Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ad popups from Jabuticaba in web browsers, and link redirects


  • This topic is locked This topic is locked
6 replies to this topic

#1 stvnbvn

stvnbvn

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 18 August 2015 - 06:57 PM

Okay, a detailed description? I clicked on a link a couple of days ago that I shouldn't have, and a gazillion aps installed themselves onto my computer. The computer seems fine, until you go out to the internet. There, it redirects constantly. Pop up ads are relentless. The name "Jabuticaba" is on the bottom of the ad boxes. The responsiveness of navigating the web is nearly impossible. My machine acts as if all the memory and cpu is being used.

 

Hopefully this is enough description for you guys/gals.

Thanks.

Stvnbvn

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-08-2015
Ran by Administrator (administrator) on CWA-8540W (18-08-2015 16:04:19)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vfsFPService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\MDM.EXE
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareTray.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareTray.exe [9549808 2015-06-24] ()
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1540896 2015-07-15] (Seagate Technology LLC)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-07-28] (Panda Security, S.L.)
HKU\S-1-5-21-2478894960-646659143-2650976217-500\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2015-07-15] (Seagate Technology LLC)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-08-16]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
GroupPolicyScripts: Group Policy detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2478894960-646659143-2650976217-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2478894960-646659143-2650976217-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-2478894960-646659143-2650976217-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?PC=AV01
HKU\S-1-5-21-2478894960-646659143-2650976217-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?PC=AV01
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2478894960-646659143-2650976217-500 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2478894960-646659143-2650976217-500 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2011-05-02] (DigitalPersona, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2011-05-02] (DigitalPersona, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
DPF: HKLM-x32 {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} hxxps://notes.allegiantair.com/dwa85W.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{39B4E267-4C8B-4C51-A739-46E76E95D93B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F803DC31-E8F0-42B6-8115-E358AF7C096A}: [DhcpNameServer] 10.10.1.71 10.12.132.71 10.10.1.72

