Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iexplore exe virus has tied up both laptops Computer 2


  • Please log in to reply
7 replies to this topic

#1 Kenterbent

Kenterbent

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Buffalo NY
  • Local time:11:01 AM

Posted 16 February 2015 - 12:39 PM

Thanks for reviewing my logs- my second computer is in the next post- I have to kill the process just to post... not seeing the attach button for theSSKiller.......  Kent

 

 

Farbar Rec Scan Tool – Dented XPS

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015

Ran by KENT500GB (administrator) on KENT500GB-PC on 15-02-2015 13:49:58

Running from C:\Users\KENT500GB\Desktop\Malware Responce Team

Loaded Profiles: KENT500GB & UpdatusUser (Available profiles: KENT500GB & UpdatusUser)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Windows\System32\psxss.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

( ) C:\Windows\System32\lxdicoms.exe

(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe

(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe

(Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe

(Dropbox, Inc.) C:\Users\KENT500GB\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe

(Microsoft Corporation) C:\Windows\System32\snmp.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKLM\...\Policies\Explorer: [RestrictRun] 0

HKU\S-1-5-21-381782413-416685821-1044739591-1000\...\Policies\Explorer: [RestrictRun] 0

HKU\S-1-5-21-381782413-416685821-1044739591-1001\...\RunOnce: [Cisco VUSB] => C:\Program Files\CiscoVUSB\CiscoVUSB.exe [634880 2012-03-29] (Cisco Consumer Products LLC)

Startup: C:\Users\KENT500GB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\KENT500GB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\KENT500GB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\KENT500GB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\KENT500GB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\KENT500GB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\KENT500GB\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\KENT500GB\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\KENT500GB\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

BootExecute: autocheck autochk * sdnclean64.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-381782413-416685821-1044739591-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-381782413-416685821-1044739591-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-381782413-416685821-1044739591-1000 -> {7B66BEF4-EA10-4B99-92DE-7EF8C9D6A5C3} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}

SearchScopes: HKU\S-1-5-21-381782413-416685821-1044739591-1000 -> {8A64D544-98BB-C260-590A-335EB1FB0846} URL = http://www.bing.com/search?q={searchTerms}&pc=Z016&form=ZGAIDF

SearchScopes: HKU\S-1-5-21-381782413-416685821-1044739591-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549

FF DefaultSearchEngine: Google

FF Homepage: https://www.google.com/

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File

FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CrazyTalk4Native.dll (C3D)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctdomemhelper.dll (Reallusion Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctframeplayerobject.dll (Reallusion Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctplayerobject.dll (Reallusion Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\imagickrt.dll (BEXTech)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npitifffree.dll (Innomage Enterprises, Inc)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npRLCT4Player.dll ( )

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\rlcontentclass.dll (Reallusion Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicPacker.dll ()

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicUnpacker.dll ()

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoicePacker.dll ()

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoiceUnpacker.dll ()

FF SearchPlugin: C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\4p1vc3rt.default\searchplugins\aol-search.xml

FF SearchPlugin: C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\4p1vc3rt.default\searchplugins\bing-zugo.xml

FF SearchPlugin: C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\4p1vc3rt.default\searchplugins\userlogos.xml

FF SearchPlugin: C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\10amo68p.Default User\searchplugins\aol-search.xml

FF SearchPlugin: C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\10amo68p.Default User\searchplugins\bing-zugo.xml

FF SearchPlugin: C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\10amo68p.Default User\searchplugins\userlogos.xml

FF SearchPlugin: C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.2014NewYears\searchplugins\userlogos.xml

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\hphd5xpo.KEnt 5.2013\Extensions\artur.dubovoy@gmail.com [2014-05-28]

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\hphd5xpo.KEnt 5.2013\Extensions\donottrackplus@abine.com [2014-05-28]

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\hphd5xpo.KEnt 5.2013\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-05-28]

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.2014NewYears\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-01-01]

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.2014NewYears\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}(2) [2014-01-01]

FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\artur.dubovoy@gmail.com [2015-02-14]

FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\donottrackplus@abine.com [2014-12-12]

FF Extension: Print pages to PDF - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\printPages2Pdf@reinhold.ripper [2014-06-09]

FF Extension: Youtube MP3 Podcaster - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2015-02-10]

FF Extension: FEBE - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2015-01-19]

FF Extension: DownloadHelper - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-12-12]

FF Extension: Flash and Video Download - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-01-27]

FF Extension: Evernote Web Clipper - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-09-28]

FF Extension: Adblock Plus Pop-up Addon - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\adblockpopups@jessehakanen.net.xpi [2014-08-19]

FF Extension: High Definition Video - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\hdv@vovcacik.addons.mozilla.org.xpi [2014-06-09]

FF Extension: Image and Flash Blocker - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\imgflashblocker@shimon.chohen.xpi [2014-06-09]

FF Extension: Ad-blocker for Gmail - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\jid0-AocRXUCRsLTCYvn6bgJERnwfuqw@jetpack.xpi [2014-06-09]

FF Extension: Remove Google Tracking - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\jid0-DpogclPgnN9OvqNntEBbPZxBinY@jetpack.xpi [2014-06-09]

FF Extension: YouTube™ Flash® Player - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2014-12-26]

FF Extension: My Homepage - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\myhomepage_manishjain9@gmail.com.xpi [2015-02-14]

FF Extension: Add Google Search To New Tab Page - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\newtabgoogle@graememcc.co.uk.xpi [2015-02-14]

FF Extension: QuickPasswords - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\QuickPasswords@axelg.com.xpi [2014-06-09]

FF Extension: Silent Block - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\SilentBlock@schuzak.jp.xpi [2014-06-09]

FF Extension: Video WithOut Flash - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\vwof@drev.com.xpi [2014-06-09]

FF Extension: Screengrab  (fix version) - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2014-12-17]

FF Extension: Malware Search - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2014-07-31]

FF Extension: Gmail Manager - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi [2014-06-09]

FF Extension: New Tab Homepage - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2015-02-14]

FF Extension: Flash Block - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi [2014-06-09]

FF Extension: Ads no more - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a2}.xpi [2014-06-09]

FF Extension: FirefoxAdKiller - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi [2014-06-09]

FF Extension: QuickJava - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-12-17]

FF Extension: YouTube Flash Video Player - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\ivgv2q7n.default-1400727238549\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2014-12-26]

FF Extension: Flash Video Downloader - Full HD Download - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\artur.dubovoy@gmail.com [2014-05-30]

FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\donottrackplus@abine.com [2014-05-30]

FF Extension: Print pages to PDF - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\printPages2Pdf@reinhold.ripper [2014-05-30]

FF Extension: Bullguard Virus Scan - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\virusscan@bullguard.com [2014-05-30]

FF Extension: Youtube MP3 Podcaster - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2014-05-30]

FF Extension: YouTube Unblocker - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\youtubeunblocker@unblocker.yt [2014-05-30]

FF Extension: FEBE - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-05-30]

FF Extension: DownloadHelper - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-05-30]

FF Extension: Flash and Video Download - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-05-30]

FF Extension: Evernote Web Clipper - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-05-30]

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\adblockpopups@jessehakanen.net.xpi [2014-05-30]

FF Extension: High Definition Video - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\hdv@vovcacik.addons.mozilla.org.xpi [2014-05-30]

FF Extension: Image and Flash Blocker - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\imgflashblocker@shimon.chohen.xpi [2014-05-30]

