Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus surprise - earlier fix does not work


  • This topic is locked This topic is locked
49 replies to this topic

#1 haterms

haterms

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 01 October 2015 - 04:49 AM

Hi support,

On my Toshiba Satellite laptop, which has two HDD bays, I run Vista Homae Basic. I keep programs, and their data on the one drive C, and all other things on my other drives F, and G (partitions). Mostly I do mail, google searches (scientific, geopolitical news). Sometimes I got virus/malware, which my usual tools could not remove. Therefore, I kept a mirror image on my C drive on an extra HDD. In not recoverable infection case, I simply cleaned my C drive, formatted, and mirrored the "good image" from the external "safe" drive. Tghis used to work. Recently, I noticed, when I finally wanted to update Windows (download updates) that the download seemingly started, time elapsed, but ) bytes were downloaded. I run scans, etc, tried all these in "safe mode", no help. I tried to restore, - report: "you have no restore point". I restarted the computer, and checked: I could not see "waudt.exe" in the process list. Windows update does not react in menu. I swapped the HDDs, thinking that the "safe HDD' should work. My PC tried to download once updates, showed the list of actual updates, but I could not download them. It's trying, and hanging. When I check update history, it says, I never had update, and it does does not show previously downloaded updates, but they are there, I can find them. My computer scanned clean with AVG. I run Malwarebytes, which report 260 threats, but can only quarantine 139, and hanging. I see its process running in Taskmanager. The tool does not allow the regular "finish", I could only kill it. So far, I left it on the screen, did not touch anything. Therefore, I cannot send you a report of the Malwarebytes scan. But, after the scan I see "New updates are available" on the tool bar. I do not trust to try to download updates. In summary, both HDD show the same behavioral now. I logged in to your WEB site from a different computer to save my laptop. Since I got Vista preinstalled from Toshiba, I do not have a DVD of Vista, cannot repair. Earlier, I made "recovery disc" with Macrium. This time, I have not tried to recover from there. On earlier infection, it did not help either. I would gratly appreciate if you could help me to recover this laptop without a total rebuild. I do not want to lose all the installed programs, etc, if possible. Thanks in advance.



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:52 AM

Posted 05 October 2015 - 03:23 PM

Greetings haterms and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 haterms

haterms
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 06 October 2015 - 01:14 PM

Hello Oh My,

 

I welcome you on my issue. I greatly appreciate your willingness to help. My laptop is kind of working: “safe mode with networking” is quite stable. “Normal” mode works too, for a while fine, later it gets sick, sometimes ending with a blue screen crash.

 

 

I will describe everything in the row.

I couldn’t wait, so I tried many things:

I scanned, and repaired with AVG, Malwarebytes, Emisoft. The result is mixed. At least, I got the system running. It did not run for a while: I took the HDs, and did check/fix on them (no problems found), then I scanned them with AVG. I did thin on another computer through USB. The laptop did not even want to boot before, started to run thereafter. First, I could not update windows, seemingly all former updates disappeared, and I could not download anything from MS, or antivirus sites. Now, I can. I did also lots of scanning/fixing in safe mode. I also used MS FixIt, latest version.

 

“sfc /scannow” fiubd two corrupt files: “autochk.exe”, which I replaced, and worked, and “gmreadme.txt”, which I do not have in my system, and couldn’t find a fix.

I guess, my system is very screwed up. I’d like to keep my installed applications, and data. I do not have a VISTA DVD, in particular not one with Service Pack 2. I have only an old Toshiba Recovery DVD, from 2008. If I used that for repair, it would destroy  data, programs, updates. I am not sure whether I got also a BIOS damage ?

 

I get in “normal mode” sometimes, not seldom, blue screen:

 

Product

Windows

 

Problem

Shut down unexpectedly

 

Date

06.10.2015 07:44

 

Status

Not Reported

 

Problem signature

Problem Event Name:      BlueScreen

OS Version:        6.0.6002.2.2.0.768.2

Locale ID:           1031

 

Files that help describe the problem (some files may no longer be available)

Mini100615-01.dmp

sysdata.xml

Version.txt

 

Extra information about the problem

BCCode:             7a

BCP1:  C0604000

BCP2:  C0000185

BCP3:  6BE4D880

BCP4:  C0800000

OS Version:        6_0_6002

Service Pack:     2_0

Product:             768_1

 

One of recent errors reported by “eventvwr”:

 

Log Name:      Application

Source:        SideBySide

Date:          06.10.2015 07:43:52

Event ID:      33

Task Category: None

Level:         Error

Keywords:      Classic

User:          N/A

Computer:      olkoevi-PC

Description:

Activation context generation failed for "C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="SideBySide" />

    <EventID Qualifiers="49409">33</EventID>

    <Level>2</Level>

    <Task>0</Task>

    <Keywords>0x80000000000000</Keywords>

    <TimeCreated SystemTime="2015-10-06T14:43:52.000Z" />

    <EventRecordID>190602</EventRecordID>

    <Channel>Application</Channel>

    <Computer>olkoevi-PC</Computer>

    <Security />

  </System>

  <EventData>

    <Data>rpshellextension.1.0,language="&amp;#x2a;",type="win32",version="1.0.0.0"</Data>

    <Data>

    </Data>

    <Data>

    </Data>

    <Data>

    </Data>

    <Data>

    </Data>

    <Data>

    </Data>

    <Data>

    </Data>

    <Data>

    </Data>

    <Data>

    </Data>

    <Data>

    </Data>

    <Data>C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe</Data>

    <Data>

    </Data>

    <Data>

    </Data>

    <Data>

    </Data>

    <Data>

    </Data>

    <Data>

    </Data>

    <Data>

    </Data>

    <Data>

    </Data>

    <Data>

    </Data>

    <Data>

    </Data>

  </EventData>

</Event>

 

 

Malwarebytes caused conflicts with AVG, and Emisoft, therefore I removed it, but I give you som scan results below. Malware reported too many bugs, like 615, repaired 500, “it said so”, and stopped. But, the scan log showed no bugs!!

 

Sporadically, I get diverse errors, and system freeze: “Host process for Windows Services stopped”, or “AVG detection not responding Unspecified Error avgwdsvc,exe avgrsc.exe”, and crash; cannot shutdown: “Logon Process Failed to create security option dialog”, “Windows search Index stopped”, “Toshibacustom application plug-in stopped”, etc. AVG reports in “normal mode” after start:

“Adware Generic.CIBV medium severe Object location: C:\Program Files\Emisoft Anti-Malware\a2service.exe”. I cannot win, if I allow, or fix, system becomes very slow, sometimes crashes. I see only ca. 10 visible processes, ca. 10% CPU use, 50% memory, but the system is very slow, and at the left corner I see 62 invisible processes. From crash, I can escape, if I cancel AVG.

 

However, in this process seemingly I got two OS, as you can see.

The second works. This is the report of “bcdedit”. “bcdedit /set” does not work, so I cannot delete the fake OS entry.

 

Microsoft Windows [Version 6.0.6002]

Copyright © 2006 Microsoft Corporation.  All rights reserved.

 

C:\Users\olkoevi>bcdedit /set

The set command specified is not valid.

Run "bcdedit /?" for command line assistance.

 

C:\Users\olkoevi>

 

Microsoft Windows [Version 6.0.6002]

Copyright © 2006 Microsoft Corporation.  All rights reserved.

 

C:\Users\olkoevi>bcdedit

 

Windows Boot Manager

--------------------

identifier              {bootmgr}

device                  unknown

description             Windows Boot Manager

locale                  en-US

inherit                 {globalsettings}

default                 {current}

resumeobject            {8ca738da-1635-11dc-b056-0016d498088e}

displayorder            {ebffed5d-6b3b-11e5-8252-e5079a574609}

                        {current}

toolsdisplayorder       {572bcd56-ffa7-11d9-aae0-0007e994107d}

                        {memdiag}

timeout                 30

resume                  No

customactions           0x1000000720001

                        0x54000001

custom:54000001         {572bcd56-ffa7-11d9-aae0-0007e994107d}

 

Windows Boot Loader

-------------------

identifier              {ebffed5d-6b3b-11e5-8252-e5079a574609}

device                  unknown

path                    \Windows\system32\winload.exe

description             Windows Vista ™ Home Basic (recovered)

osdevice                unknown

systemroot              \Windows

 

Windows Boot Loader

-------------------

identifier              {current}

device                  partition=C:

path                    \Windows\system32\winload.exe

description             Windows Vista ™ Home Basic (recovered)

osdevice                partition=C:

systemroot              \Windows

resumeobject            {46334889-6b3b-11e5-8e43-806e6f6e6963}

 

C:\Users\olkoevi>

 

Here is the sytem summary:

 

OS Name        Microsoft® Windows Vista™ Home Basic

Version            6.0.6002 Service Pack 2 Build 6002

Other OS Description             Not Available

OS Manufacturer        Microsoft Corporation

System Name  OLKOEVI-PC

System Manufacturer  TOSHIBA

System Model Satellite P200

System Type   X86-based PC

Processor         Intel® Core™2 Duo CPU     T5450  @ 1.66GHz, 1662 Mhz, 2 Core(s), 2 Logical Processor(s)

BIOS Version/Date    TOSHIBA V2.20, 09.01.2008

SMBIOS Version       2.4

Windows Directory    C:\Windows

System Directory        C:\Windows\system32

Boot Device    \Device\HarddiskVolume2

Locale United States

Hardware Abstraction Layer  Version = "6.0.6002.18005"

User Name      olkoevi-PC\olkoevi

Time Zone       Pacific Daylight Time

Installed Physical Memory (RAM)     2,00 GB

Total Physical Memory           2,00 GB

Available Physical Memory    1,33 GB

Total Virtual Memory 4,23 GB

Available Virtual Memory      3,71 GB

Page File Space           2,29 GB

Page File         C:\pagefile.sys

 

By the way, if I try to “export” the information from “msinfo32”, it starts refreshing first, gets hanging at “windows error reporting”, which finishes with a crash after a while, if I do not cancel before.

 

Otherwise, in the reports I do not see anything wrong, no conflicts, drives are there.

The HW configuration:

 

Drive   C:

Description      Local Fixed Disk

Compressed    No

File System     NTFS

Size     184,84 GB (198.472.364.032 bytes)

Free Space       116,32 GB (124.899.934.208 bytes)

Volume Name SQ008693V04

Volume Serial Number           20DE3600

           

Drive   D:

Description      CD-ROM Disc

           

Drive   E:

Description      CD-ROM Disc

           

Drive   F:

Description      Local Fixed Disk

Compressed    No

File System     NTFS

Size     232,33 GB (249.465.663.488 bytes)

Free Space       159,43 GB (171.191.652.352 bytes)

Volume Name Data

Volume Serial Number           83FED460

           

Drive   G:

Description      Local Fixed Disk

Compressed    No

File System     NTFS

Size     233,42 GB (250.636.922.880 bytes)

Free Space       222,58 GB (238.994.903.040 bytes)

Volume Name Utolso

Volume Serial Number           3FD492C0

 

Partitioning info:

 

Description      Disk drive

Manufacturer  (Standard disk drives)

Model  HGST HTS725050A7E630 ATA Device

Bytes/Sector    512

Media Loaded            Yes

Media Type     Fixed hard disk

Partitions         2

SCSI Bus        2

SCSI Logical Unit      0

SCSI Port        4

SCSI Target ID           0

Sectors/Track  63

Size     465,76 GB (500.105.249.280 bytes)

Total Cylinders           60.801

Total Sectors   976.768.065

Total Tracks    15.504.255

Tracks/Cylinder           255

Partition          Disk #1, Partition #0

Partition Size   465,76 GB (500.103.675.392 bytes)

Partition Starting Offset         1.016.320 bytes

           

Description      Disk drive

Manufacturer  (Standard disk drives)

Model  Hitachi HTS722020K9SA00 ATA Device

Bytes/Sector    512

Media Loaded            Yes

Media Type     Fixed hard disk

Partitions         2

SCSI Bus        0

SCSI Logical Unit      0

SCSI Port        2

SCSI Target ID           0

Sectors/Track  63

Size     186,31 GB (200.047.034.880 bytes)

Total Cylinders           24.321

Total Sectors   390.716.865

Total Tracks    6.201.855

Tracks/Cylinder           255

Partition          Disk #0, Partition #0

Partition Size   1,46 GB (1.572.864.000 bytes)

Partition Starting Offset         1.048.576 bytes

Partition          Disk #0, Partition #1

Partition Size   184,84 GB (198.472.368.128 bytes)

Partition Starting Offset         1.573.912.576 bytes

 

Malware last log file:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 01.10.2015

Scan Time: 09:07:25

Logfile: malwarebytes_2015_10_01.txt

Administrator: Yes

 

Version: 2.1.8.1057

Malware Database: v2015.10.01.05

Rootkit Database: v2015.09.22.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows Vista Service Pack 2

CPU: x86

File System: NTFS

User: olkoevi

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 344511

Time Elapsed: 42 min, 33 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

And a later one:

 

 

 

2015/10/01 14:29:43 -0700

mbam-log-2015-10-01 (14-29-41).xml

yes

 

 

2.1.8.1057

v2015.10.01.07

v2015.09.22.01

free

disabled

disabled

disabled

 

 

Windows Vista Service Pack 2

x86

olkoevi

NTFS

 

 

threat

completed

342746

1339

0

0

0

0

0

0

0

0

 

 

enabled

enabled

enabled

enabled

disabled

disabled

enabled

enabled

enabled

 

 

 

 

The latest Emisoft report: (Ido not know what you mean with “then OK on the Addition.txt pop up screen” Idid not get another screen.

