixed) (Total:1862.98 GB) (Free:1.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 4FC86768)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4FC86716)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=292.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=638.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00021365)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:52 PM

Posted 18 February 2015 - 11:32 AM

Greetings,

You have already run a large number of tools. Was that to address this current issue or were you having other problems?

Please consider and do this.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can do this via Add/Remove Programs, or Programs and Features in the Control Panel.
 

Panda Antivirus Pro 2015
Ad-Aware Antivirus
avast! Antivirus


===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s).
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

DAEMON Tools Lite Free Download Packages

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
URLSearchHook: HKU\S-1-5-21-1219760732-2527639025-2652654918-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
URLSearchHook: HKU\S-1-5-21-1219760732-2527639025-2652654918-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1219760732-2527639025-2652654918-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} ->  No File
BHO-x32: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} ->  No File
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
S3 getbus; \??\C:\Users\user\AppData\Local\Temp\getbus.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S1 SABKUTIL; \??\C:\Users\user\Downloads\SABKUTIL.sys [X]
C:\Users\user\ALZip812.exe
C:\Users\user\Firefox Setup 4.0.1.exe
C:\Users\user\install_flash_player.exe
C:\Users\user\AppData\Local\Temp\dllnt_dump.dll
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkpjusk.dll
C:\Users\user\AppData\Local\Temp\HitmanPro.exe
C:\Users\user\AppData\Local\Temp\KMP_3.2.0.0.exe
C:\Users\user\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE
C:\Users\user\AppData\Local\Temp\ose00000.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\SETUP_AFTERBURNER.EXE
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll
C:\Users\user\AppData\Local\Temp\_is9368.exe
C:\Users\user\AppData\Local\Temp\{8035CFEF-ED87-403D-B2B3-1B3AC4F63F4E}.exe
Task: {10188DAD-9D09-409B-AA84-B04A0E0D3B51} - \{3E9C3AB0-7E1B-453B-ACF1-9E7D3A9C3CF2} No Task File <==== ATTENTION
Task: {11633187-7D12-425D-B522-FCAFDD803EBF} - \{8135A372-F66F-40F8-A7E5-3BB6DA7C925B} No Task File <==== ATTENTION
Task: {11EE3DA1-8590-4504-BF10-912BE497B1BA} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {40A53FBB-E061-479B-B9D4-E44FFC289454} - \{424F5814-DB60-4CF3-9B51-7B62BA19FCD1} No Task File <==== ATTENTION
Task: {5F0EAE2B-C3ED-4313-8D09-6EEEAF9F6960} - \ASP No Task File <==== ATTENTION
Task: {903A9A2E-5947-4308-95DC-3C6E6B4CE070} - \{B207D4F2-F8AB-4112-BFDA-6D3748233D92} No Task File <==== ATTENTION
Task: {9BB0557B-081A-4990-A97E-3E24A0540BE7} - \{2A9E52BA-4EEB-4FF1-8609-18FBC77DB26B} No Task File <==== ATTENTION
Task: {A533E0E9-6182-456C-B4A8-646D7798D87B} - \avast! Emergency Update No Task File <==== ATTENTION
Task: {AF6A7ABE-8276-4777-A242-2B3314438802} - \{4048651B-4234-482C-9424-4FFB477EADBF} No Task File <==== ATTENTION
Task: {B70049EE-5F46-4822-A7BC-131884F0206D} - \{6DA4BBB2-B2DB-454B-8A67-822B5C8A8E05} No Task File <==== ATTENTION
Task: {BC4A5891-7BFE-4D41-B567-88A83F1FFCF0} - \{377EC171-074D-4970-BFE6-23C0F04A5744} No Task File <==== ATTENTION
Task: {C348D376-53D3-48A3-8425-EE56CF6B9671} - \RtlVistaStart No Task File <==== ATTENTION
Task: {CD6638B0-8C90-4E13-B3B3-7D95B728972F} - \{02F39F95-B57F-4DE9-9953-8D964CC84046} No Task File <==== ATTENTION
Task: {CE7C0DC7-C7DA-4D6A-A8FA-122AE860E9CE} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {E2F612BA-4D54-44CB-87D3-C9572AE119A7} - \{C2EEBF4A-1AB0-4045-8A5E-F998FC799076} No Task File <==== ATTENTION
Task: {F5BE4AF9-33DD-4D85-B834-2854DE65DC2B} - \{957D044B-D697-4596-B231-F9058E290BEB} No Task File <==== ATTENTION
Task: {FB262640-40A9-44A6-AB68-18D357283628} - \{304FB880-94AA-4B60-86FB-819354E8582B} No Task File <==== ATTENTION
Task: {FEC23AC2-BDAD-46B1-98FA-252A4A591564} - \ESTsoft RunAsStdUser 909735Task No Task File <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Twol84

Twol84
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 19 February 2015 - 07:33 AM

Yeah I had an issue a few months ago, and tried to dl some AV this time round. Not all of them were executable, though.