FF Extension: Ad-blocker for Gmail - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\jid0-AocRXUCRsLTCYvn6bgJERnwfuqw@jetpack.xpi [2014-05-30]

FF Extension: Remove Google Tracking - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\jid0-DpogclPgnN9OvqNntEBbPZxBinY@jetpack.xpi [2014-05-30]

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\jid0-HbNL9qqBkuuKRhJ9ncTonCky1HU@jetpack.xpi [2014-05-30]

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\multirevenue@googlemail.com.xpi [2014-05-30]

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\mytube@ashishmishra.in.xpi [2014-05-30]

FF Extension: QuickPasswords - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\QuickPasswords@axelg.com.xpi [2014-05-30]

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\readable@evernote.com.xpi [2014-05-30]

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\SilentBlock@schuzak.jp.xpi [2014-05-30]

FF Extension: Media Stealer - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\stealer@physacco.com.xpi [2014-05-30]

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\vwof@drev.com.xpi [2014-05-30]

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2014-05-30]

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi [2014-05-30]

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-05-30]

FF Extension: Flash Block - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi [2014-05-30]

FF Extension: Ads no more - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a2}.xpi [2014-05-30]

FF Extension: FirefoxAdKiller - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi [2014-05-30]

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-05-30]

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-05-30]

FF Extension: JavaScript Options - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.may 30\Extensions\{cdbbb3f6-a50e-4b20-a154-5fcbb3bbf43d}.xpi [2014-05-30]

FF Extension: Flash Video Downloader - Full HD Download - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\artur.dubovoy@gmail.com [2014-07-19]

FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\donottrackplus@abine.com [2014-07-19]

FF Extension: Print pages to PDF - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\printPages2Pdf@reinhold.ripper [2014-07-19]

FF Extension: Youtube MP3 Podcaster - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2014-07-19]

FF Extension: YouTube Unblocker - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\youtubeunblocker@unblocker.yt [2014-07-19]

FF Extension: FEBE - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-07-19]

FF Extension: DownloadHelper - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-07-19]

FF Extension: Evernote Web Clipper - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-07-19]

FF Extension: Adblock Plus Pop-up Addon - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\adblockpopups@jessehakanen.net.xpi [2014-07-19]

FF Extension: High Definition Video - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\hdv@vovcacik.addons.mozilla.org.xpi [2014-07-19]

FF Extension: Image and Flash Blocker - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\imgflashblocker@shimon.chohen.xpi [2014-07-19]

FF Extension: Ad-blocker for Gmail - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\jid0-AocRXUCRsLTCYvn6bgJERnwfuqw@jetpack.xpi [2014-07-19]

FF Extension: Remove Google Tracking - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\jid0-DpogclPgnN9OvqNntEBbPZxBinY@jetpack.xpi [2014-07-19]

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\jid0-HbNL9qqBkuuKRhJ9ncTonCky1HU@jetpack.xpi [2014-07-19]

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\multirevenue@googlemail.com.xpi [2014-07-19]

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\mytube@ashishmishra.in.xpi [2014-07-19]

FF Extension: QuickPasswords - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\QuickPasswords@axelg.com.xpi [2014-07-19]

FF Extension: Silent Block - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\SilentBlock@schuzak.jp.xpi [2014-07-19]

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\vwof@drev.com.xpi [2014-07-19]

FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2014-07-19]

FF Extension: Gmail Manager - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi [2014-07-19]

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-19]

FF Extension: Flash Block - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi [2014-07-19]

FF Extension: Ads no more - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a2}.xpi [2014-07-19]

FF Extension: FirefoxAdKiller - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi [2014-07-19]

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-07-19]

FF Extension: No Name - C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.KCB7.19.14\Extensions\{cdbbb3f6-a50e-4b20-a154-5fcbb3bbf43d}.xpi [2014-07-19]

FF Extension: SySaver - C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org [2015-01-27]

FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-27]

FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}

FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2014-05-03]

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-02-08]

 

Chrome:

=======

CHR Profile: C:\Users\KENT500GB\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (RealDownloader) - C:\Users\KENT500GB\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-20]

CHR Extension: (Google Wallet) - C:\Users\KENT500GB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-11-08] (SUPERAntiSpyware.com)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 lxdi_device; C:\Windows\system32\lxdicoms.exe [876976 2007-06-11] ( )

R2 lxdi_device; C:\Windows\SysWOW64\lxdicoms.exe [517040 2007-06-11] ( )

R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)

R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)

R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)

R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)

R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S2 nvsvc; No ImagePath

S2 SDScannerService; No ImagePath

S2 SDUpdateService; No ImagePath

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)

S3 catchme; No ImagePath

S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [18456 2011-03-07] (HandSet Incorporated)

R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)

R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)

R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)

R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)

R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)

R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)

R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)

R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)

R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)

R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)

R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)

R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)

R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)

R3 OEM02Dev; C:\Windows\System32\DRIVERS\OEM02Dev.sys [266624 2007-10-10] (Creative Technology Ltd.)

R3 OEM02Vfx; C:\Windows\System32\DRIVERS\OEM02Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)

R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)

R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)

R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)

R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)

R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)

R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)

R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)

R3 PsxDrv; C:\Windows\System32\drivers\psxdrv.sys [10240 2009-07-13] (Microsoft Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [302296 2012-06-19] (silex technology, Inc.)

R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [129304 2011-03-07] (ZTE Incorporated)

S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [129304 2011-03-07] (ZTE Incorporated)

S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [129304 2011-03-07] (ZTE Incorporated)

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-15 13:48 - 2015-02-15 13:50 - 00000000 ____D () C:\FRST

2015-02-15 13:26 - 2015-02-15 13:27 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\KENT500GB\Downloads\tdsskiller.exe

2015-02-15 13:25 - 2015-02-15 13:49 - 00000000 ____D () C:\Users\KENT500GB\Desktop\Malware Responce Team

2015-02-15 13:24 - 2015-02-15 13:24 - 02085888 _____ (Farbar) C:\Users\KENT500GB\Downloads\FRST64.exe

2015-02-15 12:31 - 2015-02-15 12:32 - 00000000 ____D () C:\Users\KENT500GB\Desktop\Second SCREEN Hold

2015-02-15 12:29 - 2015-02-15 12:31 - 00000000 ____D () C:\Users\KENT500GB\Desktop\FAT FOLDER HOLD

2015-02-15 12:24 - 2015-02-15 12:24 - 00000056 _____ () C:\Windows\setupact.log

2015-02-15 12:24 - 2015-02-15 12:24 - 00000000 _____ () C:\Windows\setuperr.log

2015-02-14 23:07 - 2015-02-14 23:07 - 00000000 ____D () C:\Users\KENT500GB\Documents\ProcAlyzer Dumps

2015-02-14 17:28 - 2015-02-14 17:28 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2015-02-14 17:27 - 2015-02-14 19:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2015-02-14 17:27 - 2015-02-14 17:39 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2015-02-14 17:27 - 2015-02-14 17:27 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2015-02-14 17:27 - 2015-02-14 17:27 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2015-02-14 17:27 - 2015-02-14 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

2015-02-14 17:27 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe

2015-02-14 17:24 - 2015-02-14 21:03 - 00003022 _____ () C:\Windows\System32\Tasks\{3F394048-E16E-4CF9-B90E-D78611C49531}