 

Emsisoft Anti-Malware - Version 10.0

Last update: 06.10.2015 06:43:26

User account: olkoevi-PC\olkoevi

 

Scan settings:

 

Scan type: Malware Scan

Objects: Rootkits, Memory, Traces, Files

 

Detect PUPs: Off

Scan archives: Off

ADS Scan: On

File extension filter: Off

Advanced caching: On

Direct disk access: Off

 

Scan start:       06.10.2015 08:45:33

 

Scanned          73338

Found  0

 

Scan end:        06.10.2015 08:54:14

Scan time:       0:08:41



#4 haterms

haterms
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 06 October 2015 - 01:34 PM

Hai Gary,

 

My real first name is Zoltan, from Livermore CA, but currently for longer time in Hungary, my native country. I posted some date for you. However, so far, I was not able to upload the .zip files. I'll give it another try. They will be three. It looks easy. I made a mistake before. Here it is.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:52 AM

Posted 06 October 2015 - 03:29 PM

Hi Zoltan.

Thank you for the information. No files are attached. Would you be able to copy and paste the contents of FRST.txt and Addition.txt in your reply?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 haterms

haterms
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 07 October 2015 - 02:15 AM

Hi Gary,
 
At first, I did not attach the files, but after that I sent another reply which contained the files. I run Farbar as you suggested, but only a check, without "fix". I was not sure that this is what you wanted.
 
I sent the files with system summary, an early scan report of Emisoft, the Farbar reports, and AVG reports.
From the one Emisoft report, it is obvious that my computer got infected as I searched for an Windows 8 ISO. I did not even want to download anything, just looked. All the sudden, I was not in control of my computer. I had to shut it down by the power switch. The scan, and clean up was done after that. This was on 2015.09.27, I think.
 
AVG scans I tried in "safe mode", and also "normal". AVG cannot finish in either command line mode, or in normal. It hangs, and eventually the system crashes.
 
I can work on internet, and mail in "safe mode". I attach again the files, I hope you will get them this time.
 