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\stn79ein.default-1439911961089
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-23] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2014-02-28] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-08-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-08-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-08-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-08-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-08-04] (Apple Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-02-20]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2015-08-17]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - https://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - https://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-08-16] (Adobe Systems) [File not signed]
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-08-17] (Kaspersky Lab ZAO)
S2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
R2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareService.exe [716664 2015-06-24] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-11-19] ()
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-07-29] (Panda Security, S.L.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73464 2015-07-23] (Panda Security, S.L.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-07-28] (Panda Security, S.L.)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760 2014-02-28] ()
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-07-15] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2015-07-15] (Seagate Technology LLC)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-15] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 vfsFPService; C:\Windows\system32\vfsFPService.exe [721712 2009-06-03] (Validity Sensors, Inc.)
R2 vfsFPService; C:\Windows\SysWOW64\vfsFPService.exe [599344 2009-06-03] (Validity Sensors, Inc.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1196432 2015-08-16] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-11-19] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
S3 DSI_SiUSBXp_3_1; C:\Windows\System32\drivers\DSI_SiUSBXp_3_1.sys [16384 2007-09-06] (Silicon Laboratories)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [171192 2015-06-30] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-07-04] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [931000 2015-06-30] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [30392 2015-06-08] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11523584 2014-12-19] (Intel Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201976 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [57648 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [72952 2015-07-09] ()
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-07-09] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121592 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [134392 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-07-19] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
R3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismcx64.sys [79488 2006-10-03] (RICOH Company, Ltd.)
S3 SaiK0836; C:\Windows\System32\DRIVERS\SaiK0836.sys [172040 2010-06-17] (Saitek)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-06-10] (Apple, Inc.) [File not signed]
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117040 2011-11-04] (Oracle Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-18 16:02 - 2015-08-18 16:04 - 00024303 _____ C:\Users\Administrator\Desktop\FRST.txt
2015-08-18 16:02 - 2015-08-18 16:04 - 00000000 ____D C:\FRST
2015-08-18 14:10 - 2015-08-18 14:10 - 00003264 _____ C:\Windows\System32\Tasks\Trojan Killer
2015-08-18 14:10 - 2015-08-18 14:10 - 00000000 ____D C:\ProgramData\GridinSoft
2015-08-18 14:06 - 2015-08-18 14:09 - 73147432 _____ (GridinSoft LLC) C:\Users\Administrator\Downloads\gtk-2.2.8.0-setup.exe
2015-08-18 10:55 - 2015-05-22 01:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-08-18 08:42 - 2015-08-18 12:39 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-18 08:42 - 2015-08-18 08:42 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-18 08:42 - 2015-08-18 08:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-18 08:42 - 2015-08-18 08:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-18 08:42 - 2015-08-18 08:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-18 08:42 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-18 08:42 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-18 08:42 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-18 08:41 - 2015-08-18 08:42 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-18 08:24 - 2015-08-18 08:25 - 02953520 _____ (AVAST Software) C:\Users\Administrator\Downloads\avast-browser-cleanup.exe
2015-08-17 20:20 - 2015-08-17 20:20 - 00000000 ____D C:\Users\Administrator\Documents\Updater
2015-08-17 17:03 - 2015-08-17 17:03 - 00002083 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2015-08-17 17:03 - 2015-08-17 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2015-08-17 17:02 - 2015-08-18 15:49 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-17 17:02 - 2015-08-17 17:02 - 00000000 ____D C:\Windows\ELAMBKUP
2015-08-17 17:02 - 2015-08-17 17:02 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-08-17 17:02 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-08-17 17:01 - 2015-07-04 02:18 - 00227000 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2015-08-17 17:01 - 2015-06-30 01:05 - 00931000 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-08-17 17:01 - 2015-06-30 01:05 - 00171192 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-08-17 16:43 - 2015-08-17 16:43 - 01897072 _____ (Kaspersky Lab) C:\Users\Administrator\Downloads\kav16.0.0.614en_8368.exe
2015-08-17 11:08 - 2015-08-17 11:08 - 00931408 _____ (Google Inc.) C:\Users\Administrator\Downloads\ChromeSetup.exe
2015-08-17 11:00 - 2015-08-18 08:32 - 00000000 ____D C:\Users\Administrator\Desktop\Old Firefox Data
2015-08-17 10:54 - 2015-08-17 10:55 - 02173440 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-08-17 10:23 - 2015-08-17 10:28 - 00015608 _____ C:\AdwCleaner[C1].txt
2015-08-17 10:20 - 2015-08-17 10:23 - 00000000 ____D C:\AdwCleaner
2015-08-17 10:20 - 2015-08-17 10:22 - 00014265 _____ C:\AdwCleaner[S1].txt
2015-08-17 10:16 - 2015-08-17 10:16 - 00057362 _____ C:\ComboFix.txt
2015-08-17 09:48 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-17 09:48 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-17 09:48 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-17 09:48 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-17 09:48 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-17 09:48 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-17 09:48 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-17 09:48 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-17 09:44 - 2015-08-17 10:16 - 00000000 ____D C:\Qoobox
2015-08-17 09:43 - 2015-08-17 10:14 - 00000000 ____D C:\Windows\erdnt
2015-08-17 09:42 - 2015-08-17 09:42 - 05635195 ____R (Swearware) C:\Users\Administrator\Downloads\ComboFix.exe
2015-08-17 09:37 - 2015-08-17 09:38 - 01563648 _____ C:\Users\Administrator\Downloads\AdwCleaner.exe
2015-08-17 08:37 - 2015-08-17 08:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Panda Security
2015-08-17 08:37 - 2015-08-17 08:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-08-17 08:37 - 2015-08-17 08:37 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-08-17 08:33 - 2015-08-17 08:34 - 64326088 _____ C:\Users\Administrator\Downloads\FREEAV.exe
2015-08-17 08:21 - 2015-08-17 08:37 - 00000000 ____D C:\ProgramData\Panda Security
2015-08-17 08:20 - 2015-08-17 08:21 - 02113152 _____ C:\Users\Administrator\Downloads\PANDAFREEAV.exe
2015-08-17 08:13 - 2015-08-17 08:13 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-17 08:13 - 2015-08-17 08:13 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-17 08:10 - 2015-08-17 08:10 - 00242768 _____ C:\Users\Administrator\Downloads\Firefox Setup Stub 40.0.2.exe
2015-08-17 07:56 - 2015-08-17 07:56 - 00000000 _____ C:\Windows\setuperr.log
2015-08-16 23:10 - 2015-08-16 23:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG
2015-08-16 23:10 - 2015-08-16 23:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg
2015-08-16 23:09 - 2015-08-16 23:31 - 00000000 ____D C:\ProgramData\AVG
2015-08-16 20:03 - 2015-08-17 10:23 - 00029127 _____ C:\Windows\SysWOW64\debug.log
2015-08-16 20:03 - 2015-08-16 20:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\AVG Web TuneUp
2015-08-16 20:03 - 2015-08-16 20:03 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2015-08-16 20:03 - 2015-08-16 20:03 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-08-16 19:53 - 2015-08-18 10:51 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-16 19:52 - 2015-08-18 10:52 - 00000000 ____D C:\Program Files (x86)\AVG
2015-08-16 19:48 - 2015-08-16 19:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg2014
2015-08-16 18:47 - 2015-08-16 18:47 - 00301376 _____ C:\Users\Administrator\Downloads\setup (1).zip.crdownload
2015-08-16 18:39 - 2015-08-16 18:39 - 00555288 _____ C:\Users\Administrator\Downloads\Unconfirmed 363686.crdownload
2015-08-16 18:38 - 2015-08-16 18:38 - 00555288 _____ C:\Users\Administrator\Downloads\Unconfirmed 265237.crdownload
2015-08-16 18:17 - 2015-08-16 18:17 - 00555288 _____ C:\Users\Administrator\Downloads\Unconfirmed 759262.crdownload
2015-08-16 18:16 - 2015-08-16 18:16 - 00555288 _____ C:\Users\Administrator\Downloads\Unconfirmed 643112.crdownload
2015-08-16 17:00 - 2015-08-16 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-08-16 17:00 - 2015-08-16 17:02 - 00000000 ____D C:\ProgramData\Oracle
2015-08-16 16:59 - 2015-08-16 16:59 - 29727656 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\setup [1].exe
2015-08-16 16:35 - 2015-08-16 16:35 - 00555288 _____ C:\Users\Administrator\Downloads\Unconfirmed 954926.crdownload
2015-08-16 16:35 - 2015-08-16 16:35 - 00555288 _____ C:\Users\Administrator\Downloads\Unconfirmed 564763.crdownload
2015-08-16 16:04 - 2015-08-16 16:04 - 00002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2015-08-16 16:02 - 2015-08-16 16:02 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2015-08-16 16:01 - 2015-08-16 16:01 - 00002610 _____ C:\Users\Administrator\Desktop\Adobe Illustrator CS2.lnk
2015-08-16 16:01 - 2015-08-16 16:01 - 00002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
2015-08-16 16:00 - 2004-08-16 17:40 - 00016384 _____ C:\Windows\SysWOW64\FileOps.exe
2015-08-16 15:59 - 2015-08-16 15:59 - 00798514 _____ C:\Users\Administrator\Downloads\setup.zip
2015-08-16 15:54 - 2015-08-16 15:56 - 00000000 ____D C:\AI_CS2_IE_NonRet
2015-08-16 15:09 - 2015-08-16 15:36 - 655724886 _____ (Adobe Systems Inc. ) C:\Users\Administrator\Downloads\AI_CS2_IE_NonRet.exe
2015-08-16 14:19 - 2015-08-16 14:19 - 00000217 _____ C:\task.vbs
2015-08-16 13:34 - 2015-08-16 13:34 - 00000000 ____D C:\Program Files\New folder (2)
2015-08-16 13:34 - 2015-08-16 13:34 - 00000000 ____D C:\Program Files\New folder
2015-08-16 13:16 - 2015-08-16 13:19 - 00000000 ____D C:\Users\Administrator\AppData\Local\19682