2015-02-14 17:23 - 2015-02-14 21:03 - 00003022 _____ () C:\Windows\System32\Tasks\{17586952-B820-4B18-ADEB-7051A8B16110}

2015-02-14 17:09 - 2015-02-14 17:11 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\KENT500GB\Downloads\spybot-2.4.exe

2015-02-14 03:54 - 2015-02-14 21:20 - 00000000 ___SD () C:\32788R22FWJFW

2015-02-13 23:03 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-02-13 23:03 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-02-13 23:03 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-02-13 23:03 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-02-13 04:11 - 2015-02-13 04:11 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe

2015-02-13 03:41 - 2015-02-13 03:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

2015-02-13 03:41 - 2015-02-13 03:41 - 00000000 ____D () C:\Program Files\HitmanPro

2015-02-13 03:40 - 2015-02-13 04:11 - 00000000 ____D () C:\ProgramData\HitmanPro

2015-02-13 03:39 - 2015-02-13 03:39 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\KENT500GB\Downloads\avira_en_av___ws.exe

2015-02-13 02:38 - 2015-02-13 02:39 - 11227888 _____ (SurfRight B.V.) C:\Users\KENT500GB\Downloads\HitmanPro_x64.exe

2015-02-12 20:48 - 2015-02-12 21:40 - 00000000 ____D () C:\Users\KENT500GB\Desktop\Profile .crowd pleaser

2015-02-12 14:05 - 2015-02-12 23:06 - 736014554 _____ () C:\Users\KENT500GB\Downloads\Womb Raider (2003) by Jonghea.avi

2015-02-12 13:08 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-02-12 13:08 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-02-12 13:08 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-02-12 13:08 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-02-12 13:08 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-02-12 13:08 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-02-12 13:08 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-02-12 13:08 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-02-12 13:08 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-02-12 13:08 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-02-12 13:08 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-02-12 13:08 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-02-12 13:08 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-02-12 13:08 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-02-12 13:08 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-02-12 13:07 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-02-12 13:07 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-02-12 13:07 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-02-12 13:07 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-02-12 13:07 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-02-12 13:07 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-02-12 13:07 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-02-12 13:07 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-02-12 13:07 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-02-12 13:07 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-02-12 13:07 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-02-12 13:07 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-02-12 13:07 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-02-12 13:07 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-02-12 13:07 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-02-12 13:07 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-02-12 13:07 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-02-12 13:07 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-02-12 13:07 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-02-12 13:07 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-02-12 13:07 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-02-12 13:07 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-02-12 13:07 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-02-12 13:07 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-02-12 13:07 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-02-12 13:07 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-02-12 13:07 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-02-12 13:07 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-02-12 13:07 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-02-12 13:07 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-02-12 13:07 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-02-12 13:07 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-02-12 13:07 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-02-12 13:07 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-02-12 13:07 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-02-12 13:07 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-02-12 13:07 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-02-12 13:06 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-02-12 13:06 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-02-12 13:06 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-02-12 13:06 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-02-12 13:06 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-02-12 13:06 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-02-12 13:06 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-02-12 13:06 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-02-12 13:06 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-02-12 13:06 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-02-12 13:06 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-02-12 13:06 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-02-12 13:06 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-02-12 13:06 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-02-12 13:06 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-02-12 13:06 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-02-12 13:06 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-02-12 13:06 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-02-12 13:04 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-02-12 13:04 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2015-02-12 13:03 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-02-12 13:03 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-02-12 13:03 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-02-12 13:03 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-02-12 13:03 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-02-12 13:03 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-02-12 13:03 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-02-12 13:03 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-02-12 13:03 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-02-12 13:03 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-02-12 13:03 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-02-12 13:03 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-02-12 13:03 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-02-12 13:03 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-02-12 13:02 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-02-12 13:02 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-02-12 13:02 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-02-12 13:02 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-02-12 13:02 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-02-12 13:02 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-02-12 13:02 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-02-12 13:02 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll

2015-02-12 13:02 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll

2015-02-12 12:56 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-02-12 12:46 - 2015-02-12 13:51 - 00000394 ____H () C:\Windows\Tasks\{263F678B-416F-4143-B486-28A098F93A23}.job

2015-02-12 12:46 - 2015-02-12 12:47 - 00003250 _____ () C:\Windows\System32\Tasks\{263F678B-416F-4143-B486-28A098F93A23}

2015-02-12 11:56 - 2014-03-25 08:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys

2015-02-12 11:55 - 2015-02-12 11:55 - 00000000 ____D () C:\Users\KENT500GB\AppData\Roaming\Panda Security

2015-02-12 11:54 - 2015-02-12 11:55 - 00000000 ____D () C:\Program Files (x86)\Panda Security

2015-02-12 11:54 - 2015-02-12 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2015

2015-02-12 11:51 - 2015-02-12 11:55 - 00000000 ____D () C:\ProgramData\Panda Security

2015-02-12 11:51 - 2015-02-12 11:51 - 01029224 _____ () C:\Users\KENT500GB\Downloads\PANDAAP15.exe

2015-02-10 22:25 - 2015-02-10 22:25 - 05237794 _____ () C:\Users\KENT500GB\Downloads\IMG_0614(1).MOV

2015-02-10 10:40 - 2015-02-10 10:40 - 05237794 _____ () C:\Users\KENT500GB\Downloads\IMG_0614.MOV

2015-02-09 13:15 - 2015-02-09 13:36 - 693922142 _____ () C:\Users\KENT500GB\Downloads\Adobe.Acrobat.Pro.X.v10.1.Multilenguaje.Incl.Keymaker.MUNDOMANUALES.COM.rar

2015-02-08 23:29 - 2015-02-08 23:29 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk

2015-02-08 23:29 - 2015-02-08 23:29 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk

2015-02-08 23:29 - 2015-02-08 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2

2015-02-06 23:22 - 2015-02-06 23:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf

2015-02-06 22:24 - 2015-02-06 22:24 - 00000000 ____D () C:\Users\KENT500GB\Desktop\Temp2_1995pictures.zip

2015-02-06 21:47 - 2015-02-06 21:47 - 11649400 _____ () C:\Users\KENT500GB\Downloads\1995pictures.zip

2015-02-06 16:11 - 2015-02-06 16:22 - 00000000 ____D () C:\Users\KENT500GB\Downloads\The Woman in Black (2012) [DVDRip - steven80]

2015-02-05 18:10 - 2015-02-05 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

2015-02-05 18:10 - 2015-02-05 18:10 - 00000000 ____D () C:\Program Files\7-Zip

2015-02-05 18:09 - 2015-02-05 18:09 - 01513472 _____ () C:\Users\KENT500GB\Downloads\7z938-x64.msi

2015-02-03 14:48 - 2015-02-11 14:10 - 00000000 ____D () C:\Users\KENT500GB\Documents\Party 2015

2015-02-03 13:35 - 2015-02-05 16:33 - 00000000 ____D () C:\Users\KENT500GB\Documents\Bob Welch Obit

2015-02-03 13:35 - 2015-02-03 13:35 - 00000000 ____D () C:\Users\Public\Documents\Bob Welch Obit

2015-01-27 13:28 - 2015-02-14 21:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-01-26 22:14 - 2015-01-26 22:32 - 621176832 _____ () C:\Users\KENT500GB\Downloads\ubcd533.iso

2015-01-26 19:22 - 2015-01-26 19:22 - 00000284 _____ () C:\Users\KENT500GB\Desktop\Up Next The World's Most Complete List of Windows Commands Command Line Reference.URL