Greetings,
 
Zoltan
 
P.S.: I try to attach the compressed file as .rar. I get the error: Error You aren't permitted to upload this kind of file
Should I just use .zip files ? It looks like this was the problem. Bye now.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-10-2015
Ran by olkoevi (administrator) on OLKOEVI-PC (06-10-2015 09:07:37)
Running from C:\Download
Loaded Profiles: olkoevi (Available Profiles: olkoevi)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(iolo technologies, LLC) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\update\realsched.exe [295512 2014-10-12] (RealNetworks, Inc.)
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll [2007-11-14] (UPEK Inc.)
HKU\S-1-5-21-792132873-3858574900-2171385532-1003\...\MountPoints2: {a8711f05-5627-11e1-8059-001b38b673e6} - H:\windows\Install\Install.exe
HKU\S-1-5-21-792132873-3858574900-2171385532-1003\...\MountPoints2: {ae85a741-9f79-11e3-9de5-001b38b673e6} - J:\autorun.exe
HKU\S-1-5-21-792132873-3858574900-2171385532-1003\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2007-10-23] (Google Inc.)
HKU\S-1-5-18\...\Run: [Google Update] => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-06-05] (Google Inc.)
HKU\S-1-5-18\...\Run: [Google+ Auto Backup] => C:\Windows\System32\config\systemprofile\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
AppInit_DLLs: acaptuser32.dll => C:\Windows\system32\acaptuser32.dll [114280 2013-05-08] (Adobe Systems Incorporated)
Lsa: [Notification Packages] scecli psqlpwd
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Protector Suite QL\farchns.dll [2007-11-14] (UPEK Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Protector Suite QL\farchns.dll [2007-11-14] (UPEK Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5E7CD568-9EAF-4C93-A9A2-B6CE02DA090D}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6D073A24-945E-442F-8226-08ABD24F0217}: [DhcpNameServer] 84.2.46.1 84.2.44.1
Tcpip\..\Interfaces\{8D11C97E-CC76-43F2-ACF4-D02535517A00}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-792132873-3858574900-2171385532-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-792132873-3858574900-2171385532-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-792132873-3858574900-2171385532-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshibadirect.com/dpdstart
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {9424BBF8-6C85-4912-BE85-48A2BD7D922B} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-06-08] (Sun Microsystems, Inc.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2007-06-08] (Google Inc.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - CA Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
Toolbar: HKU\S-1-5-21-792132873-3858574900-2171385532-1003 -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2007-06-08] (Google Inc.)
Toolbar: HKU\S-1-5-21-792132873-3858574900-2171385532-1003 -> No Name - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
Toolbar: HKU\S-1-5-21-792132873-3858574900-2171385532-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-792132873-3858574900-2171385532-1003 -> CA Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?type=hp&ts=1443543435&z=ea0c234e825ce3d327e32acg7z5zfc9w2zbccobz5g&from=cmi&uid=HitachiXHTS722020K9SA00_080425DP0440DTGH62YPX
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.4.19 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2014-10-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.4 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-08-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.4.19 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2014-10-12] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2014-08-12] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2015-06-05] (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2015-06-05] (Google Inc.)
FF Extension: No Name - C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\Extensions\1443543445_xpi [2015-09-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-29]
FF HKLM\...\Firefox\Extensions: [caaphishtoolbar@ca.com] - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\Firefox => not found
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-12-23]
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_Z\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files\T-Mobile\InternetManager_Z\Bin\addon [2012-02-13]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-12]
FF HKLM\...\Firefox\Extensions: [{1B12EF76-2B5E-4DA1-B587-4762D49BFE03}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: No Name - C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\extensions\deskCutv2@gmail.com [not found]
FF Extension: No Name - C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\extensions\AVJYFVOD75109374@HCDE39471360.com [not found]
FF Extension: No Name - C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\extensions\defsearchp@gmail.com [not found]
FF Extension: No Name - C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [not found]
FF Extension: No Name - C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\extensions\f8783004-c434-4bd0-9f81-9a39dd64baaa@08ad07c4-3f21-451d-9045-9e0d5dc8aa9e.com [not found]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR Profile: C:\Users\olkoevi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\olkoevi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-02]
CHR Extension: (Google Docs) - C:\Users\olkoevi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-02]
CHR Extension: (Google Drive) - C:\Users\olkoevi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-02]
CHR Extension: (YouTube) - C:\Users\olkoevi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Google Search) - C:\Users\olkoevi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-02]
CHR Extension: (Google Sheets) - C:\Users\olkoevi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-02]
CHR Extension: (Google Docs Offline) - C:\Users\olkoevi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\olkoevi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\olkoevi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-02]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\olkoevi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2015-10-02]
CHR Extension: (Gmail) - C:\Users\olkoevi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-02]
CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\olkoevi\AppData\Local\Temp\ccex.crx <not found>
CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [7084784 2015-10-01] (Emsisoft Ltd)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.)
S4 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2009-03-08] (Macrovision Europe Ltd.) [File not signed]
S4 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2015-05-06] (Ellora Assets Corp.) [File not signed]
S4 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-02-05] (Teruten) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [4682552 2015-08-15] (iolo technologies, LLC)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S4 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2014-08-12] ()
S2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2462160 2014-07-21] (Paramount Software UK Ltd)
S2 rpcnet; C:\Windows\system32\rpcnet.exe [78032 2015-09-30] (Absolute Software Corp.)
S4 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S4 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [63096 2007-01-25] ()
S2 T-mobile_Hungary Seagull Device Helper; C:\Program Files\LTE USB MODEM\BackgroundService\ServiceManager.exe [53312 2012-03-14] ()
S2 TNaviSrv; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [114688 2007-05-17] (TOSHIBA Corporation) [File not signed]
S2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)
S2 helpsvc; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [X]
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S3 AlcatelOTDCWwan; C:\Windows\System32\DRIVERS\AlcatelOTDCWwan.sys [134144 2012-07-03] (TCT International Mobile Ltd.)
S2 Aspi32; C:\Windows\System32\drivers\aspi32.sys [16512 2008-08-12] (Adaptec) [File not signed]
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [250800 2015-08-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [222640 2015-08-19] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-07-23] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [207328 2015-06-16] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [189872 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [230832 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
S1 epp32; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp32.sys [114200 2015-10-01] (Emsisoft GmbH)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.)
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [107904 2012-03-31] (TCT International Mobile Ltd.)
S4 KR10I; C:\Windows\system32\drivers\kr10i.sys [216320 2006-02-14] (TOSHIBA CORPORATION) [File not signed]
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed]
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [51976 2011-09-19] (NetFilterSDK.com)
S2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [458752 2007-11-08] (PixArt Imaging Inc.)
S2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [69016 2015-04-27] (Raxco Software, Inc.)
R1 PSSDK42; C:\Windows\system32\Drivers\pssdk42.sys [38976 2010-06-27] (microOLAP Technologies LTD)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [13528 2014-07-21] ()
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [17160 2015-03-05] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13064 2015-03-05] ()
S1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [28088 2015-04-27] (EldoS Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [716272 2008-05-30] () [File not signed]
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [182680 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
S1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2009-04-06] () [File not signed]
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [24192 2009-12-14] (Bytemobile, Inc.) [File not signed]
S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [11776 2007-04-16] (Chicony Electronics Co., Ltd.)
S3 WIMMount; C:\Program Files\Macrium\Reflect\wimmount.sys [19024 2015-05-10] (Microsoft Corporation)
S3 zte_cdc_acm; C:\Windows\System32\DRIVERS\zte_cdc_acm.sys [67968 2011-08-10] (ZTE)
S3 zte_cpo; C:\Windows\System32\DRIVERS\zte_cpo.sys [9984 2011-08-10] (ZTE)
U3 ay78frd9; C:\Windows\system32\Drivers\ay78frd9.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S0 BMLoad; system32\drivers\BMLoad.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 TpChoice; system32\DRIVERS\TpChoice.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-06 09:05 - 2015-10-06 09:07 - 00000000 ____D C:\FRST
2015-10-06 08:39 - 2015-10-06 08:39 - 00000290 _____ C:\Windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-792132873-3858574900-2171385532-1003.job
2015-10-06 08:07 - 2015-10-06 08:07 - 00000000 _____ C:\Users\olkoevi\bcdedit
2015-10-06 07:53 - 2015-10-06 09:02 - 00054272 _____ C:\Users\olkoevi\Documents\Backup of To_Oh-My_1.wbk
2015-10-06 07:41 - 2015-10-06 07:42 - 00150048 _____ C:\Windows\Minidump\Mini100615-01.dmp
2015-10-06 07:32 - 2015-10-06 07:32 - 00006454 _____ C:\Users\olkoevi\Documents\Conflocts_Sharing.txt
2015-10-06 00:41 - 2015-10-06 00:41 - 00000000 _____ C:\Windows\setupact.log
2015-10-05 23:15 - 2015-10-05 23:15 - 02525904 _____ C:\Users\olkoevi\Documents\summary.nfo
2015-10-05 22:40 - 2015-10-06 00:28 - 00010668 _____ C:\Windows\PFRO.log
2015-10-05 10:40 - 2015-10-05 10:40 - 00225958 _____ C:\Windows\msxml4-KB973688-enu.LOG
2015-10-05 10:40 - 2015-10-05 10:40 - 00203630 _____ C:\Windows\msxml4-KB954430-enu.LOG
2015-10-05 09:27 - 2015-10-05 09:27 - 00150080 _____ C:\Windows\Minidump\Mini100515-06.dmp
2015-10-05 09:04 - 2015-10-05 09:04 - 00146032 _____ C:\Windows\Minidump\Mini100515-05.dmp
2015-10-05 07:53 - 2015-10-05 07:53 - 00150224 _____ C:\Windows\Minidump\Mini100515-04.dmp
2015-10-05 07:31 - 2015-10-05 07:32 - 00145832 _____ C:\Windows\Minidump\Mini100515-03.dmp
2015-10-05 05:24 - 2015-10-05 05:24 - 00150048 _____ C:\Windows\Minidump\Mini100515-02.dmp
2015-10-05 04:41 - 2015-10-06 07:41 - 276678293 _____ C:\Windows\MEMORY.DMP
2015-10-05 04:41 - 2015-10-05 04:41 - 00150048 _____ C:\Windows\Minidump\Mini100515-01.dmp
2015-10-05 01:41 - 2015-10-05 01:41 - 00000000 ____D C:\Users\olkoevi\AppData\Roaming\Canon
2015-10-03 11:09 - 2015-10-03 11:08 - 00242992 _____ C:\Users\olkoevi\Desktop\6.0.6002.18005.zip
2015-10-03 08:35 - 2015-10-03 08:34 - 00000538 _____ C:\Users\olkoevi\Desktop\Reset_chkdsk.reg
2015-10-03 07:08 - 2015-10-03 07:10 - 00000000 ____D C:\Users\olkoevi\Documents\Reflect
2015-10-03 05:03 - 2015-10-03 05:03 - 00000947 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard Free.lnk
2015-10-03 05:03 - 2015-10-03 05:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.1
2015-10-03 05:02 - 2015-10-03 05:08 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Free 9.1
2015-10-03 03:50 - 2015-10-03 03:53 - 00005684 _____ C:\pw-debug.txt
2015-10-02 01:45 - 2015-10-02 01:45 - 00001942 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-02 01:45 - 2015-10-02 01:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-01 13:34 - 2015-09-02 14:26 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-10-01 13:34 - 2015-09-02 14:26 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00015200 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00011104 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-01 13:32 - 2015-07-18 06:14 - 00011104 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-01 13:31 - 2015-07-18 06:14 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-01 13:31 - 2015-07-18 06:14 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-01 13:31 - 2015-07-18 06:14 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-01 13:31 - 2015-07-18 06:14 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-01 13:31 - 2015-07-18 06:14 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-01 11:32 - 2015-10-01 11:33 - 00000000 ____D C:\bd59e71be2ae4bc70bf4ab2cc55e
2015-10-01 11:07 - 2015-10-01 11:07 - 00001080 _____ C:\Users\olkoevi\Documents\malwarebytes_2015_10_01.txt
2015-10-01 07:20 - 2015-08-13 07:15 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-10-01 07:20 - 2015-08-13 07:15 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-10-01 07:17 - 2015-07-21 13:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-01 07:17 - 2015-07-21 09:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-10-01 07:17 - 2015-07-21 09:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-01 07:17 - 2015-07-21 09:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-10-01 07:17 - 2015-07-21 09:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-10-01 07:17 - 2015-07-21 09:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-10-01 07:17 - 2015-07-21 09:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-01 07:17 - 2015-07-21 09:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-10-01 07:13 - 2015-07-31 12:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-10-01 07:12 - 2015-07-10 12:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-10-01 07:10 - 2015-07-11 08:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-01 07:07 - 2015-07-18 09:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-10-01 06:35 - 2015-10-01 06:36 - 00000000 ____D C:\90695743dc1ec61cf4
2015-10-01 06:29 - 2015-07-10 07:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-10-01 06:26 - 2015-09-02 14:26 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-10-01 06:26 - 2015-09-02 12:55 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-10-01 06:26 - 2015-09-02 12:54 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-10-01 06:23 - 2015-08-05 08:59 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-10-01 06:02 - 2015-07-31 14:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-10-01 06:02 - 2015-07-31 14:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-10-01 06:02 - 2015-07-31 14:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-10-01 06:02 - 2015-07-31 14:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-10-01 06:02 - 2015-07-31 13:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-10-01 06:02 - 2015-07-31 13:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-10-01 06:02 - 2015-07-31 13:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-10-01 06:02 - 2015-07-31 13:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-10-01 06:02 - 2015-07-31 13:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-10-01 05:58 - 2015-07-09 07:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-10-01 05:58 - 2015-07-09 07:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-10-01 05:58 - 2015-07-01 08:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-09-30 17:51 - 2015-08-17 10:18 - 01814016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-30 17:51 - 2015-08-17 10:17 - 12388352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-30 17:51 - 2015-08-17 10:14 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-30 17:51 - 2015-08-17 10:13 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-30 17:51 - 2015-08-17 10:12 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-30 17:51 - 2015-08-17 10:12 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-30 17:51 - 2015-08-17 10:11 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-30 17:51 - 2015-08-17 10:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-30 17:51 - 2015-08-17 10:10 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-30 17:51 - 2015-08-17 10:10 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-30 17:51 - 2015-08-17 10:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-30 17:51 - 2015-08-17 10:10 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-30 17:51 - 2015-08-17 10:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-09-30 17:51 - 2015-08-17 10:10 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-30 17:51 - 2015-08-17 10:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-30 17:51 - 2015-08-17 10:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-30 17:51 - 2015-08-17 10:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-30 17:51 - 2015-08-17 10:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-30 17:51 - 2015-08-17 10:10 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-09-30 17:51 - 2015-08-17 10:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-09-30 17:51 - 2015-08-17 10:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-09-30 17:51 - 2015-08-17 10:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-30 13:46 - 2015-09-30 13:46 - 00000920 _____ C:\Users\olkoevi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-29 09:21 - 2015-09-30 15:01 - 00000000 ____D C:\Program Files\GoHD
2015-09-29 09:20 - 2015-09-29 09:20 - 00000000 ____D C:\Users\olkoevi\AppData\Local\MyBrowser
2015-09-29 09:07 - 2015-09-30 15:28 - 00000000 ____D C:\Users\olkoevi\AppData\Local\03E83C81-1443517651-DC11-BC06-001B38B673E6
2015-09-29 09:06 - 2015-09-30 15:01 - 00000000 ____D C:\Program Files\03E83C81-1443542793-DC11-BC06-001B38B673E6
2015-09-27 09:56 - 2015-09-30 13:53 - 00012234 _____ C:\EamClean.log
2015-09-27 09:45 - 2015-09-28 23:22 - 00000000 ____D C:\ProgramData\Emsisoft
2015-09-27 09:10 - 2015-09-27 09:10 - 00000859 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-09-27 09:10 - 2015-09-27 09:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-09-27 09:09 - 2015-10-06 09:06 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-09-26 04:47 - 2015-09-26 04:47 - 00000000 _____ C:\Windows\system.ini
2015-09-26 03:53 - 2015-09-26 03:53 - 30998084 _____ C:\Users\olkoevi\Documents\Hkey_curr_2015_09_26.reg
2015-09-07 08:51 - 2015-09-07 08:51 - 04208128 _____ C:\Users\olkoevi\Documents\Világörökségi helyszínek - Oroszország ... .pps
2015-09-07 00:41 - 2015-09-07 01:19 - 00027648 _____ C:\Users\olkoevi\Documents\Backup of To Whom It May Concern.wbk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-06 09:07 - 2014-11-13 10:16 - 00000000 ____D C:\Download
2015-10-06 08:07 - 2008-02-18 16:01 - 00000000 ____D C:\Users\olkoevi
2015-10-06 07:41 - 2008-08-23 16:49 - 00000000 ____D C:\Windows\Minidump
2015-10-06 07:31 - 2015-06-05 00:26 - 00000962 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2015-10-06 07:21 - 2008-02-13 18:44 - 01055280 _____ C:\Windows\WindowsUpdate.log
2015-10-06 07:13 - 2013-05-22 00:18 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-06 07:07 - 2008-03-16 22:19 - 00002511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\New Office Document.lnk
2015-10-06 06:55 - 2013-09-11 08:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-06 06:52 - 2013-05-22 00:17 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-06 06:52 - 2006-11-02 05:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-06 06:51 - 2012-02-24 03:18 - 00032540 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-06 06:40 - 2014-06-07 06:46 - 00078032 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2015-10-06 06:40 - 2014-06-07 06:41 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2015-10-06 06:39 - 2006-11-02 05:45 - 00003680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-06 06:39 - 2006-11-02 05:45 - 00003680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-06 02:18 - 2014-09-18 03:12 - 00000000 ____D C:\ProgramData\MFAData
2015-10-06 02:14 - 2014-06-07 06:42 - 00017408 _____ C:\Windows\system32\rpcnetp.dll
2015-10-06 00:43 - 2012-03-12 06:38 - 00000000 ____D C:\Users\olkoevi\AppData\Local\CrashDumps
2015-10-06 00:31 - 2015-06-05 00:26 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2015-10-05 23:13 - 2008-05-24 09:01 - 00000000 ____D C:\Users\olkoevi\AppData\Roaming\Skype
2015-10-05 22:55 - 2009-01-06 02:29 - 00000000 ____D C:\Windows\pss
2015-10-05 09:40 - 2012-02-20 13:10 - 00000000 ____D C:\ProgramData\TEMP
2015-10-05 09:13 - 2010-01-27 08:06 - 00000000 ____D C:\Users\olkoevi\AppData\Roaming\XadesSigner
2015-10-05 09:13 - 2006-11-02 03:33 - 00867700 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-05 08:00 - 2014-09-20 14:45 - 00004319 _____ C:\Users\olkoevi\Desktop\avgrep.txt
2015-10-05 05:14 - 2013-04-06 07:37 - 00000000 ____D C:\Program Files\CallStation
2015-10-03 23:49 - 2008-06-04 09:56 - 00000000 __RHD C:\VProRecovery
2015-10-03 11:11 - 2013-12-29 03:44 - 00643072 _____ (Microsoft Corporation) C:\Windows\system32\AUTOCHK.EXE
2015-10-03 11:11 - 2009-04-11 08:19 - 00643072 _____ (Microsoft Corporation) C:\Users\olkoevi\Desktop\autochk.exe
2015-10-03 07:02 - 2014-11-13 10:47 - 00002357 _____ C:\Users\Public\Desktop\Reflect.lnk
2015-10-03 04:59 - 2015-05-11 03:57 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Free 9.0
2015-10-02 08:33 - 2010-03-08 07:30 - 00001356 _____ C:\Users\olkoevi\AppData\Local\d3d9caps.dat
2015-10-02 08:02 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-10-02 03:23 - 2010-03-10 07:18 - 00002373 _____ C:\Users\olkoevi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
2015-10-02 02:43 - 2015-05-28 01:40 - 00000000 ____D C:\Windows\system32\config\Before Compact
2015-10-02 01:45 - 2008-02-18 16:03 - 00000000 ____D C:\Users\olkoevi\AppData\Local\Google
2015-10-02 01:44 - 2007-06-08 22:21 - 00000000 ____D C:\Program Files\Google
2015-10-02 00:06 - 2007-06-08 21:59 - 00000000 ____D C:\DOCS
2015-10-01 11:34 - 2013-09-08 04:13 - 00000000 ____D C:\Windows\system32\MRT
2015-10-01 07:40 - 2006-11-02 05:35 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-10-01 07:16 - 2010-06-26 06:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-10-01 07:15 - 2008-08-24 09:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-10-01 07:10 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\rescache
2015-10-01 06:48 - 2006-11-02 05:44 - 00400176 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-30 15:40 - 2014-06-07 06:46 - 00078032 ____N (Absolute Software Corp.) C:\Windows\system32\rpcnet.exe
2015-09-30 13:55 - 2008-02-18 16:02 - 00000915 _____ C:\Users\olkoevi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-09-30 13:45 - 2009-08-08 04:45 - 00000886 _____ C:\Users\olkoevi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2015-09-29 09:17 - 2015-06-07 08:39 - 00001141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-29 09:17 - 2015-06-07 08:39 - 00001129 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-29 09:17 - 2009-04-06 06:28 - 00001085 _____ C:\Users\Public\Desktop\Samsung PC Studio 3.lnk
2015-09-29 06:09 - 2015-05-10 23:03 - 00000000 ____D C:\Users\olkoevi\Download
2015-09-29 05:45 - 2015-05-10 23:02 - 00000000 ____D C:\Users\olkoevi\DOCS
2015-09-27 06:54 - 2015-05-28 01:40 - 00000000 ____D C:\Windows\system32\config\SM Registry Backup
2015-09-26 03:07 - 2013-09-09 01:16 - 00000038 _____ C:\Program Files\GPACgpac_pl.m3u
2015-09-20 08:13 - 2010-03-02 03:56 - 00000000 ____D C:\Users\olkoevi\AppData\Roaming\vlc
2015-09-16 09:35 - 2014-09-18 03:37 - 00000813 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-09-16 09:35 - 2014-09-18 03:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-09-15 01:04 - 2014-10-07 00:49 - 00002337 _____ C:\Users\Public\Desktop\Skype.lnk