2015-08-16 13:10 - 2015-08-16 13:10 - 00000000 ____D C:\Windows\system32\inu
2015-08-16 13:04 - 2015-08-16 13:05 - 00000890 _____ C:\Windows\SysWOW64\${LOGFILE}
2015-08-16 13:01 - 2015-08-16 13:02 - 00001655 _____ C:\ProgramData\tempimage.bmp
2015-08-16 13:01 - 2015-08-16 13:01 - 00000000 ____D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
2015-08-16 12:59 - 2015-08-16 14:21 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Opera Software
2015-08-16 12:59 - 2015-08-16 14:21 - 00000000 ____D C:\Users\Administrator\AppData\Local\Opera Software
2015-08-16 12:58 - 2015-08-16 14:22 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-16 12:57 - 2014-09-27 18:37 - 00001424 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-16 12:56 - 2015-08-18 00:56 - 00000000 ____D C:\Program Files (x86)\9CC834AD-1439755009-11E0-B300-3211B9070017
2015-08-16 12:50 - 2015-08-18 00:56 - 00000238 _____ C:\Users\Administrator\Downloads\3DLogoDesignbyAurora3DText.zip
2015-08-15 22:23 - 2015-08-15 22:22 - 00000053 _____ C:\Users\Administrator\Desktop\googledc6ef5c544a1a570.html
2015-08-15 22:22 - 2015-08-15 22:22 - 00000053 _____ C:\Users\Administrator\Downloads\googledc6ef5c544a1a570.html
2015-08-14 22:24 - 2015-08-15 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-08-14 01:15 - 2015-08-17 08:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-12 09:24 - 2015-08-14 09:25 - 00000000 ____D C:\Users\Administrator\Desktop\Action Shots
2015-08-12 07:32 - 2015-08-12 07:32 - 00002098 _____ C:\Users\Administrator\Desktop\Mozilla Thunderbird.lnk
2015-08-12 07:28 - 2015-08-12 07:28 - 00000359 _____ C:\Users\Administrator\Desktop\Recycle Bin - Shortcut.lnk
2015-08-11 22:03 - 2015-08-11 22:15 - 00000132 _____ C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-08-11 09:20 - 2015-08-15 17:31 - 00000000 ____D C:\Users\Administrator\Desktop\2015-05-03
2015-08-09 17:40 - 2014-07-27 21:39 - 00001236 _____ C:\Users\Administrator\Desktop\Adobe Photoshop CS6 (64 Bit) - Copy.lnk
2015-08-09 17:39 - 2014-04-19 09:26 - 00002073 _____ C:\Users\Administrator\Desktop\Lightroom 5.4 64-bit.lnk
2015-08-09 14:20 - 2015-08-17 08:51 - 00144760 _____ C:\Users\cwa\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-07 10:47 - 2015-08-07 10:47 - 00050727 _____ C:\Users\Administrator\Downloads\exclude-pages.1.92.zip
2015-08-06 09:26 - 2015-08-12 09:47 - 00000000 ____D C:\Users\Administrator\Desktop\SwellPixAdditions
2015-08-05 08:53 - 2015-08-05 08:57 - 00002200 _____ C:\Users\Administrator\Downloads\photocrati-theme-v4.9.zip
2015-08-04 22:13 - 2015-08-04 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-04 22:13 - 2015-08-04 22:13 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-08-04 22:03 - 2015-08-04 22:04 - 41908568 _____ (Apple Inc.) C:\Users\Administrator\Downloads\QuickTimeInstaller(1).exe
2015-08-04 21:10 - 2015-08-04 21:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2015-08-03 22:49 - 2015-08-03 22:49 - 00002115 _____ C:\Users\Public\Desktop\Seagate Dashboard.lnk
2015-08-03 22:49 - 2015-08-03 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2015-08-03 22:48 - 2015-08-03 22:48 - 00000000 ____D C:\ProgramData\Nero
2015-08-03 22:48 - 2015-08-03 22:48 - 00000000 ____D C:\Program Files (x86)\Seagate
2015-07-26 17:15 - 2015-08-16 15:09 - 00000029 _____ C:\Users\Administrator\Desktop\New Text Document.txt
2015-07-24 23:02 - 2015-08-18 15:52 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2015-07-23 21:24 - 2015-07-23 21:24 - 04591242 _____ C:\Users\Administrator\Downloads\virtue.2.4.9.zip
2015-07-23 14:47 - 2015-07-23 14:48 - 06864537 _____ C:\Users\Administrator\Downloads\wordpress-4.2.3.zip
2015-07-23 14:44 - 2015-07-23 14:45 - 00010730 _____ C:\Users\Administrator\Downloads\admin.php
2015-07-23 14:43 - 2015-07-23 14:43 - 00000043 _____ C:\Users\Administrator\AppData\Roaming\WB.CFG
2015-07-23 14:35 - 2015-07-23 14:36 - 00000000 ____D C:\wordpress
2015-07-23 13:54 - 2015-08-15 22:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FileZilla
2015-07-23 13:54 - 2015-07-23 13:54 - 00001805 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2015-07-23 13:53 - 2015-07-23 13:54 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2015-07-23 13:53 - 2015-07-23 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-07-23 13:43 - 2015-07-23 13:43 - 06483456 _____ (Tim Kosse) C:\Users\Administrator\Downloads\FileZilla_3.12.0.2_win64-setup.exe
2015-07-23 13:41 - 2015-07-23 13:57 - 00000980 _____ C:\Users\Administrator\Downloads\pinboard.1.1.12.zip
2015-07-23 10:50 - 2015-08-05 09:01 - 00000000 ____D C:\Users\Administrator\Documents\Swellpix.com
2015-07-21 08:02 - 2015-07-21 08:02 - 00001786 _____ C:\Users\Administrator\Desktop\SmugMug - Shortcut.lnk
2015-07-20 21:43 - 2015-07-20 21:43 - 00001374 _____ C:\Users\Administrator\Desktop\SmugMug.lrplugin - Shortcut.lnk
2015-07-20 19:58 - 2015-07-24 22:12 - 00216382 _____ C:\Users\Administrator\Documents\SmugMug LrPublish.log
2015-07-20 19:13 - 2015-07-20 19:13 - 00460548 _____ C:\Users\Administrator\Downloads\SmugMug-2.3.1.0.zip
2015-07-20 19:13 - 2015-07-20 19:13 - 00000000 ____D C:\Users\Administrator\Downloads\SmugMug-2.3.1.0
2015-07-20 18:56 - 2015-07-20 18:56 - 00673968 _____ (Adobe Systems Incorporated) C:\Users\Administrator\Downloads\CreativeCloudSet-Up(1).exe
2015-07-19 09:45 - 2015-07-19 09:45 - 00197880 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINKNC.sys
2015-07-19 09:45 - 2015-07-19 09:45 - 00164088 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINAflt.sys
2015-07-19 09:45 - 2015-07-19 09:45 - 00134392 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProt.sys
2015-07-19 09:45 - 2015-07-19 09:45 - 00124152 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProc.sys
2015-07-19 09:45 - 2015-07-19 09:45 - 00121592 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINFile.sys
2015-07-19 09:45 - 2015-07-19 09:45 - 00107768 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINReg.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-18 15:49 - 2011-08-27 15:16 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-18 15:12 - 2012-08-28 13:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-18 13:49 - 2011-08-26 19:06 - 01099574 _____ C:\Windows\WindowsUpdate.log
2015-08-18 12:16 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-18 12:16 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-18 12:13 - 2014-02-21 00:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2015-08-18 12:13 - 2011-08-27 15:15 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-18 12:10 - 2011-08-27 15:16 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-18 10:57 - 2015-07-17 00:31 - 00002347 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-08-18 10:57 - 2015-01-04 20:13 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2015-08-18 10:57 - 2012-12-12 10:31 - 00000000 ____D C:\ProgramData\HPQLOG
2015-08-18 10:53 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-18 10:53 - 2009-07-13 21:51 - 00029488 _____ C:\Windows\setupact.log
2015-08-18 10:52 - 2014-02-26 22:47 - 00000000 ____D C:\ProgramData\MFAData
2015-08-18 10:52 - 2011-08-26 23:37 - 00962306 _____ C:\Windows\PFRO.log
2015-08-18 10:34 - 2014-02-27 18:23 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2015-08-18 10:16 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\schemas
2015-08-18 00:56 - 2014-09-29 21:15 - 00000233 _____ C:\Users\Administrator\Downloads\Panolapse_1_171_keygen.zip
2015-08-17 16:46 - 2011-08-26 20:20 - 00001945 _____ C:\Windows\epplauncher.mif
2015-08-17 10:16 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Default
2015-08-17 10:13 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
2015-08-17 10:09 - 2014-02-20 19:24 - 00000000 ____D C:\Users\Administrator
2015-08-17 08:51 - 2009-07-13 21:45 - 05128464 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-17 08:48 - 2012-05-03 16:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-17 08:37 - 2014-02-20 19:25 - 00144760 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-17 07:03 - 2011-08-29 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Development
2015-08-17 00:03 - 2015-01-05 21:19 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\hpqLog
2015-08-17 00:03 - 2014-02-27 17:19 - 00000000 ____D C:\Program Files\Vuze
2015-08-17 00:03 - 2014-02-26 18:23 - 00000000 ____D C:\ProgramData\TEMP
2015-08-17 00:02 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\sysprep
2015-08-16 23:55 - 2015-05-13 22:20 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-16 23:55 - 2013-09-16 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2015-08-16 21:35 - 2014-09-29 21:16 - 00000000 ____D C:\Users\Administrator\Downloads\Panolapse_1_171_keygen
2015-08-16 21:35 - 2014-09-29 20:51 - 00000000 ____D C:\Users\Administrator\Downloads\Panolapse.1.105.cracked-SND
2015-08-16 17:00 - 2012-06-28 09:45 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-08-16 17:00 - 2012-06-28 09:45 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-08-16 17:00 - 2012-06-28 09:45 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-08-16 16:06 - 2014-02-20 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2015-08-16 16:04 - 2012-10-23 11:24 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-16 16:01 - 2014-09-27 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2015-08-16 16:00 - 2011-08-26 20:40 - 00000000 ____D C:\ProgramData\Adobe
2015-08-16 14:34 - 2014-02-20 19:25 - 00001413 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-16 14:34 - 2009-07-13 21:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-16 14:11 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-08-16 13:15 - 2011-08-26 19:28 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-08-16 13:14 - 2011-08-26 19:28 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-08-12 12:09 - 2014-04-21 17:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 12:09 - 2014-04-21 17:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 11:44 - 2009-07-13 22:13 - 00786558 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-11 23:48 - 2014-04-21 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-10 12:56 - 2015-01-31 22:40 - 00001456 _____ C:\Users\Administrator\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-08-09 15:16 - 2014-03-09 10:19 - 00000000 ____D C:\Users\Administrator\Documents\PDFs
2015-08-04 23:13 - 2014-10-18 21:12 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HandBrake
2015-08-04 21:10 - 2014-10-18 21:11 - 00000824 _____ C:\Users\Administrator\Desktop\Handbrake.lnk
2015-08-04 21:10 - 2014-10-18 21:11 - 00000000 ____D C:\Program Files\Handbrake
2015-08-03 23:06 - 2015-07-13 11:19 - 00003772 _____ C:\Windows\System32\Tasks\Administrator
2015-08-03 11:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-23 08:05 - 2012-08-28 13:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-23 08:05 - 2012-03-28 14:50 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-23 08:05 - 2011-08-26 19:37 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-21 11:42 - 2014-08-03 04:52 - 00000000 ____D C:\Users\Administrator\AppData\Local\Windows Live
2015-07-21 08:34 - 2012-05-16 18:57 - 00000000 ____D C:\Users\Administrator\Desktop\MargsNotes