 

Fixlog here:

 

Content of fixlist:
*****************
URLSearchHook: HKU\S-1-5-21-1219760732-2527639025-2652654918-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
URLSearchHook: HKU\S-1-5-21-1219760732-2527639025-2652654918-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1219760732-2527639025-2652654918-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} ->  No File
BHO-x32: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} ->  No File
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
S3 getbus; \??\C:\Users\user\AppData\Local\Temp\getbus.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S1 SABKUTIL; \??\C:\Users\user\Downloads\SABKUTIL.sys [X]
C:\Users\user\ALZip812.exe
C:\Users\user\Firefox Setup 4.0.1.exe
C:\Users\user\install_flash_player.exe
C:\Users\user\AppData\Local\Temp\dllnt_dump.dll
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkpjusk.dll
C:\Users\user\AppData\Local\Temp\HitmanPro.exe
C:\Users\user\AppData\Local\Temp\KMP_3.2.0.0.exe
C:\Users\user\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE
C:\Users\user\AppData\Local\Temp\ose00000.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\SETUP_AFTERBURNER.EXE
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll
C:\Users\user\AppData\Local\Temp\_is9368.exe
C:\Users\user\AppData\Local\Temp\{8035CFEF-ED87-403D-B2B3-1B3AC4F63F4E}.exe
Task: {10188DAD-9D09-409B-AA84-B04A0E0D3B51} - \{3E9C3AB0-7E1B-453B-ACF1-9E7D3A9C3CF2} No Task File <==== ATTENTION
Task: {11633187-7D12-425D-B522-FCAFDD803EBF} - \{8135A372-F66F-40F8-A7E5-3BB6DA7C925B} No Task File <==== ATTENTION
Task: {11EE3DA1-8590-4504-BF10-912BE497B1BA} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {40A53FBB-E061-479B-B9D4-E44FFC289454} - \{424F5814-DB60-4CF3-9B51-7B62BA19FCD1} No Task File <==== ATTENTION
Task: {5F0EAE2B-C3ED-4313-8D09-6EEEAF9F6960} - \ASP No Task File <==== ATTENTION
Task: {903A9A2E-5947-4308-95DC-3C6E6B4CE070} - \{B207D4F2-F8AB-4112-BFDA-6D3748233D92} No Task File <==== ATTENTION
Task: {9BB0557B-081A-4990-A97E-3E24A0540BE7} - \{2A9E52BA-4EEB-4FF1-8609-18FBC77DB26B} No Task File <==== ATTENTION
Task: {A533E0E9-6182-456C-B4A8-646D7798D87B} - \avast! Emergency Update No Task File <==== ATTENTION
Task: {AF6A7ABE-8276-4777-A242-2B3314438802} - \{4048651B-4234-482C-9424-4FFB477EADBF} No Task File <==== ATTENTION
Task: {B70049EE-5F46-4822-A7BC-131884F0206D} - \{6DA4BBB2-B2DB-454B-8A67-822B5C8A8E05} No Task File <==== ATTENTION
Task: {BC4A5891-7BFE-4D41-B567-88A83F1FFCF0} - \{377EC171-074D-4970-BFE6-23C0F04A5744} No Task File <==== ATTENTION
Task: {C348D376-53D3-48A3-8425-EE56CF6B9671} - \RtlVistaStart No Task File <==== ATTENTION
Task: {CD6638B0-8C90-4E13-B3B3-7D95B728972F} - \{02F39F95-B57F-4DE9-9953-8D964CC84046} No Task File <==== ATTENTION
Task: {CE7C0DC7-C7DA-4D6A-A8FA-122AE860E9CE} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {E2F612BA-4D54-44CB-87D3-C9572AE119A7} - \{C2EEBF4A-1AB0-4045-8A5E-F998FC799076} No Task File <==== ATTENTION
Task: {F5BE4AF9-33DD-4D85-B834-2854DE65DC2B} - \{957D044B-D697-4596-B231-F9058E290BEB} No Task File <==== ATTENTION
Task: {FB262640-40A9-44A6-AB68-18D357283628} - \{304FB880-94AA-4B60-86FB-819354E8582B} No Task File <==== ATTENTION
Task: {FEC23AC2-BDAD-46B1-98FA-252A4A591564} - \ESTsoft RunAsStdUser 909735Task No Task File <==== ATTENTION
*****************