==================== Files in the root of some directories =======

2002-08-23 19:10 - 2002-08-23 19:10 - 0266840 _____ () C:\Program Files\Autorun.bmp
2005-01-17 07:42 - 2005-01-17 07:42 - 0270426 ____R () C:\Program Files\AutoWLAN.bmp
2015-06-07 07:43 - 2015-01-25 16:19 - 0002009 ____N () C:\Program Files\Eula.txt
2013-09-09 01:16 - 2015-09-26 03:07 - 0000038 _____ () C:\Program Files\GPACgpac_pl.m3u
2015-06-07 07:43 - 2015-05-10 21:56 - 2508432 ____N (Sysinternals - www.sysinternals.com) C:\Program Files\procexp.exe
2006-08-04 15:55 - 2006-08-04 15:55 - 0000013 _____ () C:\Program Files\verfile.tic
2014-11-10 06:55 - 2014-11-11 12:03 - 0000204 _____ () C:\Users\olkoevi\AppData\Roaming\settings.xml
2008-07-27 13:30 - 2008-07-27 13:30 - 0024064 _____ () C:\Users\olkoevi\AppData\Roaming\UserTile.png
2010-03-08 07:30 - 2015-10-02 08:33 - 0001356 _____ () C:\Users\olkoevi\AppData\Local\d3d9caps.dat
2008-02-22 00:16 - 2015-08-04 07:32 - 0169984 _____ () C:\Users\olkoevi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-01-05 13:53 - 2009-01-05 13:53 - 0000095 _____ () C:\Users\olkoevi\AppData\Local\fusioncache.dat
2009-12-04 04:39 - 2013-10-29 05:58 - 0004096 ____H () C:\Users\olkoevi\AppData\Local\keyfile3.drm
2009-04-06 06:55 - 2014-06-25 12:22 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device unknown
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {8ca738da-1635-11dc-b056-0016d498088e}
displayorder {ebffed5d-6b3b-11e5-8252-e5079a574609}
{current}
toolsdisplayorder {572bcd56-ffa7-11d9-aae0-0007e994107d}
{memdiag}
timeout 30
resume No
customactions 0x1000000720001
0x54000001
custom:54000001 {572bcd56-ffa7-11d9-aae0-0007e994107d}

Windows Boot Loader
-------------------
identifier {572bcd56-ffa7-11d9-aae0-0007e994107d}

Windows Boot Loader
-------------------
identifier {8ca738d9-1635-11dc-b056-0016d498088e}
device unknown
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale en-US
inherit {bootloadersettings}
recoverysequence {572bcd56-ffa7-11d9-aae0-0007e994107d}
recoveryenabled Yes
osdevice unknown
systemroot \Windows
resumeobject {8ca738da-1635-11dc-b056-0016d498088e}
nx OptIn

Windows Boot Loader
-------------------
identifier {9f0025f0-12d4-11dc-bca1-00037aa6197e}
device unknown
path \Windows\system32\winload.exe
description Windows Vista
locale en-US
inherit {bootloadersettings}
osdevice unknown
systemroot \Windows
resumeobject {8ca738da-1635-11dc-b056-0016d498088e}
nx OptIn

Windows Boot Loader
-------------------
identifier {ebffed5d-6b3b-11e5-8252-e5079a574609}
device unknown
path \Windows\system32\winload.exe
description Windows Vista ™ Home Basic (recovered)
osdevice unknown
systemroot \Windows

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows Vista ™ Home Basic (recovered)
osdevice partition=C:
systemroot \Windows
resumeobject {46334889-6b3b-11e5-8e43-806e6f6e6963}

Resume from Hibernate
---------------------
identifier {46334889-6b3b-11e5-8e43-806e6f6e6963}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Vista ™ Home Basic (recovered)
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Resume from Hibernate
---------------------
identifier {8ca738da-1635-11dc-b056-0016d498088e}
device unknown
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice unknown
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device unknown
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {ntldr}
device unknown
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description Ramdisk Device Options
ramdisksdidevice unknown
ramdisksdipath \boot.sdi