==================== Files in the root of some directories =======

2014-05-25 03:28 - 2014-05-25 03:28 - 0000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2014-10-12 19:28 - 2014-10-13 14:30 - 0000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe BMP Format CS6 Prefs
2014-11-24 22:10 - 2015-02-15 11:59 - 0000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe GIF Format CS6 Prefs
2014-10-17 18:48 - 2014-10-17 18:48 - 0000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2015-08-11 22:03 - 2015-08-11 22:15 - 0000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-07-23 14:43 - 2015-07-23 14:43 - 0000043 _____ () C:\Users\Administrator\AppData\Roaming\WB.CFG
2014-04-20 08:48 - 2014-04-20 08:48 - 0000037 ___SH () C:\Users\Administrator\AppData\Local\134e6589520e51682091c0.32666518
2015-01-31 22:40 - 2015-08-10 12:56 - 0001456 _____ () C:\Users\Administrator\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-03-24 22:17 - 2014-03-24 22:17 - 0003298 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
2014-02-28 22:05 - 2015-06-18 17:45 - 0007600 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2015-08-16 13:01 - 2015-08-16 13:02 - 0001655 _____ () C:\ProgramData\tempimage.bmp

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Administrator\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Administrator\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Administrator\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2011-08-26 19:28] - [2015-08-16 13:14] - 0357888 ____A (Microsoft Corporation) C09D88A71058BC18A417ED07F1BC0949

C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-12 08:14

==================== End of log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-08-2015
Ran by Administrator (2015-08-18 16:05:12)
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2478894960-646659143-2650976217-500 - Administrator - Enabled) => C:\Users\Administrator
Family (S-1-5-21-2478894960-646659143-2650976217-1016 - Administrator - Enabled)
Guest (S-1-5-21-2478894960-646659143-2650976217-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2478894960-646659143-2650976217-1018 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Kaspersky Anti-Virus (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