HKU\S-1-5-21-1219760732-2527639025-2652654918-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} => value deleted successfully.
"HKCR\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}" => Key deleted successfully.
HKU\S-1-5-21-1219760732-2527639025-2652654918-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} => Value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-1219760732-2527639025-2652654918-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
getbus => Service deleted successfully.
MSICDSetup => Service deleted successfully.
SABKUTIL => Service deleted successfully.
C:\Users\user\ALZip812.exe => Moved successfully.
C:\Users\user\Firefox Setup 4.0.1.exe => Moved successfully.
C:\Users\user\install_flash_player.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkpjusk.dll => Moved successfully.
"C:\Users\user\AppData\Local\Temp\HitmanPro.exe" => File/Directory not found.
"C:\Users\user\AppData\Local\Temp\KMP_3.2.0.0.exe" => File/Directory not found.
"C:\Users\user\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE" => File/Directory not found.
"C:\Users\user\AppData\Local\Temp\ose00000.exe" => File/Directory not found.
"C:\Users\user\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\user\AppData\Local\Temp\SETUP_AFTERBURNER.EXE" => File/Directory not found.
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
"C:\Users\user\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
"C:\Users\user\AppData\Local\Temp\_is9368.exe" => File/Directory not found.
"C:\Users\user\AppData\Local\Temp\{8035CFEF-ED87-403D-B2B3-1B3AC4F63F4E}.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10188DAD-9D09-409B-AA84-B04A0E0D3B51}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10188DAD-9D09-409B-AA84-B04A0E0D3B51}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3E9C3AB0-7E1B-453B-ACF1-9E7D3A9C3CF2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11633187-7D12-425D-B522-FCAFDD803EBF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11633187-7D12-425D-B522-FCAFDD803EBF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8135A372-F66F-40F8-A7E5-3BB6DA7C925B}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11EE3DA1-8590-4504-BF10-912BE497B1BA} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40A53FBB-E061-479B-B9D4-E44FFC289454}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40A53FBB-E061-479B-B9D4-E44FFC289454}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{424F5814-DB60-4CF3-9B51-7B62BA19FCD1}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F0EAE2B-C3ED-4313-8D09-6EEEAF9F6960} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASP => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{903A9A2E-5947-4308-95DC-3C6E6B4CE070}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{903A9A2E-5947-4308-95DC-3C6E6B4CE070}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B207D4F2-F8AB-4112-BFDA-6D3748233D92}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BB0557B-081A-4990-A97E-3E24A0540BE7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BB0557B-081A-4990-A97E-3E24A0540BE7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2A9E52BA-4EEB-4FF1-8609-18FBC77DB26B}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A533E0E9-6182-456C-B4A8-646D7798D87B} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF6A7ABE-8276-4777-A242-2B3314438802}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF6A7ABE-8276-4777-A242-2B3314438802}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4048651B-4234-482C-9424-4FFB477EADBF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B70049EE-5F46-4822-A7BC-131884F0206D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B70049EE-5F46-4822-A7BC-131884F0206D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6DA4BBB2-B2DB-454B-8A67-822B5C8A8E05}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC4A5891-7BFE-4D41-B567-88A83F1FFCF0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC4A5891-7BFE-4D41-B567-88A83F1FFCF0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{377EC171-074D-4970-BFE6-23C0F04A5744}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C348D376-53D3-48A3-8425-EE56CF6B9671}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C348D376-53D3-48A3-8425-EE56CF6B9671}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RtlVistaStart" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD6638B0-8C90-4E13-B3B3-7D95B728972F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD6638B0-8C90-4E13-B3B3-7D95B728972F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{02F39F95-B57F-4DE9-9953-8D964CC84046}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE7C0DC7-C7DA-4D6A-A8FA-122AE860E9CE} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2F612BA-4D54-44CB-87D3-C9572AE119A7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2F612BA-4D54-44CB-87D3-C9572AE119A7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C2EEBF4A-1AB0-4045-8A5E-F998FC799076}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5BE4AF9-33DD-4D85-B834-2854DE65DC2B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5BE4AF9-33DD-4D85-B834-2854DE65DC2B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{957D044B-D697-4596-B231-F9058E290BEB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB262640-40A9-44A6-AB68-18D357283628}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB262640-40A9-44A6-AB68-18D357283628}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{304FB880-94AA-4B60-86FB-819354E8582B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FEC23AC2-BDAD-46B1-98FA-252A4A591564}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEC23AC2-BDAD-46B1-98FA-252A4A591564}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ESTsoft RunAsStdUser 909735Task" => Key deleted successfully.

==== End of Fixlog 20:31:09 ====



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:52 PM

Posted 19 February 2015 - 10:29 AM

Thanks, can you give me an update on your computer performance?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:52 PM

Posted 22 February 2015 - 09:53 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:52 PM

Posted 24 February 2015 - 09:52 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users