LastRegBack: 2015-10-06 07:57

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:04-10-2015
Ran by olkoevi (2015-10-06 09:09:01)
Running from C:\Download
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) (2008-02-14 01:44:44)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-792132873-3858574900-2171385532-500 - Administrator - Disabled)
ASPNET (S-1-5-21-792132873-3858574900-2171385532-1007 - Limited - Enabled)
Guest (S-1-5-21-792132873-3858574900-2171385532-501 - Limited - Enabled)
olkoevi (S-1-5-21-792132873-3858574900-2171385532-1003 - Administrator - Enabled) => C:\Users\olkoevi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {9425001D-A331-13F4-34E6-D05C71B96A74}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 3.1.0 - )
ABBYY FineReader 5.0 Sprint Plus (HKLM\...\{D1696920-9794-4BBC-8A30-7A88763DE5A2}) (Version: 5.0.0.3501 - ABBYY Software House)
AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7761-000000000004}_955) (Version: - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader 8.1.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 10.1.4.20 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Allok Video Joiner 4.4.0219 (HKLM\...\Allok Video Joiner_is1) (Version: - Allok Soft Inc.)
Apple Application Support (HKLM\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ArcSoft PhotoImpression 6 (HKLM\...\{D03E7B00-CA85-4684-9321-1888873C34BD}) (Version: 6 - ArcSoft)
ArcSoft Print Creations (HKLM\...\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}) (Version: - ArcSoft)
ArcSoft Software Suite (HKLM\...\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}) (Version: - )
ATI Catalyst Install Manager (HKLM\...\{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}) (Version: 3.0.641.0 - ATI Technologies, Inc.)
Audacity 2.0.2 (HKLM\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6140 - AVG Technologies)
AVG 2015 (Version: 15.0.4435 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6140 - AVG Technologies) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v5.10.06(T) - )
CallStation (HKLM\...\CallStation) (Version: - )
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.140.0517 - Chicony Electronics Co.,Ltd.)
CamStudio (HKLM\...\CamStudio) (Version: - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon iP7200 series On-screen Manual (HKLM\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version: - Canon Inc.)
Canon iP7200 series User Registration (HKLM\...\Canon iP7200 series User Registration) (Version: - Canon Inc.‎)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Catalyst Control Center - Branding (HKLM\...\{22543949-70E8-45D0-A938-F38143EB8BF8}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2007.0621.1715.28924 - ATI) Hidden
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.00.03 - TOSHIBA)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 10.0 - Emsisoft Ltd.)
EPSON Copy Utility (HKLM\...\{B69CC1A5-0404-11D6-ABCB-005004C21D30}) (Version: - )
EPSON Photo Print (HKLM\...\{0B53B71D-9E2F-42B8-9123-96354872D166}) (Version: - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
EPSON RX500 Reference Guide (HKLM\...\Silent Package Run-Time Sample) (Version: - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
EPSON Smart Panel (HKLM\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version: - )
ffdshow v1.3.4532 [2014-07-17] (HKLM\...\ffdshow_is1) (Version: 1.3.4532.0 - )
Free DWG Viewer 7.3 (HKLM\...\{BC66852F-0928-494F-B3C1-5FF5DB4F88BC}) (Version: 7.3.0.174 - IGC)
Free FLV to AVI Converter version 1.0 (HKLM\...\{65560D1F-0BD5-49F4-9F28-135F01CD9CA3}_is1) (Version: 1.0 - )
Free MP4 To AVI Converter (HKLM\...\{40803B44-2D66-4981-83F5-8CEE8193F308}) (Version: 1.0.0 - convertaudiofree)
Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.7.4 - Ellora Assets Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - )
Google Toolbar for Internet Explorer (Version: 4.0.0.002 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKU\.DEFAULT\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
GPL MPEG-1/2 DirectShow Decoder Filter (HKLM\...\{870815CA-6B60-47B6-88DD-A67F42D2F03E}) (Version: 0.1.2 - Peter Wimmer)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{C8005A7B-9638-41DD-B83B-AF277754E211}) (Version: 14.03.0000 - Intel Corporation)
Internet Manager (HKLM\...\{27D28586-BEF1-4E06-8787-3B1FC3A41489}) (Version: 1.0.0.3 - ZTE CORPORATION)
InterVideo AVControlSDK (HKLM\...\{A644254B-92F6-4970-8635-AB0775371E72}) (Version: - InterVideo Inc.)
iolo technologies' System Mechanic (HKLM\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 14.6.1 - iolo technologies, LLC)
Java™ SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Joboshare DVD Ripper Platinum (HKLM\...\Joboshare DVD Ripper Platinum) (Version: 2.8.2.0319 - Joboshare)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
LTE USB MODEM (HKLM\...\T-mobile_Hungary Seagull LTE USB MODEM_is1) (Version: - T-mobile_Hungary)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7220 - Paramount Software (UK) Ltd.) Hidden
Media Manager for WALKMAN 1.2 (HKLM\...\{5A6ED905-D19D-4954-8499-0DAF386460F7}) (Version: 1.2.771 - Sony)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version: - )
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
MiniTool Partition Wizard Home Edition 7.1 (HKLM\...\{34A153FE-6926-4C14-B48A-B71E68C672A8}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
MP3 Rocket (HKLM\...\MP3 Rocket) (Version: 6.3.16 - MP3 TechSupport Inc)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-792132873-3858574900-2171385532-1003\...\MyFreeCodec) (Version: - )
NAVIGON Fresh 3.3.1 (HKLM\...\NAVIGON Fresh) (Version: 3.3.1 - NAVIGON)
Nero 9 Lite (HKLM\...\{0c55a530-0d1b-4962-830e-ce388f926697}) (Version: - Nero AG)
NetWorx 5.2.2 (HKLM\...\NetWorx_is1) (Version: - Softperfect Research)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Ogg Codecs 0.81.15562 (HKLM\...\Ogg Codecs) (Version: 0.81.15562 - Xiph.Org)
PCFriendly (HKLM\...\PCFriendly) (Version: - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pocket RAR documentation (HKLM\...\PocketRAR) (Version: - )
Protector Suite QL 5.8 (HKLM\...\{2CD82D77-8D1E-44FC-9A90-BBA95AC8D6B7}) (Version: 5.8.0.4024 - UPEK Inc.)
QuickTime (HKLM\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)
RealDownloader (Version: 1.3.4 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.4 - RealNetworks)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RegMagik (HKLM\...\RegMagik) (Version: 3.26.4 - Guzner Consulting)
Replay Media Catcher 3.02 (HKLM\...\Replay Media Catcher 3.02) (Version: 3.02 - Applian Technologies Inc.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.) Hidden
Samsung PC Studio 3 (HKLM\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.2.3.90502 - Samsung Electronics Co., Ltd.)
Samsung PC Studio 3 (Version: 3.0.0.71207 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
ScanToWeb (HKLM\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version: - )
Skins (Version: 2007.0621.1715.28924 - ATI) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
StreetSmart Pro (HKLM\...\{664708B3-C730-11D5-ADE7-00B0D07D157A}) (Version: 4.18 - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.11.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Telescope Driver (HKLM\...\{B2920232-19DA-44FC-835F-68E427EAE2CE}) (Version: 10.30.09 - PixArt)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}) (Version: 2.00.0001 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0001 - Texas Instruments Inc.) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.02 - )
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.00.29 - TOSHIBA)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.0.8 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.00.24A - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.48.0.3C - TOSHIBA)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.48.0.11C - TOSHIBA)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.2 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.48.0.8C - TOSHIBA)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.7 - TOSHIBA Corporation)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: - )
Trader Workstation (HKU\S-1-5-21-792132873-3858574900-2171385532-1003\...\Trader Workstation) (Version: - Interactive Brokers)
Utility Common Driver (Version: 0.0.50.7C - TOSHIBA) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Mail Recovery v.3.2.0 (HKLM\...\Windows Mail Recovery_is1) (Version: - Email Adept, Ltd.)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WM Recorder 12.1 (HKLM\...\WM Recorder 12.1) (Version: - )
XnView 2.22 (HKLM\...\XnView_is1) (Version: 2.22 - Gougelet Pierre-e)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-792132873-3858574900-2171385532-1003_Classes\CLSID\{6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1}\InprocServer32 -> C:\Windows\system32\TosBtShell.dll (TOSHIBA)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 03:23 - 2009-08-22 09:48 - 00324264 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E7AA918-2EA7-4207-9552-52B99661ACDA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {19DD8CEA-321A-47E9-A41D-E0A572738F3A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-792132873-3858574900-2171385532-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.)
Task: {21A6181C-2964-4F98-A8ED-EB13C11BCA33} - System32\Tasks\{BC8926AA-6CC5-4D9C-85D8-5C1AAFF3A1DD} => Iexplore.exe http://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?page=tsProgressBar
Task: {28EDE34C-7773-47C8-BD2C-1C67F385955E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {31BD8C4C-C722-4E86-8384-0D102CD6A18E} - System32\Tasks\1114avUpdateInfo => C:\ProgramData\Avg_Update_1114av\1114av_AVG-Secure-Search-Update.exe
Task: {32D94140-921F-4A26-ADD5-C5E0C2BF565F} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {3BD8F5AE-668E-4CAA-80A5-FDBCBC707A71} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.5.0.19\WSCStub.exe
Task: {3F8F1E6E-F9DB-4151-90D4-A3919C4FE107} - System32\Tasks\iolo Process Governor => C:\Program Files\iolo\System Mechanic\iologovernor.exe [2015-08-15] (iolo technologies, LLC)
Task: {41BB8073-C05C-48A9-9727-CBC6DC540831} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-792132873-3858574900-2171385532-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.)
Task: {46CC9B7C-9FD5-4520-8182-C7B015E2DFC2} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-792132873-3858574900-2171385532-1003 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-08-12] (RealNetworks, Inc.)
Task: {54A452CB-6551-465C-91C5-86915D5C97DC} - System32\Tasks\iolo DelOnReboot => cmd.exe /c IF EXIST C:\ProgramData\iolo\ops\smrr.dll del /f C:\ProgramData\iolo\ops\smrr.dll
Task: {64403BBA-E7C3-438C-A430-18DF6AC8C801} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-23] (Adobe Systems Incorporated)
Task: {657D8B4F-28E9-4E26-BC6B-B1CF613C9CEE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-18Core => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-05] (Google Inc.)
Task: {6DB04584-6793-423C-807B-E154626B1D2F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {71469CFB-5AB4-4602-B9E6-6DDD3DEC102F} - System32\Tasks\{8664C2B9-B0CF-4F38-99EE-CD82867CBAA1} => pcalua.exe -a "C:\Windows\Replay Media Catcher\uninstall.exe" -c "/U:C:\Program Files\Replay Media Catcher\Uninstall\uninstall.xml"
Task: {73FB61A0-9A4C-4FCC-95C4-1F3146574939} - System32\Tasks\{36C323AB-FC3B-4AEE-9AE4-978215C9784C} => pcalua.exe -a "C:\Program Files\SAMSUNG\USB Drivers\Uninstall.exe"
Task: {7AF07F85-C6A1-4DA1-82E9-B4A0EC63AE22} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - olkoevi => C:\Program Files\Windows Calendar\wincal.exe [2009-04-10] (Microsoft Corporation)
Task: {89DA4F55-B964-4012-9A56-111587BA0C2F} - System32\Tasks\{FCBA6DFE-42B4-4B6A-87AD-EDC886C74BB1} => Iexplore.exe http://ui.skype.com/ui/0/5.9.0.123/en/abandoninstall?page=tsProgressBar
Task: {89ED9CAF-783B-4CAD-A9FA-A8D8F8237C7C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-792132873-3858574900-2171385532-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.)
Task: {9B241FBB-1EFF-471A-9221-A007AD4B876B} - System32\Tasks\Advanced System~Protector_startup => C:\Program Files\ASP\AdvancedSystemProtector.exe <==== ATTENTION
Task: {9FF4D9D3-6976-4CFD-905E-683699AD457B} - System32\Tasks\4942 => Wscript.exe C:\Users\olkoevi\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {A43BFFFA-92BE-486F-A703-B99F3B8E69BE} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-792132873-3858574900-2171385532-1003 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-08-12] (RealNetworks, Inc.)
Task: {A4EC2268-6EA4-4156-BF9C-08410B593636} - System32\Tasks\{F5900B41-5B2F-4B0A-81BD-E5604B3A6540} => pcalua.exe -a "C:\Program Files\ImTOO\DVD Ripper Standard 5\Uninstall.exe"
Task: {AD796492-0033-49DD-8BC3-7B0D0FB17E78} - System32\Tasks\GoogleUpdateTaskUserS-1-5-18UA => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-05] (Google Inc.)
Task: {AF70A93C-E68D-4467-B80D-598D9808C1B3} - \RealPlayer (32-bit) -> No File <==== ATTENTION
Task: {B5247D42-29AC-4BD9-8AD2-6C3BBEE04E8F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-792132873-3858574900-2171385532-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.)
Task: {B9B11EBA-F97D-49FD-A787-1FC530EB6C55} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.5.0.19\SymErr.exe
Task: {C1C9E3B6-52A4-47C7-93F5-FDD5E68F60B1} - System32\Tasks\{CA2D75A2-FFEA-428B-BAB6-50EE3E10DF9A} => pcalua.exe -a "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" -c /u
Task: {D41785C5-C96F-4A20-91E8-01E0C6159EDD} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-792132873-3858574900-2171385532-1003 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2014-08-12] (RealNetworks, Inc.)
Task: {EB08F040-6F5B-429D-BFE3-D26190C497D3} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.5.0.19\SymErr.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-792132873-3858574900-2171385532-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (Whitelisted) ==============

2009-01-07 06:20 - 2002-07-04 10:38 - 00053248 _____ () C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
2008-08-02 14:33 - 2007-09-20 18:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:ECF54A0E