2015-01-25 23:13 - 2015-02-15 12:18 - 00001412 _____ () C:\Users\KENT500GB\Desktop\Rkill.txt

2015-01-25 22:28 - 2015-02-14 04:14 - 00000000 ____D () C:\AdwCleaner

2015-01-25 22:07 - 2015-01-25 23:15 - 00000000 ____D () C:\Users\KENT500GB\Documents\Computer Rescue Log Files

2015-01-25 22:02 - 2015-01-25 22:02 - 00038476 _____ () C:\ComboFix.txt

2015-01-25 21:35 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-01-25 21:35 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-01-25 21:35 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-01-25 21:35 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-01-25 21:35 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-01-25 21:35 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe

2015-01-25 21:35 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe

2015-01-25 21:35 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe

2015-01-25 21:33 - 2015-01-25 22:03 - 00000000 ____D () C:\Qoobox

2015-01-25 21:33 - 2015-01-25 21:59 - 00000000 ____D () C:\Windows\erdnt

2015-01-25 20:08 - 2015-01-25 20:08 - 00023430 _____ () C:\Users\KENT500GB\Desktop\dds.txt

2015-01-25 20:08 - 2015-01-25 20:08 - 00010492 _____ () C:\Users\KENT500GB\Desktop\attach.txt

2015-01-25 18:54 - 2015-02-15 12:28 - 00000000 ___RD () C:\Users\KENT500GB\Desktop\downloaded Programs on HOLD

2015-01-24 18:45 - 2015-01-24 18:48 - 00001220 _____ () C:\Users\KENT500GB\Desktop\FixExec.txt

2015-01-22 22:31 - 2015-01-22 22:31 - 00000000 ____D () C:\Users\KENT500GB\AppData\Roaming\14943

2015-01-20 13:12 - 2015-01-27 13:01 - 00000000 ____D () C:\Users\KENT500GB\Documents\Family Notes 2015

2015-01-19 13:43 - 2015-01-19 13:43 - 00000000 ____D () C:\Users\KENT500GB\Documents\New folder

2015-01-18 21:43 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-18 21:43 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2015-01-18 21:43 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-18 21:42 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-18 21:42 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

 

==================== One Month Modified Files and Folders =======

 

Said my post was too long, must have done something wrong(?)- so I cut it in half -Kent



BC AdBot (Login to Remove)

 


m

#2 Kenterbent

Kenterbent
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Buffalo NY
  • Local time:11:01 AM