_123DMerge (Version: 1.0.0.0 - _123DMerge) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AccessPORT Driver 1.3.1 (HKLM-x32\...\AccessPORT Driver) (Version:  - Cobb Tuning Products, LLC.)
Accessport Manager 2.1.1.8 (HKLM-x32\...\Accessport Manager) (Version: 2.1.1.8 - Cobb Tuning Products, LLC)
Accesstuner Race - Subaru USDM 2004 Forester XT (MT) 1.9.1.0-10475 (HKLM-x32\...\TunerRace_US_FXTM_04) (Version: 1.9.1.0-10475 - Cobb Tuning Products, LLC.)
Ad-Aware Antivirus (HKLM\...\{A041066D-37EF-46FC-9DF7-465A07F1C5CF}_AdAwareUpdater) (Version: 11.7.485.8398 - Lavasoft)
AdAwareInstaller (Version: 11.7.485.8398 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.7.485.8398 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS2 (HKLM-x32\...\Adobe Illustrator CS2) (Version: 12.000.000 - Adobe Systems Inc.)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.4 64-bit (HKLM\...\{558B5965-CC1B-4AF1-BA07-5D6832404050}) (Version: 5.4.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CS4 (HKLM-x32\...\Adobe_26b63376f4efc354dae41af6b5e3343) (Version: 4 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.01) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Angry Birds Star Wars (HKLM-x32\...\{84389C53-9D0B-4417-AA5A-211BEE64BEC7}) (Version: 1.5.0 - Rovio Entertainment Ltd.)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Verifier (x64) (HKLM\...\{361A49FA-59B3-49FB-8C3E-08AF3EA5791A}) (Version: 4.0.917 - Microsoft Corporation)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2000305390.48.56.4068594 - Audible, Inc.)
Autodesk 123D Catch (HKLM-x32\...\{62939D22-F2E8-44BD-A655-0D1F41D5EBA2}) (Version: 1.0.23.0 - Autodesk)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.6.0.153 - AVG Technologies)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C410 (x32 Version: 140.0.273.000 - Hewlett-Packard) Hidden
calibre (HKLM-x32\...\{E1CAE438-DEF7-44C2-A3A9-6915ABF2A732}) (Version: 0.8.16 - Kovid Goyal)
Chanalyzer (HKLM-x32\...\{494D63D1-6CD6-4664-A327-96D3A8CACB50}) (Version: 5.1.0.36 - MetaGeek, LLC)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2201 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debugging Tools for Windows (x64) (HKLM\...\{7F2E5C3B-DBDF-469D-AD8D-F686D3B71176}) (Version: 6.11.1.404 - Microsoft Corporation)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.99.000 - Hewlett-Packard) Hidden
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
Fax (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
FileZilla Client 3.12.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.12.0.2 - Tim Kosse)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Earth (HKLM-x32\...\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}) (Version: 6.1.0.5001 - Google)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{87131DB9-73D1-3FD7-9B25-0F12491F02A9}) (Version: 4.6.3.15268 - Google)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Gtk# for .Net 2.12.10 (HKLM-x32\...\{04AE3BBC-ABFF-42CC-9F90-5B35D229328A}) (Version: 2.12.10 - Xamarin, Inc.)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
HDFView2.8 (HKLM\...\HDFView2.8) (Version: 2.8.0.0 - TheHDFGroup)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart Prem C410 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{C1164ED0-EF08-4B0B-8084-3BDAEAAEFD8D}) (Version: 14.0 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.12.754 - Hewlett-Packard Company)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel® Chipset Device Software (x32 Version: 10.0.27 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{89a03d4c-5e14-4180-984e-6932893138fc}) (Version: 17.14.0 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java™ SE Development Kit 7 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170000}) (Version: 1.7.0.0 - Oracle)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
K-Lite Codec Pack 7.9.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.9.0 - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Device Emulator (64 bit) version 3.0 - ENU (HKLM\...\{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.0) (HKLM\...\SDKSetup_7.0.7600.16385.40715) (Version: 7.0.7600.16385.40715 - Microsoft Corporation)
MinGW-Get version 0.5-beta-20120426-1 (HKLM-x32\...\{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1) (Version: 0.5-beta-20120426-1 - MinGW)
MonoDevelop 3.0.4.6 (HKLM-x32\...\{056C4D3C-E7AD-4AD7-92DC-D0B14F64ADF9}) (Version: 3.0.4.6 - Xamarin)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2 - Mozilla)
Mozilla Thunderbird 38.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.2.0 (x86 en-US)) (Version: 38.2.0 - Mozilla)
MySQL Installer (HKLM-x32\...\{13B27F83-C633-4967-9E13-4B8C982E87CB}) (Version: 1.0.18.0 - Oracle Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9 - )
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4 (HKLM-x32\...\{51071D66-D034-4239-94E0-723FCA10B6FE}) (Version: 3.4.9590 - OpenOffice.org)
OpenSSL 1.0.1c (32-bit) (HKLM-x32\...\OpenSSL (32-bit)_is1) (Version:  - OpenSSL Win32 Installer Team)
OpenVPN 2.2.2 (HKLM-x32\...\OpenVPN) (Version: 2.2.2 - )
Oracle VM VirtualBox 4.2.6 (HKLM\...\{A8A0B1C1-FBC7-4790-8E26-9DA1A6A95452}) (Version: 4.2.6 - Oracle Corporation)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Panda Devices Agent (x32 Version: 1.03.05 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.00.01.0000 - Panda Security)
Panda Free Antivirus (Version: 8.03.00.0000 - Panda Security) Hidden
Panda3D 1.8.0 (HKLM-x32\...\Panda3D 1.8.0) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version:  - Photodex Corporation)
Photomatix Pro version 5.0.2 (HKLM\...\PhotomatixPro5x64_is1) (Version: 5.0.2 - HDRsoft Ltd)
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Preview Handler Pack (HKLM-x32\...\{56C899E7-F067-4AE3-9CBE-788840205808}) (Version: 1.0.0 - Fuel Advance)
ProLabPrints ROES (HKLM-x32\...\{F6096D7C-9F2C-479A-AE89-DFABEDAAA8C7}) (Version: 2.1.0 - SoftWorks Systems, Inc.)
ProShow Plugins for Lightroom (HKLM-x32\...\ProShow Plugins for Lightroom) (Version:  - )
ProShow Producer (HKLM-x32\...\ProShow Producer) (Version:  - Photodex Corporation)
PS_AIO_07_C410_SW_Min (x32 Version: 140.0.273.000 - Hewlett-Packard) Hidden
PTGui Pro 8.3.3 (HKLM-x32\...\PTGui) (Version:  - New House Internet Services B.V.)
Python 2.7 pycrypto-2.3 (HKLM-x32\...\{422EB670-90F6-4332-AEAE-5128AFF84FDD}) (Version: 2.3.0 - Dwayne C. Litzenberger)
Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.6.25 - Intuit)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:24 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.2.002.0 - Seagate)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
TypeScript for Microsoft® Visual Studio® 2012 (HKLM-x32\...\{AD98AD79-BC30-412B-AB26-862CE4CAE62E}) (Version: 0.8.1.1 - Microsoft Corporation)
uGet (HKLM-x32\...\uGet) (Version:  - )
Validity Fingerprint Driver (HKLM\...\{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}) (Version: 4.0.15.0 - Validity Sensors, Inc.)
Validity Sensors software (HKLM\...\{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}) (Version: 2.8.120 - Validity Sensors, Inc.)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.89 - NCH Software)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VSDC Free Video Editor version 2.3.0.337 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 2.3.0.337 - Flash-Integro LLC)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.4.0.0 - Azureus Software, Inc.)
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 2010 (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 2010 CHS Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 2010 CHT Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 2010 DEU Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 2010 ESN Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 2010 FRA Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 2010 ITA Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 2010 JPN Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 2010 KOR Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Visual Studio 2010 RUS Language Pack (x32 Version: 5.0.50403.0 - Microsoft Corporation) Hidden
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{F6FE3205-7737-4772-9017-C7ACD8A5561C}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Smartphone (HKLM-x32\...\{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2015-08-17 10:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1C067B4E-4938-45EF-8829-7CFE88B9AF82} - \{16E63D0B-A1B8-4B72-A0CC-7F5E7F2A1934} -> No File <==== ATTENTION
Task: {2ABEE167-7887-4E7D-92D8-B5DC23B85C91} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {4564A676-6FE1-4070-87B2-23C967FCDF54} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {4E80FE19-4A47-4814-A8FF-0EA454B378E0} - \SidebarExecute -> No File <==== ATTENTION
Task: {55F83EE3-7D04-42B5-9592-972F6469805D} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {580AB9D3-D07A-4780-8A34-83B43D61948A} - \{F50012C7-D52B-4757-BEC3-B7B2A7BAB4A6} -> No File <==== ATTENTION
Task: {600F1B2D-D06E-451D-AB04-DA57F72D95AD} - System32\Tasks\AdobeAAMUpdater-1.0-cwa-8540w-Administrator => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {62E74093-C929-45C5-ABC7-327EFCBF06F1} - \TuneUpUtilities_Task_BkGndMaintenance2013 -> No File <==== ATTENTION
Task: {ACA4393C-6BE9-42AE-B8E7-54B3DB34E8C3} - \{43EF5251-944C-4158-AFFB-26026707A89E} -> No File <==== ATTENTION
Task: {AF049AC2-4D9D-4F87-A6EA-764CB7F6AB8D} - \{08C99124-D590-4276-A972-F60DB17E4821} -> No File <==== ATTENTION
Task: {B0CB18E3-3B4C-4E9D-87C2-A5599D49175A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {B3BB5F92-8919-43DC-8C3E-E1200738030B} - \{7AFFBCB5-459C-4D71-8361-23EB0F6B1BA0} -> No File <==== ATTENTION
Task: {B7C9304E-3153-474C-A34E-E385F1E45925} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {CB267CB8-1EAF-43A7-89B2-94773AF6BA8B} - \{1F5D61F9-3569-4024-921C-E8E3CB60E63B} -> No File <==== ATTENTION
Task: {CF2FD173-CFC7-4669-AD00-48CEBA991C19} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {D04EB168-D070-4AFA-A284-5DFB709FD5B9} - \{55BB2106-872C-42DC-8550-96826DF6D933} -> No File <==== ATTENTION
Task: {D6DC4072-5A94-453F-BEE4-042CC8B25411} - System32\Tasks\Administrator => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-07-15] (Seagate Technology LLC)
Task: {D7C67FD0-2A0A-4FDC-B921-B6B051CA9F90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {DE57F546-C443-4C29-8B2F-13EADF63DB0E} - \Seagate_Install_Launch -> No File <==== ATTENTION
Task: {E18B681E-7B78-469D-888F-CC4F8A4AAE93} - \{E58991E0-F152-4D2A-9393-5B3CC7339FE2} -> No File <==== ATTENTION
Task: {F11D3347-2226-45EA-B236-2A5688849A06} - \runTask -> No File <==== ATTENTION
Task: {F860994D-039A-4A80-AC4F-E950172E7C7E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-23] (Adobe Systems Incorporated)
Task: {FEAAB433-9A3C-4F57-B680-A1708F0D72D1} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {FFAD9BF6-71D3-4F4C-AB33-08EBD5F2C91D} - \{59F8480F-9826-4FB5-A984-79A29FF8E35C} -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-16 20:03 - 2015-08-16 20:02 - 01196432 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2011-12-11 22:32 - 2008-06-03 23:53 - 00027648 _____ () C:\Windows\System32\spd__l.dll
2011-04-01 03:30 - 2011-04-01 03:30 - 00034304 _____ () C:\Windows\System32\ssk3mlm.dll
2015-06-24 19:14 - 2015-06-24 19:14 - 00716664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareService.exe
2015-06-24 19:18 - 2015-06-24 19:18 - 00107536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\boost_thread-vc120-mt-1_58.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 00025616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\boost_system-vc120-mt-1_58.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 00034832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\boost_chrono-vc120-mt-1_58.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 00056856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\boost_date_time-vc120-mt-1_58.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 00122904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\boost_filesystem-vc120-mt-1_58.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 12893184 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareServiceKernel.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 03480032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\RCF.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 00911376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\boost_regex-vc120-mt-1_58.dll
2015-06-24 19:17 - 2015-06-24 19:17 - 00709120 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareActivation.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 00474128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareApplicationUpdater.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 00847360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareGamingMode.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 00100848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareReset.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 00122864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareTime.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 01010704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareDefinitionsUpdater.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 00905248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareDefinitionsUpdaterScheduler.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 01146368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareIgnoreList.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 00243200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareQuarantine.dll
2015-06-24 19:17 - 2015-06-24 19:17 - 01050120 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareAntiMalwareEngine.dll