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com

There are 5747 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-792132873-3858574900-2171385532-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img24.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: CaCCProvSP => 3
MSCONFIG\Services: ccSchedulerSVC => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\Windows\pss\Bluetooth Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^mcserver.lnk => C:\Windows\pss\mcserver.lnk.CommonStartup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Camera Assistant Software => "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: emsisoft anti-malware => "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
MSCONFIG\startupreg: eSzignoTray => C:\Program Files\Microsec\e-Szigno30\EszignoTray.exe
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: iolo Startup => "C:\Program Files\iolo\common\Lib\ioloLManager.exe" /lbstartup
MSCONFIG\startupreg: KeNotify => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LtMoh => C:\Program Files\ltmoh\Ltmoh.exe
MSCONFIG\startupreg: NDSTray.exe => NDSTray.exe
MSCONFIG\startupreg: NetWorx => "C:\Program Files\NetWorx\networx.exe" /auto
MSCONFIG\startupreg: PAC7302_Monitor => C:\Windows\PixArt\PAC7302\Monitor.exe
MSCONFIG\startupreg: PSQLLauncher => "C:\Program Files\Protector Suite QL\launcher.exe" /startup
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: StartCCC => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: T-mobile_Hungary Seagull ModemListener => C:\Program Files\LTE USB MODEM\BackgroundService\ModemListener.exe start
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{3BEC937D-5DE6-4E97-98FF-F1C09D9E23EB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4F349877-B377-41E1-8BCA-9055B968E676}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{C7D5037D-1663-4A4E-A82A-6D04D96C9694}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{390B470F-0E1E-4E1A-B5D6-0ACCDE8173E7}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{B5B687E6-E029-443F-A452-CC612AC010F1}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{7FF8AB2D-7415-4760-BDDD-8C833CB88630}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2657D8FE-3F0C-411E-BC1D-E4BC8C169EF4}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{CAA45498-B0E4-4175-8C5B-44A26EEF340C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B3F4BFF3-4CCD-43EB-AA1A-4AA47A550743}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C6E293A4-286E-45A0-899B-1E9284679B00}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{FF904494-7404-456F-94E7-FFDC6C2C9AAB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{66C1AED5-A71F-4856-BC32-E4541C74E97A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{EABC011C-2358-4A0E-8CFE-974D8BE0C1D8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{FA9BE7F3-074B-4086-84D5-307E777F9F88}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{AEEE1958-6B24-459E-B034-5701A82549C7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{25B00DE7-9E2B-4B69-9057-8DDB564D7697}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{9C446843-5932-4B25-ABEA-7B2976E70ABA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7CC2B572-1E4D-4673-BBE7-30C7EB4B3D7C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{57897C8E-D50D-4F6E-B333-38C821EA2685}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{6FB2C090-9380-403E-8A18-0180E9F63F35}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E8A60B39-7DD0-41BD-BD40-F852EF2BE996}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{769F69FA-00FB-4EC3-8D5D-9160724B10AE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8E608F09-ECDA-427D-950F-546F42B86A7E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B4AC21C2-17A7-4396-9CFF-9CB3E5EADD66}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{843AE769-EFCA-480C-937A-45A0E0C102F7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{CFD8609C-9549-4EBB-8D49-C98060355972}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{637341F6-0974-46EC-9C8D-84E5B2BA2565}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7A8D3340-8235-4F41-9364-B6A929307892}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{03D6690D-DDAF-4933-ABEB-9FD3D3D42800}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{12F02157-5430-45DC-90EA-D5B5E522EEE5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{5FCBE4BE-3CE6-436A-8E13-41719D0A9031}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{33268C27-1325-4C0E-92A3-071F4F28C759}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{907C9ECC-8DFF-457B-8164-EDAF4FE9533B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0F8D2482-52AB-45AE-B980-B0EFAA1B3CB2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2461AF51-555D-48A3-A3C5-95FAA3B9BEF8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{CB01E7C9-17B0-434A-A7F2-C1334162F545}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F55D6BE9-2C31-418C-A3B0-52192ADC7BB6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{730E3C5F-1B8C-4D54-A186-B551F6510B86}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0AD1D43C-0DFB-4DD1-B369-5A994DF92DE0}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F27AB0F3-FDB5-4A36-AAE7-22BA79593E94}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{18A1A90A-43DE-4087-9103-B77ABB38072A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{EDBE69D2-46B7-4088-93FC-74B4443C7537}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{891BCB13-44FB-47B5-9995-7B568F63ACDC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{27D430DC-7DEB-4E52-918B-A8ABBE9EA7D5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{244089DC-6539-48B2-90B6-240CFDAC6296}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{6CC8D582-3EC0-42E1-9C4F-6F9C2EC1F94D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{80D118D3-06C9-448E-BD98-7B5D100E3DA7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{DAF3527B-2C68-432A-8D2C-5A3A3E341452}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{98E831B0-06AA-49CC-8DC1-738C33517B65}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{1F701834-FA0D-4EB0-9D81-C89A67FC04DC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E06FEE09-42C8-4EBB-B07B-FD081292C4D2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7241123E-E5E0-4AF0-8682-1A7A6CE9F566}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0E71DC9B-CBB5-4272-B935-4C82B688E334}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A467B310-F38D-4862-A3C7-14B2446B30B6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B9DB5534-2BDA-48A9-8CF9-C23E400770F9}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{5492D7ED-CFE8-400D-B8BB-3E7C26547235}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B75D793C-6C62-427C-9596-2F72AA4A3D6A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{1AA05F50-B355-4FE1-B019-D22A906D1F34}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{20B86547-F2BC-4998-A911-1EB76C056988}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7AC62791-B4BA-4593-90AE-2AD8B553E58D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4CBD618F-DEBE-4016-BBB6-530F88B17A4B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8D59805C-B93B-4D61-92B5-D8DA11D88259}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{835B7F7C-CC52-4045-BAAB-E2B4A8D90DC9}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2344E4FB-1511-4033-BBB1-6C2BBEF37C70}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{08A92136-4566-43C4-812E-DE0851F552D3}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{52A07101-A7FF-4C1A-A1B6-EBE99FEB887D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{5EB8D371-63B5-487C-8982-1431437442A9}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{86A1210A-C5B0-4208-8230-B4E191F40D0F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F59DE963-55B6-43FB-80F0-79C54A6D76A9}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C58539A3-2C9A-449D-887E-C18B2E02F090}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8BFB370A-D1A4-4E3B-AF59-56279802A414}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0E5143F1-A6FF-4414-8BD5-BDFB304E69DA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E551ADF3-B77E-48F4-9951-11BD105DB51B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{12E6028B-40E6-4433-BB32-DE6B0E321D9E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{66B02BF8-6FEC-42AD-9126-DDFB69A1239C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{074B109B-4A1E-4963-9C63-055BEE2866D7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8EBD30D2-61DC-475D-8F3E-D75578C68F16}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7CFFD585-0317-4DFD-9DDE-53A5CDA26465}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{004A315F-7A84-48D6-9AF7-43C8D02F2925}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{966412F3-90B9-4D24-98D0-0A61017D8FA6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{684F3432-411C-4765-A9C4-539898239876}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B5EA1BFB-81AF-4DCE-994B-6EE511933D6E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B52C1A09-7ED3-41BE-9395-E120364650F5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{02E76D36-6418-4DF5-91D9-983AE73180F0}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{852B6D97-8B4C-40E1-A485-6F14F45FF34F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8073843D-146A-4067-87D3-1BFD5561ACAC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F0F1CE70-2751-44DC-A29C-1F3C1021946F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{86A45A3F-543F-46C3-B309-90D5DBAED98A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{11B2C587-FA6E-4D15-8807-0F83025A5E9E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{BD6AE3F3-92E3-4DAE-9B48-52522D4A136E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A641EDFB-8646-4FF2-A0B0-D0A110CDA5A6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B5276966-3555-493C-9F52-1CB86DD7B221}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7AFFCF94-30CB-4EC8-923C-5DFC3897E5B0}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8759DD69-5657-41F3-A9D5-1C64FC5E57E8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{38720C5A-72EA-49B1-953F-F9FE048F6E37}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{DB1EDB2D-A39D-43B5-9710-0C22A87341B9}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4F12E1CC-2F41-4CCF-9C87-59093C232D2D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D85F7922-8A5A-490C-86C6-FCA8205CDC22}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E8FEF974-B778-488B-AD57-2E6337EB09AA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2B1B53F5-BF4E-48CE-B65B-736E32A5B6B3}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C5CA15B9-C900-434F-BABA-BBCECAFA4EF1}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D59D0929-716D-49D6-A4E4-73BBDCE08235}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{51DD645B-9675-4E80-8EB5-09D814DFC3DF}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{AB75FAA4-F717-4F9E-9602-1D0C8FCEF17C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B0F95275-DEC2-49C6-9FB1-F46F2A16DC14}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0663CFC0-0480-4E8D-8614-8710A1859F14}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{912C5F05-2602-4F05-922A-170752873B1E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B64E0BB3-25D3-4FE3-8CC5-63F5D7E4692B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8CFD2C86-D2EC-4C17-A353-9F8FC2334C97}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E6C20676-FCD2-454D-A2CF-3F993C2B7543}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{98CD591D-C1AF-4A7E-BA98-2B768F309419}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E610F92E-CA1B-465B-B569-C76AF451C199}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{3C397E42-A822-4DB8-8BCE-1E017139E25B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B0668436-247A-4FF4-A2C8-8C04BD3E93C1}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2860EAF3-8B99-4F30-BFCD-E82BB5E919E4}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{063355C3-C541-44BF-87A1-C35C1529A2CE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7A5F4A2E-19C3-43A5-A865-364437236812}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E8B406B1-9804-4B71-80A0-827FDC64AFB9}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{9D45AA03-39BB-4F9C-BFB4-02F18B10F384}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{CC76B920-42D8-4C7E-98F5-BEB1533B9B47}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C0DF30AB-B575-4D2A-9C31-21F4FCE75E87}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8B8676F9-60E9-48D9-A6DF-FE4002BC3B89}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{3A4565A0-31BE-4E7C-B436-AE02EB81A12F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B54C098F-10D8-4DE3-9BEA-3A66A975143C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B3B31102-F28A-4629-B642-41C69454447C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D8AA74DF-D7C2-49CC-B441-EBB6B3B36755}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E68A43DD-C00B-4A89-9A25-C6132B3BBFD5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{77E2214A-9B57-409F-B34E-875DDDDD2EF1}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{FE2107A2-3FED-4635-B92D-A720323590E4}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A5DB174B-3E79-4AD0-8C84-5592D17EF76C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{822BE39B-6FD6-4C6E-A9A0-D82DD538FD72}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E703E59D-07B0-4097-B871-965C09DD0477}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{1ED3E7C4-6C0B-4D75-AB23-E3899F3C4812}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B94DE7CA-741C-46F9-92DC-0E4C6BB7B47D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{5517DFE0-140C-47AD-975E-5148563DC763}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0351DA18-26A3-409C-A97A-7C77A32818BE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7C6C208B-4861-427E-A3E5-0334E81B22F9}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A8A74F6C-4D15-446C-8922-18DE79C9AD2D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4CA6FC9E-9FC5-4A48-9837-086997C01A9E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8164C38C-97F6-4AEF-96E3-B1E20829DA11}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{135038DC-1F4E-48B0-8241-D4FDF139AD97}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{FADDEA9A-9ADD-413A-AB95-5C4599B17820}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2D32126D-7C7F-4F08-9C12-A7DF2645BC32}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{1A1B160C-9C39-43F3-B4A1-9C7D36F1049D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{9EC69FAC-2C1A-4800-9A96-36961163F3E2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2BD7FAA6-2276-4F37-AA0B-E74D81E679A8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{11818711-B414-436E-A69C-679C10C196FC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E9F535BD-A518-487E-B3B9-3C4D42A49DBE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{1872E1F4-7A87-4618-9461-6358ABA0308C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F5D4BE7F-A3B9-4C6A-8A47-879AE9142D16}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B9D1F051-CF96-48F5-840A-D6EA3B491C5B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0E872ADC-6D30-4641-BAB9-427600FBC76F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{75ED6075-4ACF-430A-82B6-37C0C5E8162E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D60AFB3B-4464-4677-A519-4432C4D20F1D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{9EA5AFC8-AF0A-4CC0-9C03-8660B5947991}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{84D4D145-FCF1-4012-8736-B4F2C899B1B9}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B8025C63-795D-4A32-A25D-E1541DFBD5EB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7E5524BB-867F-4FA9-AFC4-323A2E7B5EB2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D0953CD1-0B05-44A2-B9F1-640816F6A97B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{769DADA5-5C37-4055-AAC2-002183150214}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D8287EB7-257E-40C4-AEE7-0DA7C203BF07}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{73E76A3D-79D5-41F8-8B7D-0B07484EB226}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0CFEF9ED-9F97-4D88-A668-ED4B9D753009}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8ED363BE-81AE-4ED4-997A-400C4B44A638}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D5978711-F2AA-497A-98C5-C6A3C6DEA217}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C22FAA6A-F8AA-4F2C-984D-4A3942264C81}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0CABDD5B-A801-43E9-896A-75DBA8D73F86}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{FDB9F44E-BC64-476A-BF28-7309ACF339ED}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B7090C81-D751-4896-A32E-9E28D4DC29EB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{CFED77D7-7E31-45F7-9098-296CB3248D49}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{FC9EADEE-A68A-44AC-88D8-3FD51E0C26BA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4D0DB498-86BF-4F04-B8F5-D88A61F50C8B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F7659F64-D073-4476-AF58-6A612D1DF7BC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{6EF61CE8-6D10-4237-8D0F-9FF472220455}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0C88ECC5-DABD-4B60-AACE-B4E9A0E47134}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F362394E-87D5-47F0-A35D-6D263F326562}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{842FE9FD-104B-4A62-9D99-AD42BC81F37F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E2EB9892-E51A-4481-8C51-71127CAB9AB7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{960FF9E0-B889-45D1-B241-13CDFCEE8C4E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{DAF778E5-2D78-4278-8D6B-09C75C722344}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{CD36333E-DBB6-4DEE-B01F-ECD30571A38E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{1C3B3E32-ED4B-428E-B3EE-8DD5F829E9BE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{1DB5A557-AAF0-4CA2-A01F-8C3644977752}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{50063B18-4EA4-43CE-BFBF-F90194BE9B32}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{5D69FF9E-8961-4713-8F71-F9173EE8C157}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{88694E08-E873-4566-9175-02ED21B51F32}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{9F3033F1-981A-4E6D-887B-D2BDF930EB95}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2D09ED08-8201-4EC1-A355-6368B651768A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E66C5E9C-CC6F-4E60-9A94-142749965856}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{703111DC-869B-40E2-9ACD-960CFECFE553}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A8B303B3-7AE6-4CA8-9FC8-540EB8129118}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{38C02E84-A9E7-4588-923C-D2A2BA19B4CB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{08FBD5D5-693D-4E3E-82DA-D3B761056FE3}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{3989663E-A6AF-4109-BD13-C8E32C2E2F52}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8F82FB84-BD65-48D1-91D1-4EA30DD8D0A1}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D8351018-FF8F-4311-B87E-D1364B9A5932}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2A1AD510-3B31-41FA-9C83-AB9E48C48F57}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F2BB5B6C-FFA9-4B40-83C1-09717EC05FD1}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B08947D9-ED24-4859-8A5B-1F7F95EFD0F9}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0DF713D5-95A3-41FD-AB0B-54F325227815}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A9C7D5D9-518C-47A9-B1C3-6EE8099EEB63}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{AB950A10-3393-496E-9B65-8ED64E407197}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8DE8E222-1672-4AB1-B058-021D9CDC50A6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{76989D47-ACC9-4E59-A806-4539C43D4D33}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8D53AF00-1FEB-48B9-AE8D-0286576B29C5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D7CCB611-324B-43E2-98A2-E65619C42263}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{FAF8D956-F16B-43A1-8825-10F3AA618AE8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{FEFFED64-BF20-4DB9-A246-2E83B86F6DB7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{267AED55-336D-4005-947C-780F6B0449BD}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F277F21E-0249-4888-AC6C-A02CF219321C}] => (Allow) LPort=80
FirewallRules: [{E54CC46F-2BCD-4802-A591-45CE54BE9F3D}] => (Allow) LPort=80
FirewallRules: [{7A1E4326-332C-4605-8820-0F55A6DB48C7}] => (Allow) LPort=80
FirewallRules: [{A4088FA8-4850-4BAF-9347-B12B1334803E}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{FF8B5582-E5D6-472B-AA73-3F6006C9DD24}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{B6C52B93-5921-4232-8011-420F76A95EFC}] => (Allow) C:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe
FirewallRules: [{4A5CF7F0-6099-48B4-BAD4-310E6ECB013D}] => (Allow) C:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe
FirewallRules: [{BE42FD90-D5D8-4D8B-A9AA-309E2DF91701}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{947A6EEA-F17B-4804-B249-79F442A5C1D4}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [TCP Query User{2E217DB9-94F7-4FE5-BFDC-C0327076229B}C:\program files\java\jre1.6.0\bin\javaw.exe] => (Block) C:\program files\java\jre1.6.0\bin\javaw.exe
FirewallRules: [UDP Query User{E95A9854-8262-42F2-912A-8FFA88680E82}C:\program files\java\jre1.6.0\bin\javaw.exe] => (Block) C:\program files\java\jre1.6.0\bin\javaw.exe
FirewallRules: [{29142F67-6654-45F1-8295-743B6570F159}] => (Allow) C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe
FirewallRules: [{D00894E3-5856-48BE-B616-5A1422BD08D6}] => (Allow) C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe
FirewallRules: [{97141DF3-F324-4BB3-BD3C-5DDDDD1469A8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{CC8BBD54-5DE3-4290-ABC6-27B215A181EA}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{F43B48C0-BA97-47CF-87FF-B4C3F908F289}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{DB41B342-23B9-4E79-BEA7-622F15C71EB5}D:\res\jre\bin\javaw.exe] => (Block) D:\res\jre\bin\javaw.exe
FirewallRules: [UDP Query User{5D35643D-2D33-44AB-8E9E-D422BB69DFE0}D:\res\jre\bin\javaw.exe] => (Block) D:\res\jre\bin\javaw.exe
FirewallRules: [{191ACF65-050C-4D02-BE01-9C6D4E0FBE85}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2718611C-4E56-424A-A736-A636E0B132FC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3C17D4FE-243A-499E-A5E5-79CEEDEBB956}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{4FBA374D-2210-46BA-B115-35E8C4E91E79}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{C681431A-0754-495D-B43B-04BAC1991C54}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{9849E0E9-2E0C-418F-89A4-246926FC215B}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{B894268C-BC1E-48F7-BB22-F706246823E5}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{4B20A17A-0950-45B5-88BB-62A87843E6B6}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{F63DA46C-F73D-4062-AB19-B0E8B65B7041}] => (Allow) C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [{39E6ED12-B7E1-4D41-862A-4A915CEBDBC7}] => (Allow) C:\Program Files\MyBrowser\MyBrowser\Application\mybrowser.exe
FirewallRules: [{468CAE43-430C-4B74-9281-7E0EDFF9A4C4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\ivp\NetInt\Netint.exe] => Enabled:NIE - Toshiba Software Upgrades Engine
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\Ivp\ISM\pinger.exe] => Enabled:Toshiba Software Upgrades Pinger