Posted 16 February 2015 - 12:43 PM

Start part 2
 
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-15 13:36 - 2014-10-14 11:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 13:18 - 2012-12-05 16:18 - 00000000 ____D () C:\Users\KENT500GB\Documents\the IN thing
2015-02-15 12:29 - 2014-04-16 17:24 - 01998243 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 12:26 - 2014-04-16 19:27 - 00000000 ____D () C:\Users\KENT500GB\AppData\Roaming\Dropbox
2015-02-15 12:26 - 2011-06-07 08:20 - 00000000 ___RD () C:\Users\KENT500GB\Dropbox
2015-02-15 12:24 - 2014-04-16 16:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-15 12:24 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 01:01 - 2014-04-25 19:31 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-14 23:03 - 2014-09-25 22:22 - 00000000 ____D () C:\Unified_Android_ToolKit
2015-02-14 21:37 - 2014-10-14 11:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-14 21:05 - 2013-03-19 23:55 - 00000000 ____D () C:\Users\KENT500GB\Documents\C Cleaner Registry Backups
2015-02-14 21:03 - 2014-10-28 21:03 - 00002960 _____ () C:\Windows\System32\Tasks\{ED37CF1B-7145-47F3-AE71-6F9E58B68F61}
2015-02-14 21:03 - 2014-10-14 11:48 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-14 20:03 - 2014-04-16 19:56 - 00000000 ___RD () C:\Users\KENT500GB\Desktop\Unused Icons
2015-02-14 20:03 - 2014-04-16 19:56 - 00000000 ___RD () C:\Users\KENT500GB\Desktop\Maintenence
2015-02-14 20:03 - 2014-04-16 19:23 - 00000000 ____D () C:\Users\KENT500GB\AppData\Roaming\BitTorrent
2015-02-14 20:03 - 2014-01-14 13:17 - 00000000 ___RD () C:\Users\KENT500GB\Desktop\Desktop Icons HOLD
2015-02-14 15:54 - 2009-07-14 00:08 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-14 03:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-14 02:42 - 2009-07-14 00:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-14 02:34 - 2014-11-28 11:14 - 00000000 ____D () C:\ProgramData\SUPERSetup
2015-02-13 23:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 19:33 - 2009-07-13 23:45 - 00017296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-13 19:33 - 2009-07-13 23:45 - 00017296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-13 17:50 - 2014-12-27 15:23 - 00000000 ____D () C:\Users\KENT500GB\Downloads\Galaxy S 3 repair vids
2015-02-13 15:23 - 2014-09-10 11:02 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-13 15:10 - 2012-12-20 20:31 - 00000000 ____D () C:\Users\KENT500GB\Documents\Collin Compillation of Papers
2015-02-13 05:29 - 2014-04-23 20:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-13 03:14 - 2014-04-23 20:41 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-13 03:14 - 2014-04-23 20:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-13 03:14 - 2014-04-23 20:41 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-12 23:14 - 2014-04-16 19:28 - 00000000 ____D () C:\Users\KENT500GB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 23:14 - 2011-06-07 08:17 - 00001033 _____ () C:\Users\KENT500GB\Desktop\Dropbox.lnk
2015-02-12 19:13 - 2013-02-19 09:32 - 00000000 ____D () C:\Users\KENT500GB\Documents\Kent Song Lyrics
2015-02-12 13:50 - 2009-07-13 23:45 - 04981464 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 13:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-12 13:44 - 2014-04-24 08:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 13:38 - 2014-04-16 15:58 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 13:11 - 2014-04-16 15:58 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 11:55 - 2014-04-16 15:04 - 00115736 _____ () C:\Users\KENT500GB\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-12 11:31 - 2013-06-22 17:13 - 00000000 ____D () C:\Users\KENT500GB\Documents\COMPUTER Repair Upgrade KCB
2015-02-11 12:58 - 2014-04-16 14:53 - 00000000 ____D () C:\Users\KENT500GB
2015-02-09 13:02 - 2014-08-19 08:06 - 00000000 ____D () C:\Users\KENT500GB\AppData\Local\Adobe
2015-02-09 13:02 - 2014-05-03 20:55 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-02-07 15:09 - 2014-07-27 10:16 - 00000000 ____D () C:\Users\KENT500GB\Documents\Kent Medical 2014
2015-02-07 14:52 - 2013-06-22 09:02 - 00000000 ____D () C:\Users\KENT500GB\Documents\KEnt Storys
2015-02-05 18:11 - 2013-11-24 16:25 - 00000000 ____D () C:\Users\KENT500GB\Documents\American Curves - Sex Addiction Shocker (Winter 2012) --- HFM
2015-02-04 13:31 - 2014-10-14 11:48 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-27 21:29 - 2012-11-03 11:32 - 00000000 ____D () C:\Users\KENT500GB\Documents\Kent the Zen Master
2015-01-27 17:18 - 2014-07-19 18:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 12:19 - 2014-10-14 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-26 22:58 - 2014-12-13 23:09 - 00000000 ____D () C:\Users\KENT500GB\Downloads\Tommy (1975)
2015-01-26 22:58 - 2014-12-05 22:29 - 00000000 ____D () C:\Users\KENT500GB\Downloads\Comedy - Allan Sherman - My Son The Box
2015-01-26 22:58 - 2014-12-04 12:00 - 00000000 ____D () C:\Users\KENT500GB\Downloads\StudentSexFriends - Episode 13
2015-01-26 22:58 - 2014-10-28 12:57 - 00000000 ____D () C:\Users\KENT500GB\Downloads\DNG_Camera_Raw_5_1
2015-01-26 22:58 - 2014-10-24 10:30 - 00000000 ____D () C:\Users\KENT500GB\Downloads\22 Immutable Laws of Branding - Al Ries [PDF] [Qwerty80]
2015-01-26 22:58 - 2014-09-15 20:47 - 00000000 ____D () C:\Users\KENT500GB\Downloads\Iron Butterfly - 7CD Discography
2015-01-26 22:58 - 2014-08-20 20:40 - 00000000 ____D () C:\Users\KENT500GB\Downloads\Dell XPS M1530 64 bit Windows Vista or Windows 7 Upgrade Drivers and Firmware _ Technology _ All-Pages_files
2015-01-26 22:58 - 2014-08-08 22:43 - 00000000 ____D () C:\Users\KENT500GB\Downloads\Bikini Beach Balls
2015-01-26 22:58 - 2014-08-01 20:26 - 00000000 ____D () C:\Users\KENT500GB\Downloads\fourier
2015-01-26 22:58 - 2014-08-01 09:29 - 00000000 ____D () C:\Users\KENT500GB\Downloads\One Direction - Discography [2011-2013] [Mp3-320]-V3nom [GLT]
2015-01-26 22:58 - 2014-05-14 13:20 - 00000000 ____D () C:\Users\KENT500GB\Downloads\Calendar fix 2
2015-01-26 22:58 - 2014-05-14 13:16 - 00000000 ____D () C:\Users\KENT500GB\Downloads\kentnek3000@gmail.com.ical
2015-01-26 22:58 - 2014-05-06 20:14 - 00000000 ____D () C:\Users\KENT500GB\Downloads\QuickBooks Pro 2014
2015-01-26 22:58 - 2014-05-05 17:26 - 00000000 ____D () C:\Users\KENT500GB\Downloads\FL Studio Producer Edition 11.1.0 Final R2R [ChingLiu]
2015-01-26 22:58 - 2014-05-05 17:25 - 00000000 ____D () C:\Users\KENT500GB\Downloads\FL STUDIO Signature Bundle v11.5.8 Alpha Incl. Patch-REiS [deepstatus]
2015-01-26 22:58 - 2014-05-05 17:23 - 00000000 ____D () C:\Users\KENT500GB\Downloads\FL Studio Producer Edition 11.0.3 Final R2R [ChingLiu]
2015-01-26 22:58 - 2014-05-02 10:45 - 00000000 ____D () C:\Users\KENT500GB\Downloads\mirrorscript
2015-01-26 22:58 - 2014-04-04 12:17 - 00000000 ____D () C:\Users\KENT500GB\Downloads\40 Woodette pl
2015-01-26 22:58 - 2014-03-20 20:57 - 00000000 ____D () C:\Users\KENT500GB\Downloads\Andrew Long Facebook
2015-01-26 22:58 - 2013-12-07 13:17 - 00000000 ____D () C:\Users\KENT500GB\Downloads\FW_EA3500_1.1.39.145204.SSA(1)
2015-01-25 22:34 - 2013-05-22 01:30 - 00000000 ____D () C:\Users\KENT500GB\AppData\Roaming\CheckPoint
2015-01-25 22:03 - 2014-11-14 22:50 - 00000000 ____D () C:\Users\KENTNEK
2015-01-25 22:03 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2015-01-25 21:53 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-25 21:51 - 2009-07-13 21:34 - 78118912 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-25 21:51 - 2009-07-13 21:34 - 16252928 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-25 21:51 - 2009-07-13 21:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-25 21:51 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-25 21:51 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-24 19:52 - 2015-01-12 20:50 - 00000000 ____D () C:\Users\KENT500GB\Desktop\Stanley Burlingame Jan 2015
2015-01-24 18:42 - 2013-02-04 10:50 - 00000000 ____D () C:\Users\KENT500GB\Documents\BOY SCOUTS
2015-01-22 23:58 - 2012-10-13 13:00 - 00000000 ____D () C:\Users\KENT500GB\Documents\My KEEN shoes
2015-01-18 21:43 - 2014-09-23 17:31 - 00000000 ____D () C:\Users\KENT500GB\Documents\DVDFab9
2015-01-18 14:11 - 2014-09-05 11:13 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-18 14:09 - 2014-09-05 11:12 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-17 18:22 - 2014-09-12 13:28 - 00000000 ____D () C:\Users\KENT500GB\Documents\39 Woodette pl
2015-01-17 17:04 - 2014-04-21 21:54 - 00000000 ____D () C:\Windows\pss
2015-01-17 17:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-01-17 17:00 - 2013-03-21 20:36 - 00000000 ____D () C:\Users\KENT500GB\AppData\Local\CRE
2015-01-17 15:31 - 2014-08-02 12:14 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-17 14:32 - 2014-04-16 19:20 - 00000000 ____D () C:\Users\KENT500GB\AppData\Roaming\TeraCopy
2015-01-17 14:32 - 2009-07-14 02:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-17 14:25 - 2012-06-19 10:37 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.6
 
==================== Files in the root of some directories =======
 
2009-07-13 23:41 - 2009-07-13 23:41 - 0000174 ___SH () C:\Program Files (x86)\desktop (1).ini
2014-02-15 10:34 - 2014-02-15 10:34 - 0003719 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2011-09-18 14:44 - 2011-09-18 14:44 - 0000272 _____ () C:\Users\KENT500GB\AppData\Roaming\.backup.dm
2011-08-12 10:38 - 2014-12-05 09:53 - 0000231 _____ () C:\Users\KENT500GB\AppData\Roaming\default.rss
2012-04-30 11:42 - 2012-04-30 11:42 - 0000000 _____ () C:\Users\KENT500GB\AppData\Roaming\downloads.m3u
2010-03-01 22:07 - 2011-12-10 23:24 - 0087608 _____ () C:\Users\KENT500GB\AppData\Roaming\inst.exe
2010-03-01 22:07 - 2011-12-10 23:24 - 0007887 _____ () C:\Users\KENT500GB\AppData\Roaming\pcouffin.cat
2010-03-01 22:07 - 2011-12-10 23:24 - 0001144 _____ () C:\Users\KENT500GB\AppData\Roaming\pcouffin.inf
2010-03-01 22:08 - 2011-12-10 23:24 - 0000055 _____ () C:\Users\KENT500GB\AppData\Roaming\pcouffin.log
2010-03-01 22:07 - 2011-12-10 23:24 - 0047360 _____ (VSO Software) C:\Users\KENT500GB\AppData\Roaming\pcouffin.sys
2014-09-07 23:15 - 2014-09-07 23:42 - 0000000 _____ () C:\Users\KENT500GB\AppData\Local\Actions.txt
2014-10-06 22:49 - 2014-10-06 22:52 - 0001456 _____ () C:\Users\KENT500GB\AppData\Local\Adobe Save for Web 12.0 Prefs
2010-08-19 16:19 - 2012-04-04 11:27 - 0007680 _____ () C:\Users\KENT500GB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-07 20:31 - 2014-09-07 23:42 - 0000623 _____ () C:\Users\KENT500GB\AppData\Local\Easy ShutDown.txt
2010-04-10 22:34 - 2013-07-31 22:21 - 0007626 _____ () C:\Users\KENT500GB\AppData\Local\resmon.resmoncfg
2011-04-29 09:52 - 2011-04-29 09:52 - 0000000 _____ () C:\Users\KENT500GB\AppData\Local\{23A9D7B8-6D0F-48E9-A79F-BD9B3D68A0FB}
 