2015-06-24 19:17 - 2015-06-24 19:17 - 00205832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareAntiRootkitEngine.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 01210376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareScannerHistory.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 01337336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareScanner.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 00035856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\boost_timer-vc120-mt-1_58.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 01018888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareScannerScheduler.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 01174544 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareRealTimeProtection.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 00244224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareIncompatibles.dll
2015-06-24 19:17 - 2015-06-24 19:17 - 00933368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareAntiSpam.dll
2015-06-24 19:17 - 2015-06-24 19:17 - 00883200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareAntiPhishing.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 03263496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareParentalControl.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 02984960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareWebProtection.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 01324040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareEmailProtection.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 00059416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\boost_iostreams-vc120-mt-1_58.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 01312264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareNetworkProtection.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 01013744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwarePromo.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 00365560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareFeedback.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 02958352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareThreatWorkAlliance.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 01261560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwarePinCode.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 01014264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareNotice.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 01002488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareAvcEngine.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 01222168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareRealTimeProtectionHistory.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 00468992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareStatistics.dll
2014-02-28 17:23 - 2014-02-28 17:24 - 00186760 _____ () C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
2010-07-21 15:33 - 2010-07-21 15:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2015-07-09 10:32 - 2015-07-09 10:32 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 02790408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareShellExtension.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 09549808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareTray.exe
2015-06-24 19:18 - 2015-06-24 19:18 - 00492048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\boost_locale-vc120-mt-1_58.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 02266104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\HtmlFramework.dll
2015-06-24 19:18 - 2015-06-24 19:18 - 00868360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareTrayDefaultSkin.dll
2010-07-21 15:33 - 2010-07-21 15:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-07-21 15:33 - 2010-07-21 15:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\kpcengine.2.3.dll
2013-04-12 10:23 - 2013-04-12 10:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2478894960-646659143-2650976217-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CscService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LavasoftAdAwareService11 => 2
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: WDDMService => 2
MSCONFIG\Services: WDFME => 2
MSCONFIG\Services: WDSC => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG-Secure-Search-Update_0214c => C:\Users\Administrator\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=c2cb9f30917147d2aa28a1bad334c7cd-2699fbf99827ebdfd57be445032e83cb99f52d89 /CMPID=0214c
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: TortoiseHgOverlayIconServer => C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{F2A2F07B-D14C-4F4C-BBD0-6FC6041B2D8E}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{1F0FE8C6-6DE1-4484-9105-8905A2A31073}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{558140D5-43F6-4690-805D-998F9AD8EADC}C:\program files (x86)\flashget\flashget.exe] => (Allow) C:\program files (x86)\flashget\flashget.exe
FirewallRules: [UDP Query User{A622D6FD-61C8-47B7-8E1F-89D8CDC11485}C:\program files (x86)\flashget\flashget.exe] => (Allow) C:\program files (x86)\flashget\flashget.exe
FirewallRules: [TCP Query User{A669CEA0-2914-422B-9FA6-4C2B6D912238}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{B3D7879F-201B-4E67-8E67-78B1BA15A4B6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{36BEDDF3-3F41-457D-8CA1-6B6F321C8D5B}C:\program files (x86)\putty\putty.exe] => (Allow) C:\program files (x86)\putty\putty.exe
FirewallRules: [UDP Query User{4B3A8AB2-9F6E-4144-B900-0E21E90B35A0}C:\program files (x86)\putty\putty.exe] => (Allow) C:\program files (x86)\putty\putty.exe
FirewallRules: [{E1C29BE3-5855-41CB-87FF-8737DB253FF0}] => (Allow) LPort=3306
FirewallRules: [{225D5E21-5EE3-4147-BAA2-B16DC365CA9A}] => (Allow) LPort=3306
FirewallRules: [{EB5776A9-5A04-4EAF-B7F3-4192168235A1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{91BB668B-B160-4660-9630-A0A5BB271361}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{F9058D50-F0C2-4F8E-9EBB-72913265111E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{16FFDF31-08AC-4FED-86B0-043D29E6199A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{5A6B185B-979C-4952-92F6-47E9BD72E0BD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{44AE7D85-48BB-4CEE-90B1-04830AED5A59}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{A0449643-B483-4AB8-8279-CC8AD50A574D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{3A2B4D07-D9F1-4668-9847-CB757F835C83}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{E1EEF824-1EC9-4366-97F9-792D9EF37EB0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{9A363181-3385-4E89-8A3A-4875D9E75A3C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{7EC60CF2-3CD5-4086-98F7-DA6F6D6002BE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{09822B42-C95E-43E3-A7DF-958B5260B120}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{AA569592-238A-413C-8D09-FB59E82C89DB}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{ECDCC26D-E698-49D8-9F44-1B2C000A899B}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{C49BCB0B-A2F6-4AA4-833E-A39B34BB8AD2}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [TCP Query User{01DCB7DD-D4AC-4EE4-A8D5-D866BE30655D}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{BB6247C6-A30D-4B45-834F-6695951F6D81}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{9D46F668-74C0-454C-9DD2-5F61B61FC33F}] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{E1CCAC1F-D529-443F-9B39-EE698B514C36}] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{A5C7DA65-57D3-44CE-BFF6-1C7777831BB8}C:\program files\java\jdk1.7.0\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0\bin\java.exe
FirewallRules: [UDP Query User{7EEC061F-478E-4518-A4A0-3BDCECF18650}C:\program files\java\jdk1.7.0\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0\bin\java.exe
FirewallRules: [{E58221E2-06EE-4118-B0B7-6C8FC9BFEBCA}] => (Block) C:\program files\java\jdk1.7.0\bin\java.exe
FirewallRules: [{06768DF6-D696-4E16-9245-D5F6F2AF9F72}] => (Block) C:\program files\java\jdk1.7.0\bin\java.exe
FirewallRules: [TCP Query User{E1A2A405-FD09-410C-9F20-8A8DA1F72FF8}C:\program files\java\jdk1.7.0\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.7.0\bin\javaw.exe
FirewallRules: [UDP Query User{2C51CBFD-3A9D-4D21-BFEC-1CE725F252BA}C:\program files\java\jdk1.7.0\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.7.0\bin\javaw.exe
FirewallRules: [{CC207037-97BC-4FF2-8C2F-61D67140DB79}] => (Block) C:\program files\java\jdk1.7.0\bin\javaw.exe
FirewallRules: [{D0ABB6CC-71AE-4FCC-B7DC-E82084C99728}] => (Block) C:\program files\java\jdk1.7.0\bin\javaw.exe
FirewallRules: [TCP Query User{5F3473CA-4643-492E-B00A-B668EE44C338}C:\program files\springsource\liferaytomcat\liferay-portal-6.1.0-ce-ga1\tomcat-7.0.23\jre1.6.0_20\win\bin\java.exe] => (Allow) C:\program files\springsource\liferaytomcat\liferay-portal-6.1.0-ce-ga1\tomcat-7.0.23\jre1.6.0_20\win\bin\java.exe
FirewallRules: [UDP Query User{F821D875-980F-45B0-A583-0942ECF51926}C:\program files\springsource\liferaytomcat\liferay-portal-6.1.0-ce-ga1\tomcat-7.0.23\jre1.6.0_20\win\bin\java.exe] => (Allow) C:\program files\springsource\liferaytomcat\liferay-portal-6.1.0-ce-ga1\tomcat-7.0.23\jre1.6.0_20\win\bin\java.exe
FirewallRules: [{E9BD847B-CD36-464C-BCA9-06EDDB3E04D5}] => (Block) C:\program files\springsource\liferaytomcat\liferay-portal-6.1.0-ce-ga1\tomcat-7.0.23\jre1.6.0_20\win\bin\java.exe
FirewallRules: [{00C834E4-E9EC-432D-A0B3-A9184DC36D31}] => (Block) C:\program files\springsource\liferaytomcat\liferay-portal-6.1.0-ce-ga1\tomcat-7.0.23\jre1.6.0_20\win\bin\java.exe
FirewallRules: [TCP Query User{D4B8BCA2-1CCF-47EC-983E-65DC544E4171}C:\program files\springsource\liferaytomcat\liferay-portal-6.1.0-ce-ga1\tomcat-7.0.23\jre1.6.0_20\win\bin\javaw.exe] => (Allow) C:\program files\springsource\liferaytomcat\liferay-portal-6.1.0-ce-ga1\tomcat-7.0.23\jre1.6.0_20\win\bin\javaw.exe
FirewallRules: [UDP Query User{8420DBA7-DE8F-498F-B133-1A4344AFC67A}C:\program files\springsource\liferaytomcat\liferay-portal-6.1.0-ce-ga1\tomcat-7.0.23\jre1.6.0_20\win\bin\javaw.exe] => (Allow) C:\program files\springsource\liferaytomcat\liferay-portal-6.1.0-ce-ga1\tomcat-7.0.23\jre1.6.0_20\win\bin\javaw.exe
FirewallRules: [TCP Query User{BB572373-88EB-4FAA-8FFB-1EEA0298AEDA}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{1243D551-A32D-4C7B-A8D0-103F39988287}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{9B32D83D-E321-4A08-9038-519B6868F1E3}C:\program files\java\jdk1.7.0\jre\bin\java.exe] => (Block) C:\program files\java\jdk1.7.0\jre\bin\java.exe
FirewallRules: [UDP Query User{76AA4770-97A0-413A-8CDE-7A14F0627F53}C:\program files\java\jdk1.7.0\jre\bin\java.exe] => (Block) C:\program files\java\jdk1.7.0\jre\bin\java.exe
FirewallRules: [TCP Query User{C43D2C74-9C81-444B-B7D9-E1AE69A49121}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{05FD9BA5-1901-42C8-BFDE-D1C53AE86CD6}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [{D3B89A64-AA62-4DEC-8B43-4E600F9BE742}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B1FBA047-88B8-4B89-BE5E-A90CB3E16207}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8EA17423-5957-4598-B2B5-90DCE8A5FD3E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{46A5DC31-3EE5-48A3-BCF4-BD8CA2BC6EBA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D16E49A5-34E1-46B7-922F-857931609841}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{D330550E-87D1-410F-AC77-50F246F36DAC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{F47BD690-5678-41CB-9908-B30A1D50BEDC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{9223CE46-8DE3-4609-A732-FBB101B02FA5}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{3E4D3ADF-A4B9-40C3-817D-841CBFE4B964}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{BDDE4706-F5CA-4F65-90D4-8A564CC99E4D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{8CEA988D-6F60-4AEA-8BA5-353201C5DCB5}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{9AEEE728-BAE7-4842-A0DC-03C1FC888FDB}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{A03812E3-C8B0-4BD7-BA23-A5ED16608A5D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{39E80A46-21F7-4F8F-80D5-371222FC5530}] => (Allow) LPort=2869
FirewallRules: [{B5D9E471-5780-4A3F-BB16-8DE2BE587559}] => (Allow) LPort=1900
FirewallRules: [{4570AADC-3D60-4B2F-81E9-C64A05044A74}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{CF1D3E5B-61BC-40B7-8C04-71021BC5E35F}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{CD63657C-45EC-4C44-A404-AA2A6769F19C}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{C914A2D1-93AC-4E97-AB10-65A0D5E6175B}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{05D3D94A-FB6D-4699-B661-0169595F0222}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{04164028-683D-4F03-AE21-18E0F2C74567}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{8398ECE9-178B-455C-A3DA-1D284B5A855C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{85BFFEB5-6F68-40EE-AC1A-C0A4BDFE9029}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{B463EF6A-9107-43BD-899B-92B46B38624C}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{0F751624-4B7E-4DD5-9009-EB76F98658F5}] => (Allow) LPort=8888
FirewallRules: [{556F2327-3880-4DEA-AC6D-7E2A9E20B157}] => (Allow) LPort=8888
FirewallRules: [{5CBCA9C4-EF2F-4D61-B045-7AFB0F461661}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{23890339-EF8B-44F0-9324-99B143490B47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EE786D84-7A84-4D3E-BE60-1E48C4B791B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HP LaserJet P2035n
Description: HP LaserJet P2035n
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2015 04:03:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 16.8.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2618