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/06/2015 07:43:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/06/2015 07:43:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/06/2015 07:42:49 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (10/06/2015 06:50:27 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\wuaueng.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\System32\wuaueng.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (10/06/2015 06:50:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application svchost.exe_wuauserv, version 6.0.6001.18000, time stamp 0x47918b89, faulting module wuaueng.dll, version 7.6.7600.256, time stamp 0x4fca8fc5, exception code 0xc0000006, fault offset 0x0009df25,
process id 0x5f8, application start time 0xsvchost.exe_wuauserv0.

Error: (10/06/2015 02:25:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/06/2015 02:25:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/06/2015 02:25:24 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\Resources\1033\sqlevn70.rll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program SQL Server Windows NT because of this error.

Program: SQL Server Windows NT
File: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\Resources\1033\sqlevn70.rll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (10/06/2015 02:25:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application sqlservr.exe, version 2005.90.5000.0, time stamp 0x4d02a863, faulting module kernel32.dll, version 6.0.6002.19381, time stamp 0x554d42a0, exception code 0xc0000006, fault offset 0x00021391,
process id 0x9c8, application start time 0xsqlservr.exe0.

Error: (10/06/2015 02:16:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (12/17/2008 04:09:35 AM) (Source: atikmdag) (EventID: 10266) (User: )
Description: Unknown EDID version

Error: (12/17/2008 04:09:35 AM) (Source: atikmdag) (EventID: 10266) (User: )
Description: Unknown EDID version

Error: (12/17/2008 04:09:35 AM) (Source: atikmdag) (EventID: 10266) (User: )
Description: Unknown EDID version

Error: (12/17/2008 04:09:45 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:08:06 AM on 12/17/2008 was unexpected.

Error: (12/17/2008 02:58:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: HIPS Firewall Helper1

Error: (12/17/2008 02:57:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (12/17/2008 02:57:26 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (12/17/2008 02:57:07 AM) (Source: atikmdag) (EventID: 10266) (User: )
Description: Unknown EDID version

Error: (12/17/2008 02:57:07 AM) (Source: atikmdag) (EventID: 10266) (User: )
Description: Unknown EDID version

Error: (12/17/2008 02:57:07 AM) (Source: atikmdag) (EventID: 10266) (User: )
Description: Unknown EDID version


CodeIntegrity:
===================================
Date: 2015-10-06 09:08:09.667
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgmfx86.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-06 09:08:08.996
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgmfx86.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-06 09:08:08.325
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgmfx86.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-06 09:08:07.654
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgmfx86.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-06 09:08:06.796
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-06 09:08:06.125
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-06 09:08:05.439
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-06 09:08:04.768
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-06 09:08:04.051
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-10-06 09:08:03.364
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5450 @ 1.66GHz
Percentage of memory in use: 30%
Total physical RAM: 2045.69 MB
Available physical RAM: 1431.1 MB
Total Virtual: 4334.61 MB
Available Virtual: 3944.07 MB

==================== Drives ================================

Drive c: (SQ008693V04) (Fixed) (Total:184.84 GB) (Free:116.18 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (Data) (Fixed) (Total:232.33 GB) (Free:159.43 GB) NTFS
Drive g: (Utolso) (Fixed) (Total:233.42 GB) (Free:222.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 186.3 GB) (Disk ID: C38AB7E8)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=184.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: ABFF43C6)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 07 October 2015 - 09:49 AM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:52 AM

Posted 07 October 2015 - 10:55 AM

Please copy and paste the logs in your reply rather than attach them. If I need a file attached I will specifically request that.

Please consider and do this.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s).
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

iolo technologies' System Mechanic

  • Reboot your computer
===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can do this via Add/Remove Programs, or Programs and Features in the Control Panel.
 

AV: Emsisoft Anti-Malware
AV: AVG AntiVirus Free Edition 2015


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-792132873-3858574900-2171385532-1003\...\MountPoints2: {a8711f05-5627-11e1-8059-001b38b673e6} - H:\windows\Install\Install.exe
HKU\S-1-5-21-792132873-3858574900-2171385532-1003\...\MountPoints2: {ae85a741-9f79-11e3-9de5-001b38b673e6} - J:\autorun.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2007-06-08] (Google Inc.)
Toolbar: HKLM - CA Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
Toolbar: HKU\S-1-5-21-792132873-3858574900-2171385532-1003 -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2007-06-08] (Google Inc.)
Toolbar: HKU\S-1-5-21-792132873-3858574900-2171385532-1003 -> No Name - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
Toolbar: HKU\S-1-5-21-792132873-3858574900-2171385532-1003 -> CA Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
FF Extension: No Name - C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\Extensions\1443543445_xpi [2015-09-29]
FF HKLM\...\Firefox\Extensions: [caaphishtoolbar@ca.com] - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\Firefox => not found
FF Extension: No Name - C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\extensions\deskCutv2@gmail.com [not found]
FF Extension: No Name - C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\extensions\AVJYFVOD75109374@HCDE39471360.com [not found]
FF Extension: No Name - C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\extensions\defsearchp@gmail.com [not found]
FF Extension: No Name - C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [not found]
FF Extension: No Name - C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\extensions\f8783004-c434-4bd0-9f81-9a39dd64baaa@08ad07c4-3f21-451d-9045-9e0d5dc8aa9e.com [not found]
CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\olkoevi\AppData\Local\Temp\ccex.crx <not found>
CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path\update_url>
S2 helpsvc; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [X]
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
U3 ay78frd9; C:\Windows\system32\Drivers\ay78frd9.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S0 BMLoad; system32\drivers\BMLoad.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 TpChoice; system32\DRIVERS\TpChoice.sys [X]
2015-10-01 11:32 - 2015-10-01 11:33 - 00000000 ____D C:\bd59e71be2ae4bc70bf4ab2cc55e
2015-10-01 06:35 - 2015-10-01 06:36 - 00000000 ____D C:\90695743dc1ec61cf4
2015-09-29 09:21 - 2015-09-30 15:01 - 00000000 ____D C:\Program Files\GoHD
2015-09-29 09:20 - 2015-09-29 09:20 - 00000000 ____D C:\Users\olkoevi\AppData\Local\MyBrowser
2015-09-29 09:07 - 2015-09-30 15:28 - 00000000 ____D C:\Users\olkoevi\AppData\Local\03E83C81-1443517651-DC11-BC06-001B38B673E6
2015-09-29 09:06 - 2015-09-30 15:01 - 00000000 ____D C:\Program Files\03E83C81-1443542793-DC11-BC06-001B38B673E6
Task: {32D94140-921F-4A26-ADD5-C5E0C2BF565F} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {9B241FBB-1EFF-471A-9221-A007AD4B876B} - System32\Tasks\Advanced System~Protector_startup => C:\Program Files\ASP\AdvancedSystemProtector.exe <==== ATTENTION
Task: {9FF4D9D3-6976-4CFD-905E-683699AD457B} - System32\Tasks\4942 => Wscript.exe C:\Users\olkoevi\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {AF70A93C-E68D-4467-B80D-598D9808C1B3} - \RealPlayer (32-bit) -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:ECF54A0E
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 haterms

haterms
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 07 October 2015 - 12:11 PM

Hi Gary,

 

My system is getting quite stable, no crash the whole day in "normal mode".

 

But, I am sure that I do not have a clean installation.

 

bcdedit reports show dirty installation, screwed up boot section. I still see two OS, and bcdedit /set does not work:

 

Microsoft Windows [Version 6.0.6002]
Copyright © 2006 Microsoft Corporation.  All rights reserved.