Files to move or delete:
====================
C:\Windows\Tasks\{263F678B-416F-4143-B486-28A098F93A23}.job
 
 
Some content of TEMP:
====================
C:\Users\KENT500GB\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpls1mfl.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-13 04:34
 
==================== End Of Log ============================
 
*
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by KENT500GB at 2015-02-15 13:51:17
Running from C:\Users\KENT500GB\Desktop\Malware Responce Team
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Panda Antivirus Pro 2015 (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Antivirus Pro 2015 (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Panda Firewall (Enabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
"Nero SoundTrax Help (x32 Version: 4.0.15.0 - Nero AG) Hidden
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.2 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.1.369 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{288DB08D-0708-4A94-B055-55B99E39EB62}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
AML Free Registry Cleaner 4.25 (HKLM-x32\...\{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1) (Version:  - AML SOFT, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.2.1 - )
BitTorrent (HKU\S-1-5-21-381782413-416685821-1044739591-1000\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco VUSB (HKLM\...\Cisco VUSB) (Version: 1.0.0 - Cisco Consumer Products LLC)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
Dropbox (HKU\S-1-5-21-381782413-416685821-1044739591-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
DVDFab 9.1.7.6 (28/11/2014) (HKLM-x32\...\DVDFab 9 US_is1) (Version:  - Fengtao Software Inc.)
Evernote v. 5.6.4 (HKLM-x32\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.)
Excel Invoice Manager 2.23.1026 (HKLM-x32\...\Excel Invoice Manager_is1) (Version: 2.23.1026 - OFFICE-KIT.COM)
Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version:  - Jodix Technologies Ltd.)
FreeCAD 0.13 (HKLM-x32\...\{2B2B5D2B-0F01-410B-843B-8F437FD75FBF}) (Version: 0.13.1828 - Juergen Riegel (FreeCAD@juergen-riegel.net))
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.236 - SurfRight B.V.)
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
InterActual Player (HKLM-x32\...\InterActual Player) (Version:  - )
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Juice 2.2 (HKLM-x32\...\Juice) (Version: 2.2 - Juice Team)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Keyboard Lock Status (HKLM-x32\...\{144A1586-E16C-448D-910D-E12ACD65DD98}) (Version: 1.00.0000 - Logitech)
Laptop Integrated Webcam Driver (1.04.01.1011)   (HKLM\...\Creative OEM002) (Version:  - )
Lexmark 3500-4500 Series (HKLM\...\Lexmark 3500-4500 Series) (Version:  - Lexmark International, Inc.)
Magic ISO Maker v5.4 (build 0251) (HKLM-x32\...\Magic ISO Maker v5.4 (build 0251)) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.22.3.9 - Marvell)
Menu Templates - Starter Kit (x32 Version: 9.0.4.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-381782413-416685821-1044739591-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Templates - Starter Kit (x32 Version: 9.0.4.0 - Nero AG) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 (HKLM-x32\...\{f08a1710-6767-4fd8-b2fb-5aac8f8a8e3c}) (Version:  - Nero AG)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Panda Antivirus Pro 2015 (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Antivirus Pro 2015 (Version: 7.23.00.0000 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0175 - REALTEK Semiconductor Corp.)
RICOH Media Driver ver.2.07.01.04 (HKLM-x32\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.04 - RICOH)
RICOH R5C83x/84x Media Driver Ver.3.53.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.53.02 - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
Should I Remove It (HKU\S-1-5-21-381782413-416685821-1044739591-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Simple Shutdown Timer (HKLM-x32\...\Simple Shutdown Timer1.1.2) (Version: 1.1.2 - PcWinTech.com)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SoundTrax (x32 Version: 4.0.18.0 - Nero AG) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPER © v2014.build.61+Recorder (2014/06/19) version v2014.buil (HKLM-x32\...\{8E2A18E2-96AF-8549-4DE7-5C06B75719A4}_is1) (Version: v2014.build.61+Recorder - eRightSoft)
SUPER © v2014.build.63+Recorder (2014/11/27) version v2014.buil (HKLM-x32\...\{8E2A19E2-96BF-8659-4DA7-5C06C90719A4}_is1) (Version: v2014.build.63+Recorder - eRightSoft)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
USB Scale PC Program Version 1.10 (HKLM-x32\...\USB Scale PC Program_is1) (Version: 1.1.0 - Xiamen Elane Electronics Company Ltd.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
ZTE Handset USB Driver 5.2066.1.8 (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.8 - ZTE Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-381782413-416685821-1044739591-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\KENT500GB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-381782413-416685821-1044739591-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\KENT500GB\AppData\Roaming\moters\supna.dll () <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-381782413-416685821-1044739591-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\KENT500GB\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-381782413-416685821-1044739591-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\KENT500GB\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-381782413-416685821-1044739591-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\KENT500GB\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-381782413-416685821-1044739591-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\KENT500GB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-381782413-416685821-1044739591-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\KENT500GB\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-381782413-416685821-1044739591-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\KENT500GB\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-381782413-416685821-1044739591-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KENT500GB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-381782413-416685821-1044739591-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KENT500GB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-381782413-416685821-1044739591-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KENT500GB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-381782413-416685821-1044739591-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KENT500GB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-381782413-416685821-1044739591-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KENT500GB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-381782413-416685821-1044739591-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KENT500GB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-381782413-416685821-1044739591-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KENT500GB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-381782413-416685821-1044739591-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KENT500GB\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
13-02-2015 04:10:54 Checkpoint by HitmanPro
13-02-2015 23:03:40 Windows Update
14-02-2015 21:10:09 AML Registry Cleaner
14-02-2015 21:11:19 AML Registry Cleaner
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-02-08 23:17 - 00005124 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
0.0.0.0       localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
0.0.0.0       localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
 