Start Time: 01d0da09edebc0d7

Termination Time: 16

Application Path: C:\Users\Administrator\Desktop\FRST64.exe

Report Id: 5dce9102-45fd-11e5-87fa-70f395d02e3e

Error: (08/18/2015 03:52:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 40.0.2.5702, time stamp: 0x55cc03bd
Faulting module name: mozglue.dll, version: 40.0.2.5702, time stamp: 0x55cbf190
Exception code: 0x80000003
Fault offset: 0x0000e631
Faulting process id: 0x2308
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (08/18/2015 03:52:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 40.0.2.5702 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19c0

Start Time: 01d0da03dc682de6

Termination Time: 86

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id:

Error: (08/18/2015 01:49:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2059

Error: (08/18/2015 01:49:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2059

Error: (08/18/2015 01:49:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/18/2015 01:49:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999

Error: (08/18/2015 01:49:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 999

Error: (08/18/2015 01:49:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/17/2015 04:37:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 40.0.2.5702, time stamp: 0x55cc03bd
Faulting module name: mozglue.dll, version: 40.0.2.5702, time stamp: 0x55cbf190
Exception code: 0x80000003
Fault offset: 0x0000e631
Faulting process id: 0x1f84
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3


System errors:
=============
Error: (08/18/2015 03:58:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Biometric Authentication Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/18/2015 10:26:07 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (08/18/2015 10:25:30 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/18/2015 07:28:06 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NanoServiceMain service.