There are 82 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01A45FE7-CD39-40F0-938D-048F87201FD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-14] (Google Inc.)
Task: {0EF89C63-E2BE-4662-9C45-DCED5D6A7DC6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {2A79C66A-04B5-4972-9B75-44FD03BDB21A} - System32\Tasks\{35056329-CCEF-4179-BB4B-3AA0136AE01D} => pcalua.exe -a C:\Users\KENT500GB\Downloads\wlsetup-web(2).exe -d C:\Users\KENT500GB\Downloads
Task: {2B31F6C1-C18C-44AC-A94E-EF54D83EC440} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS\AutoKMS.exe [2014-10-23] ()
Task: {2FC86AD8-0C1B-404B-AEA9-4D5F57F2DD96} - System32\Tasks\{263F678B-416F-4143-B486-28A098F93A23} => C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe [2014-10-13] (Panda Security, S.L.)
Task: {335538DE-762B-4C05-8AC5-E80C617BA3F0} - System32\Tasks\{39C1B9DC-170F-46D5-9D7A-F8CADEEE8E86} => pcalua.exe -a C:\Users\KENT500GB\Downloads\wlsetup-web(1).exe -d C:\Users\KENT500GB\Downloads
Task: {3FE2921C-C4E9-4E14-B6AE-C3247613E8AC} - System32\Tasks\AdobeAAMUpdater-1.0-KENT500GB-PC-KENT500GB => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {40918783-50A8-4DAE-B593-44D3CCF660A6} - System32\Tasks\{3F394048-E16E-4CF9-B90E-D78611C49531} => C:\Users\KENT500GB\Desktop\downloaded Programs on HOLD\spybot-2.4.exe [2015-02-14] ()
Task: {409E8143-2E42-4CD2-886B-D6466BEF2CB6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {5A41420A-DCB6-4146-9C65-9A488D1DBAE4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-14] (Google Inc.)
Task: {7AF883B8-70DD-4C05-B78C-87CE60A7AB34} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {7B6B7C74-F9A0-45A4-8786-29BCA43D199D} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-10-23] ()
Task: {8973C575-0464-480B-B836-ACBE89FF5319} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C2F660EA-3443-4B7A-95CC-C56A8527F8E4} - System32\Tasks\{729B7C31-5BE2-45BF-8BC8-A2309E5248ED} => C:\Program Files (x86)\Juice\Juice.exe [2005-11-11] ()
Task: {C571B65B-C6F0-40FF-8AB0-4AC008F42354} - System32\Tasks\{D34DB9BE-795C-4F56-A230-8433A78AAEB8} => pcalua.exe -a "C:\Users\KENT500GB\Desktop\USB scale Program\Uninstall USB scale Prog\unins000.exe" -d "C:\Users\KENT500GB\Desktop\USB scale Program\Uninstall USB scale Prog"
Task: {CAB9DB41-5B43-4A9A-AAF6-660BBAA99B38} - System32\Tasks\{ED37CF1B-7145-47F3-AE71-6F9E58B68F61} => C:\Program Files (x86)\Juice\Juice.exe [2005-11-11] ()
Task: {CCD0E00C-F1EB-4BE2-98BC-22831DFD4191} - System32\Tasks\NeroLiveEpgUpdate-KENT500GB-PC_KENT500GB => C:\Program Files (x86)\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18] (Nero AG)
Task: {CD849900-BB37-4CE6-A338-3AA63D924CB2} - System32\Tasks\{17586952-B820-4B18-ADEB-7051A8B16110} => C:\Users\KENT500GB\Desktop\downloaded Programs on HOLD\spybot-2.4.exe [2015-02-14] ()
Task: {D4578186-8D8A-409A-B0D7-8D44E4EF3898} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-13] (Adobe Systems Incorporated)
Task: {F3B65156-9E25-4E17-AA45-58B04854FB9E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F8B8D633-C165-4F76-82BE-E70C362C0F56} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NeroLiveEpgUpdate-KENT500GB-PC_KENT500GB.job => C:\Program Files (x86)\Nero\Nero 9\Nero Live\NeroLive.exe
Task: C:\Windows\Tasks\{263F678B-416F-4143-B486-28A098F93A23}.job => C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-07-30 12:41 - 2007-03-15 22:11 - 00138240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdidrpp.dll
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-07 21:27 - 2014-10-07 21:27 - 00139264 _____ () C:\Users\KENT500GB\AppData\Roaming\moters\supna.dll
2014-04-16 19:19 - 2011-10-26 16:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2014-04-16 19:19 - 2011-10-26 16:41 - 00126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2013-04-12 12:23 - 2013-04-12 12:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00750080 _____ () C:\Users\KENT500GB\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-15 12:25 - 2015-02-15 12:25 - 00043008 _____ () c:\Users\KENT500GB\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpls1mfl.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00047616 _____ () C:\Users\KENT500GB\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00865280 _____ () C:\Users\KENT500GB\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00200704 _____ () C:\Users\KENT500GB\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-05-01 20:07 - 2009-12-09 20:20 - 00126976 _____ () C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll
2015-02-14 17:27 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-14 17:27 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-27 13:28 - 2015-01-27 13:28 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-07 21:27 - 2014-10-07 21:27 - 00117760 _____ () C:\Users\KENT500GB\AppData\Roaming\moters\mentste.dll
2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-381782413-416685821-1044739591-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UltraMon.lnk => C:\Windows\pss\UltraMon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^KENT500GB^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Cisco VUSB.lnk => C:\Windows\pss\Cisco VUSB.lnk.Startup
MSCONFIG\startupfolder: C:^Users^KENT500GB^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^KENT500GB^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupfolder: C:^Users^KENT500GB^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HDMI cord for monitor.lnk => C:\Windows\pss\HDMI cord for monitor.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AML Registry Cleaner => C:\Program Files (x86)\AML Products\Registry Cleaner\regclean.exe /min
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
MSCONFIG\startupreg: Easy ShutDown => C:\Program Files (x86)\Easy ShutDown\EasyShutDown.exe :silent
MSCONFIG\startupreg: LockStatusTray => C:\Windows\LockStatusTray.exe
MSCONFIG\startupreg: lxdiamon => "C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe"
MSCONFIG\startupreg: lxdimon.exe => "C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe"
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: OEM02Mon.exe => C:\Windows\OEM02Mon.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-381782413-416685821-1044739591-500 - Administrator - Disabled)
Guest (S-1-5-21-381782413-416685821-1044739591-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-381782413-416685821-1044739591-1003 - Limited - Enabled)
KENT500GB (S-1-5-21-381782413-416685821-1044739591-1000 - Administrator - Enabled) => C:\Users\KENT500GB
UpdatusUser (S-1-5-21-381782413-416685821-1044739591-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/15/2015 00:24:50 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (02/15/2015 11:43:00 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "file:///E:\\">.
 
Error: (02/15/2015 11:42:56 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "file:///E:\\">.
 
Error: (02/15/2015 11:42:08 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "file:///E:\\">.
 
Error: (02/15/2015 11:42:05 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "file:///E:\\">.
 
Error: (02/15/2015 11:38:45 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "file:///E:\\">.
 
Error: (02/15/2015 11:38:41 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "file:///E:\\">.
 
Error: (02/15/2015 11:38:25 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "file:///E:\\">.
 
Error: (02/15/2015 11:38:21 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "file:///E:\\">.
 
Error: (02/15/2015 11:37:11 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "file:///E:\\">.
 
 
System errors:
=============
Error: (02/15/2015 00:29:40 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 3NVSvc{DCAB0989-1301-4319-BE5F-ADE89F88581C}
 
Error: (02/15/2015 00:26:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%3
 
Error: (02/15/2015 00:26:12 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5
 
Error: (02/15/2015 00:25:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error:
%%3
 
Error: (02/15/2015 00:25:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%3
 
Error: (02/15/2015 00:25:18 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
 
Error: (02/15/2015 00:24:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxdiCATSCustConnectService service failed to start due to the following error:
%%1053
 
Error: (02/15/2015 00:24:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxdiCATSCustConnectService service to connect.
 
Error: (02/15/2015 00:23:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068
 
Error: (02/15/2015 00:22:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (02/15/2015 00:24:50 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (02/15/2015 11:43:00 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07file:///E:\\
 
Error: (02/15/2015 11:42:56 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07file:///E:\\
 
Error: (02/15/2015 11:42:08 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07file:///E:\\
 
Error: (02/15/2015 11:42:05 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07file:///E:\\
 
Error: (02/15/2015 11:38:45 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07file:///E:\\
 
Error: (02/15/2015 11:38:41 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07file:///E:\\
 
Error: (02/15/2015 11:38:25 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07file:///E:\\
 
Error: (02/15/2015 11:38:21 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07file:///E:\\
 
Error: (02/15/2015 11:37:11 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07file:///E:\\
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-25 21:47:50.336
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-25 21:47:50.304
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-31 20:06:35.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-31 20:06:35.730
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-31 20:06:35.543
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-31 20:06:35.355
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-31 20:06:31.721
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-31 20:06:31.533
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-31 20:06:31.362
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-31 20:06:31.175
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info ===========================
 
Processor: Intel® Core™2 Duo CPU T8300 @ 2.40GHz
Percentage of memory in use: 49%
Total physical RAM: 4094.06 MB
Available physical RAM: 2055.92 MB
Total Pagefile: 8186.31 MB
Available Pagefile: 5963.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:338.71 GB) (Free:11.45 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:126.95 GB) (Free:16.91 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B0000000)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=338.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=127 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
*

Edited by hamluis, 16 February 2015 - 01:33 PM.
Moved from AII to Malware Removal Logs - Hamluis.


#3 Kenterbent

Kenterbent
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Buffalo NY
  • Local time:11:01 AM

Posted 16 February 2015 - 01:45 PM

Sorry I didn't understand at first, the instructions on posting my scans...... re posted all of them at

Virus ...Tro... spy... etc.... Removal Logs Forum - Thanks - Learning how to work the blog among other things  .....

                      Kent



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,254 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:01 AM

Posted 20 February 2015 - 09:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-381782413-416685821-1044739591-1000\...\Policies\Explorer: [RestrictRun] 0
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-381782413-416685821-1044739591-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-381782413-416685821-1044739591-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\4p1vc3rt.default\searchplugins\bing-zugo.xml
FF SearchPlugin: C:\Users\KENT500GB\AppData\Roaming\Mozilla\Firefox\Profiles\10amo68p.Default User\searchplugins\bing-zugo.xml
FF Extension: SySaver - C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org [2015-01-27]
S2 nvsvc; No ImagePath
S2 SDScannerService; No ImagePath
S2 SDUpdateService; No ImagePath
S3 catchme; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CustomCLSID: HKU\S-1-5-21-381782413-416685821-1044739591-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\KENT500GB\AppData\Roaming\moters\supna.dll () <==== ATTENTION
C:\Users\KENT500GB\AppData\Roaming\moters\supna.dll

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#5 Kenterbent

Kenterbent
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Buffalo NY
  • Local time:11:01 AM

Posted 20 February 2015 - 08:26 PM

Nasdaq,  thank YOU!

 

Computer 2 is happy too ....

 

Logs beleu

 

KENT

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by KENT B at 2015-02-20 18:55:35 Run:1
Running from C:\Users\KENT B\Desktop\Remv iexplore virus tools
Loaded Profiles: KENT B & UpdatusUser (Available profiles: KENT B & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2430595356-1321743807-1201194000-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2430595356-1321743807-1201194000-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-2430595356-1321743807-1201194000-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Users\KENT B\AppData\Roaming\Mozilla\Firefox\Profiles\4p1vc3rt.default\searchplugins\bing-zugo.xml
FF SearchPlugin: C:\Users\KENT B\AppData\Roaming\Mozilla\Firefox\Profiles\ed9j7ves.Recovery Profile\searchplugins\duckduckgo-1.xml
FF SearchPlugin: C:\Users\KENT B\AppData\Roaming\Mozilla\Firefox\Profiles\ed9j7ves.Recovery Profile\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\KENT B\AppData\Roaming\Mozilla\Firefox\Profiles\ed9j7ves.Recovery Profile\searchplugins\startpage-http.xml
FF SearchPlugin: C:\Users\KENT B\AppData\Roaming\Mozilla\Firefox\Profiles\ed9j7ves.Recovery Profile\searchplugins\startpage-https.xml
FF Extension: Snap.Do  - C:\Users\KENT B\AppData\Roaming\Mozilla\Firefox\Profiles\d775scrs.default-1400719364206\Extensions\{9c5632c7-8bf4-8a82-6981-35e319f512b4} [2014-08-25]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - No Path
S2 nvsvc; No ImagePath
S2 SDScannerService; No ImagePath
S2 SDUpdateService; No ImagePath
S3 catchme; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CustomCLSID: HKU\S-1-5-21-2430595356-1321743807-1201194000-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\KENT B\AppData\Roaming\moters\supna.dll ()
Task: {60BADF9C-95CB-41F5-AACC-7179956BB911} - \AutoKMS No Task File
C:\Users\KENT B\AppData\Roaming\moters\supna.dll

End

*****************

Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2430595356-1321743807-1201194000-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2430595356-1321743807-1201194000-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-2430595356-1321743807-1201194000-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\KENT B\AppData\Roaming\Mozilla\Firefox\Profiles\4p1vc3rt.default\searchplugins\bing-zugo.xml => Moved successfully.
C:\Users\KENT B\AppData\Roaming\Mozilla\Firefox\Profiles\ed9j7ves.Recovery Profile\searchplugins\duckduckgo-1.xml => Moved successfully.
C:\Users\KENT B\AppData\Roaming\Mozilla\Firefox\Profiles\ed9j7ves.Recovery Profile\searchplugins\duckduckgo.xml => Moved successfully.
C:\Users\KENT B\AppData\Roaming\Mozilla\Firefox\Profiles\ed9j7ves.Recovery Profile\searchplugins\startpage-http.xml => Moved successfully.
C:\Users\KENT B\AppData\Roaming\Mozilla\Firefox\Profiles\ed9j7ves.Recovery Profile\searchplugins\startpage-https.xml => Moved successfully.
C:\Users\KENT B\AppData\Roaming\Mozilla\Firefox\Profiles\d775scrs.default-1400719364206\Extensions\{9c5632c7-8bf4-8a82-6981-35e319f512b4} => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji" => Key deleted successfully.
nvsvc => Service deleted successfully.
SDScannerService => Service deleted successfully.
SDUpdateService => Service deleted successfully.
catchme => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
"HKU\S-1-5-21-2430595356-1321743807-1201194000-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{60BADF9C-95CB-41F5-AACC-7179956BB911}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60BADF9C-95CB-41F5-AACC-7179956BB911}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
C:\Users\KENT B\AppData\Roaming\moters\supna.dll => Moved successfully.


The system needed a reboot.

==== End of Fixlog 18:55:36 ====

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,254 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:01 AM

Posted 21 February 2015 - 09:00 AM

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#7 Kenterbent

Kenterbent
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Buffalo NY
  • Local time:11:01 AM

Posted 21 February 2015 - 12:54 PM

Seems to Run Okay - first few times I downloaded I would get an error box and the download would vanish (?) - once I ran it the results don't mean much to me...... but thanks- Kent

 

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Panda Antivirus Pro 2015   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 AML Free Registry Cleaner 4.25
 Java 8 Update 31  
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled!
 KENT B Desktop downloaded Virus Hunters SecurityCheck.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````
 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,254 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:01 AM

Posted 22 February 2015 - 08:26 AM

Looking good.

You have the latest Java version for both the 32 and 64 bit programs.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users