Error: (08/17/2015 11:34:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ad-Aware Service 11 service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/17/2015 04:49:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Seagate Dashboard Services service to connect.

Error: (08/17/2015 10:32:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Seagate Dashboard Services service to connect.

Error: (08/17/2015 10:29:05 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (08/17/2015 10:29:05 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (08/17/2015 10:29:01 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll


Microsoft Office:
=========================
Error: (08/18/2015 04:03:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe16.8.2015.0261801d0da09edebc0d716C:\Users\Administrator\Desktop\FRST64.exe5dce9102-45fd-11e5-87fa-70f395d02e3e

Error: (08/18/2015 03:52:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe40.0.2.570255cc03bdmozglue.dll40.0.2.570255cbf190800000030000e631230801d0da04f1d04e42C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dlld5475e5d-45fb-11e5-87fa-70f395d02e3e

Error: (08/18/2015 03:52:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe40.0.2.570219c001d0da03dc682de686C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Error: (08/18/2015 01:49:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2059

Error: (08/18/2015 01:49:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2059

Error: (08/18/2015 01:49:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/18/2015 01:49:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999

Error: (08/18/2015 01:49:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 999

Error: (08/18/2015 01:49:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/17/2015 04:37:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe40.0.2.570255cc03bdmozglue.dll40.0.2.570255cbf190800000030000e6311f8401d0d944f80dd03dC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dlle5ad65b9-4538-11e5-900e-70f395d02e3e


CodeIntegrity:
===================================
  Date: 2015-08-18 10:02:34.951
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-18 10:02:34.843
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-18 09:54:32.481
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-18 09:54:32.390
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-18 09:54:32.327
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-18 09:54:32.257
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-18 09:54:32.169
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-18 09:54:32.079
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-18 09:54:32.017
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-18 09:54:31.934
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 560 @ 2.67GHz
Percentage of memory in use: 49%
Total physical RAM: 8047.38 MB
Available physical RAM: 4049.81 MB
Total Virtual: 16092.96 MB
Available Virtual: 12614.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:70.77 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:74.53 GB) (Free:63.97 GB) NTFS
Drive e: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:1673.17 GB) NTFS
Drive g: (My Passport) (Fixed) (Total:931.48 GB) (Free:33.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 34243177)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 0DB1A94D)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: A53C2E79)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00042ADA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 stvnbvn

stvnbvn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 19 August 2015 - 04:34 PM

Here are a couple of screen shots of the problem.

Attached Files



#3 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:20 PM

Posted 20 August 2015 - 03:18 PM

Hello stvnbvn,

Welcome to Bleeping Computer! :welcome:

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. I do ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Copy and paste scan results unless asked to attach to a reply.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.

With that in mind, please do the following in order. :)

 

==========================================================================

:step1: Multiple Antivirus Programs
 
I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
  • System Performance Issues: Antivirus programs can be resource-intensive. Having multiple installed and running is very taxing to a computer.

You currently have the following antivirus programs installed and running:

  • Panda Free Antivirus
  • Ad-Aware Antivirus
  • Kaspersky Anti-Virus

Go to Control Panel > Programs and Features and uninstall all but one and restart your system.

 

I suggest keeping either Panda Free Antivirus or Kaspersky Anti-Virus.

==========================================================================

:step2: Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
GroupPolicyScripts: Group Policy detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2478894960-646659143-2650976217-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
2015-08-16 13:01 - 2015-08-16 13:01 - 00000000 ____D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
2015-08-16 12:56 - 2015-08-18 00:56 - 00000000 ____D C:\Program Files (x86)\9CC834AD-1439755009-11E0-B300-3211B9070017
2015-08-15 22:23 - 2015-08-15 22:22 - 00000053 _____ C:\Users\Administrator\Desktop\googledc6ef5c544a1a570.html
2015-08-15 22:22 - 2015-08-15 22:22 - 00000053 _____ C:\Users\Administrator\Downloads\googledc6ef5c544a1a570.html
Task: {1C067B4E-4938-45EF-8829-7CFE88B9AF82} - \{16E63D0B-A1B8-4B72-A0CC-7F5E7F2A1934} -> No File <==== ATTENTION
Task: {4E80FE19-4A47-4814-A8FF-0EA454B378E0} - \SidebarExecute -> No File <==== ATTENTION
Task: {580AB9D3-D07A-4780-8A34-83B43D61948A} - \{F50012C7-D52B-4757-BEC3-B7B2A7BAB4A6} -> No File <==== ATTENTION
Task: {62E74093-C929-45C5-ABC7-327EFCBF06F1} - \TuneUpUtilities_Task_BkGndMaintenance2013 -> No File <==== ATTENTION
Task: {ACA4393C-6BE9-42AE-B8E7-54B3DB34E8C3} - \{43EF5251-944C-4158-AFFB-26026707A89E} -> No File <==== ATTENTION
Task: {AF049AC2-4D9D-4F87-A6EA-764CB7F6AB8D} - \{08C99124-D590-4276-A972-F60DB17E4821} -> No File <==== ATTENTION
Task: {B3BB5F92-8919-43DC-8C3E-E1200738030B} - \{7AFFBCB5-459C-4D71-8361-23EB0F6B1BA0} -> No File <==== ATTENTION
Task: {CB267CB8-1EAF-43A7-89B2-94773AF6BA8B} - \{1F5D61F9-3569-4024-921C-E8E3CB60E63B} -> No File <==== ATTENTION
Task: {D04EB168-D070-4AFA-A284-5DFB709FD5B9} - \{55BB2106-872C-42DC-8550-96826DF6D933} -> No File <==== ATTENTION
Task: {DE57F546-C443-4C29-8B2F-13EADF63DB0E} - \Seagate_Install_Launch -> No File <==== ATTENTION
Task: {E18B681E-7B78-469D-888F-CC4F8A4AAE93} - \{E58991E0-F152-4D2A-9393-5B3CC7339FE2} -> No File <==== ATTENTION
Task: {F11D3347-2226-45EA-B236-2A5688849A06} - \runTask -> No File <==== ATTENTION
Task: {FFAD9BF6-71D3-4F4C-AB33-08EBD5F2C91D} - \{59F8480F-9826-4FB5-A984-79A29FF8E35C} -> No File <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

==========================================================================

:step3: AdwCleaner Scan & Clean

  • Download AdwCleaner (by Xplode) and save it to your Desktop.
  • Run AdwCleaner.exe.
  • Click Scan.
  • After the scan has finished, click Clean.
  • When the scan is complete, your computer will need to reboot. After rebooting, a log file will open automatically.
  • Copy and paste the contents of that log in your next reply.

==========================================================================

 

:step4:  Lastly, what browsers are you experiencing the redirects/pop-ups in?

 

Please test all installed web browsers.

 

==========================================================================

 

What I'd like to see in your next post:  :warrior:

  • Confirmation you have uninstalled all but one antivirus program.
  • Fixlog.txt.
  • AdwCleaner log.
  • What web browsers do the redirects happen in?

Edited by TheShooter93, 20 August 2015 - 03:25 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:20 PM

Posted 23 August 2015 - 07:20 AM

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#5 stvnbvn

stvnbvn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 24 August 2015 - 03:44 PM

 Sorry. Shooter I should have put this here, instead.

 

http://www.bleepingcomputer.com/forums/t/586964/a-quick-hello/



#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:20 PM

Posted 25 August 2015 - 11:23 AM

Thank you for letting me know.  :thumbup2:


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#7 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:20 PM

Posted 25 August 2015 - 11:23 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users