C:\Users\olkoevi>bcdedit

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  unknown
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {8ca738da-1635-11dc-b056-0016d498088e}
displayorder            {ebffed5d-6b3b-11e5-8252-e5079a574609}
                        {current}
toolsdisplayorder       {572bcd56-ffa7-11d9-aae0-0007e994107d}
                        {memdiag}
timeout                 30
resume                  No
customactions           0x1000000720001
                        0x54000001
custom:54000001         {572bcd56-ffa7-11d9-aae0-0007e994107d}

Windows Boot Loader
-------------------
identifier              {ebffed5d-6b3b-11e5-8252-e5079a574609}
device                  unknown
path                    \Windows\system32\winload.exe
description             Windows Vista ™ Home Basic (recovered)
osdevice                unknown
systemroot              \Windows

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows Vista ™ Home Basic (recovered)
osdevice                partition=C:
systemroot              \Windows
resumeobject            {46334889-6b3b-11e5-8e43-806e6f6e6963}

C:\Users\olkoevi>bcdedit /set
The set command specified is not valid.
Run "bcdedit /?" for command line assistance.

C:\Users\olkoevi>bootcfg
ERROR: Cannot open BOOT.INI file.

C:\Users\olkoevi>bcdedit /enum

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  unknown
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {8ca738da-1635-11dc-b056-0016d498088e}
displayorder            {ebffed5d-6b3b-11e5-8252-e5079a574609}
                        {current}
toolsdisplayorder       {572bcd56-ffa7-11d9-aae0-0007e994107d}
                        {memdiag}
timeout                 30
resume                  No
customactions           0x1000000720001
                        0x54000001
custom:54000001         {572bcd56-ffa7-11d9-aae0-0007e994107d}

Windows Boot Loader
-------------------
identifier              {ebffed5d-6b3b-11e5-8252-e5079a574609}
device                  unknown
path                    \Windows\system32\winload.exe
description             Windows Vista ™ Home Basic (recovered)
osdevice                unknown
systemroot              \Windows

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows Vista ™ Home Basic (recovered)
osdevice                partition=C:
systemroot              \Windows
resumeobject            {46334889-6b3b-11e5-8e43-806e6f6e6963}

C:\Users\olkoevi>

 

Regards,

 

Zoltan



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:52 AM

Posted 07 October 2015 - 01:56 PM

Hi Zoltan,

Thanks for the update. We will look at the BCD in a bit.

Please do these things.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 haterms

haterms
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 07 October 2015 - 02:12 PM

Hi Gary,

 

Have many thanks. I will follow your instructions:  get rid of ilo System mechanics, thoigh I purchased it a short while ago, based on a recommendation, remore uTorrent, which was installed 8 years ago.

Tomorrow of my time, I will run the script to, and I send you the files.

 

Can you make a recommendation which AV program should I keep, respectively, if you suggest another program ?

 

I guess I understood everything, just one question:

 

How would you like the info on computer performance ? - Just my impression, or via a tool, or benchmark.

 

By the way, my laptop's speed, and stabiliy is back to "normal". I only discover some anomalies, such as some command do not work fully (bcdedit /set e.g.), or startup window, and bcdedit show two OS.

 

Regards,

 

Zoltan

 

 

 

 



#11 haterms

haterms
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 07 October 2015 - 02:26 PM

Gary,

 

I just got an issue: "appwiz.cpl" does not work in command window; it does not give any message, just not doing anything,

I uninstalled the programs in "Control Panel".

 

Zoltan



#12 haterms

haterms
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 07 October 2015 - 02:57 PM

Gary, I just got the results from Farbar. I expected a much longer run.

 

I also got a "Addition.txt", since you did not ask for this, I just paste the log file.

 

I'll do the other things tomorrow.

 

Bye now,

 

Zoltan

 

Fix result of Farbar Recovery Scan Tool (x86) Version:04-10-2015
Ran by olkoevi (2015-10-07 12:42:12) Run:1
Running from C:\Users\olkoevi\Desktop
Loaded Profiles: olkoevi (Available Profiles: olkoevi)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKU\S-1-5-21-792132873-3858574900-2171385532-1003\...\MountPoints2: {a8711f05-5627-11e1-8059-001b38b673e6} - H:\windows\Install\Install.exe
HKU\S-1-5-21-792132873-3858574900-2171385532-1003\...\MountPoints2: {ae85a741-9f79-11e3-9de5-001b38b673e6} - J:\autorun.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM -
&Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2007-06-08] (Google Inc.)
Toolbar: HKLM - CA Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
Toolbar: HKU\S-1-5-21-792132873-3858574900-2171385532-1003 -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2007-06-08] (Google Inc.)
Toolbar: HKU\S-1-5-21-792132873-3858574900-2171385532-1003 -> No Name - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
Toolbar: HKU\S-1-5-21-792132873-3858574900-2171385532-1003 -> CA Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
FF Extension: No Name - C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\Extensions\1443543445_xpi [2015-09-29]
FF HKLM\...\Firefox\Extensions: [caaphishtoolbar@ca.com] - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\Firefox => not found
FF Extension: No Name -
C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\extensions\deskCutv2@gmail.com [not found]
FF Extension: No Name - C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\extensions\AVJYFVOD75109374@HCDE39471360.com [not found]
FF Extension: No Name - C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\extensions\defsearchp@gmail.com [not found]
FF Extension: No Name - C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [not found]
FF Extension: No Name - C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\extensions\f8783004-c434-4bd0-9f81-9a39dd64baaa@08ad07c4-3f21-451d-9045-9e0d5dc8aa9e.com [not found]
CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\olkoevi\AppData\Local\Temp\ccex.crx <not found>
CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] -
<no Path\update_url>
CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path\update_url>
S2 helpsvc; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [X]
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
U3 ay78frd9; C:\Windows\system32\Drivers\ay78frd9.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S0 BMLoad; system32\drivers\BMLoad.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 TpChoice; system32\DRIVERS\TpChoice.sys [X]
2015-10-01 11:32 - 2015-10-01 11:33 - 00000000 ____D C:\bd59e71be2ae4bc70bf4ab2cc55e
2015-10-01 06:35 - 2015-10-01 06:36 - 00000000 ____D C:\90695743dc1ec61cf4
2015-09-29 09:21 - 2015-09-30 15:01 - 00000000 ____D C:\Program
Files\GoHD
2015-09-29 09:20 - 2015-09-29 09:20 - 00000000 ____D C:\Users\olkoevi\AppData\Local\MyBrowser
2015-09-29 09:07 - 2015-09-30 15:28 - 00000000 ____D C:\Users\olkoevi\AppData\Local\03E83C81-1443517651-DC11-BC06-001B38B673E6
2015-09-29 09:06 - 2015-09-30 15:01 - 00000000 ____D C:\Program Files\03E83C81-1443542793-DC11-BC06-001B38B673E6
Task: {32D94140-921F-4A26-ADD5-C5E0C2BF565F} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {9B241FBB-1EFF-471A-9221-A007AD4B876B} - System32\Tasks\Advanced System~Protector_startup => C:\Program Files\ASP\AdvancedSystemProtector.exe <==== ATTENTION
Task: {9FF4D9D3-6976-4CFD-905E-683699AD457B} - System32\Tasks\4942 => Wscript.exe C:\Users\olkoevi\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {AF70A93C-E68D-4467-B80D-598D9808C1B3} - \RealPlayer (32-bit) -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:ECF54A0E

*****************

"HKU\S-1-5-21-792132873-3858574900-2171385532-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8711f05-5627-11e1-8059-001b38b673e6}" => key removed successfully.
HKCR\CLSID\{a8711f05-5627-11e1-8059-001b38b673e6} => key not found.
"HKU\S-1-5-21-792132873-3858574900-2171385532-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae85a741-9f79-11e3-9de5-001b38b673e6}" => key removed successfully.
HKCR\CLSID\{ae85a741-9f79-11e3-9de5-001b38b673e6} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\Toolbar: HKLM - => value not found.
HKCR\CLSID\Toolbar: HKLM - => key not found.
&Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2007-06-08] (Google Inc.) => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => value removed successfully.
"HKCR\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5}" => key removed successfully.
HKU\S-1-5-21-792132873-3858574900-2171385532-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => key removed successfully.
HKU\S-1-5-21-792132873-3858574900-2171385532-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} => value removed successfully.
HKCR\CLSID\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} => key not found.
HKU\S-1-5-21-792132873-3858574900-2171385532-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => value removed successfully.
HKCR\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => key not found.
C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\Extensions\1443543445_xpi => moved successfully
HKLM\Software\Mozilla\Firefox\Extensions\\caaphishtoolbar@ca.com => value removed successfully.
FF Extension: No Name - => not found.
"C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\extensions\deskCutv2@gmail.com [not found]" => File/Folder not found.
C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\extensions\AVJYFVOD75109374@HCDE39471360.com => path removed successfully.
C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\extensions\defsearchp@gmail.com => path removed successfully.
C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com => path removed successfully.
C:\Users\olkoevi\AppData\Roaming\Mozilla\Firefox\Profiles\u2u6944r.default\extensions\f8783004-c434-4bd0-9f81-9a39dd64baaa@08ad07c4-3f21-451d-9045-9e0d5dc8aa9e.com => path removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj" => key removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - => key not found.
<no Path\update_url> => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh" => key removed successfully.
helpsvc => service removed successfully.
rpcapd => service removed successfully.
ay78frd9 => service not found.
blbdrive => service removed successfully.
BMLoad => service removed successfully.
IpInIp => service removed successfully.
MBAMSwissArmy => service removed successfully.
NwlnkFlt => service removed successfully.
NwlnkFwd => service removed successfully.
TpChoice => service removed successfully.
C:\bd59e71be2ae4bc70bf4ab2cc55e => moved successfully
C:\90695743dc1ec61cf4 => moved successfully
"C:\Program" => File/Folder not found.
Files\GoHD => Error: No automatic fix found for this entry.
C:\Users\olkoevi\AppData\Local\MyBrowser => moved successfully
C:\Users\olkoevi\AppData\Local\03E83C81-1443517651-DC11-BC06-001B38B673E6 => moved successfully
C:\Program Files\03E83C81-1443542793-DC11-BC06-001B38B673E6 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32D94140-921F-4A26-ADD5-C5E0C2BF565F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32D94140-921F-4A26-ADD5-C5E0C2BF565F}" => key removed successfully.
C:\Windows\System32\Tasks\0 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B241FBB-1EFF-471A-9221-A007AD4B876B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B241FBB-1EFF-471A-9221-A007AD4B876B}" => key removed successfully.
C:\Windows\System32\Tasks\Advanced System~Protector_startup => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System~Protector_startup => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FF4D9D3-6976-4CFD-905E-683699AD457B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FF4D9D3-6976-4CFD-905E-683699AD457B}" => key removed successfully.
C:\Windows\System32\Tasks\4942 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4942" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF70A93C-E68D-4467-B80D-598D9808C1B3}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF70A93C-E68D-4467-B80D-598D9808C1B3}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayer (32-bit) => key not found.
C:\ProgramData\TEMP => ":ECF54A0E" ADS removed successfully..

==== End of Fixlog 12:42:43 ====



#13 haterms

haterms
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 07 October 2015 - 04:20 PM

Gary, what should I do, Adwcleaner found plenty to clean up. I skimmed through, and unchecked the entries for AVG, left all the others checked, and clicked cleaning. I waited for almost two hours. The head of  Adwcleaner says "not responding". I cannot do anything, cannot kill the process. I cannot oipen the task manager. At this point, I am considering "shutdown", or the power switch.

What would you suggest now ? I am sending this message from another computer.

 

Zoltan



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:52 AM

Posted 07 October 2015 - 07:05 PM

Greetings,

BleepingComputer does not recommend the use of any programs, or portions of a program that cleans the registry. Major damage can be done if something is removed improperly. Feel free to reinstall it once we are done if you'd like. I would just like it out of the way for now while we clean your computer.

Either one of the Antivirus programs are fine. I don't have a recommendation either way.

Just your impression about the computer performance and thing you are noticing, like not being able to run appwiz.cpl. :)

Shut down your computer and attempt to run AdwCleaner again.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 haterms

haterms
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 08 October 2015 - 03:30 PM

Hi Gary,

 

I had some problems, Adwcleaner stopped a few times by cleaning up,but finished at the end. Eset could not install, tried a few times, - finally succeeded. The scan is still running. Eset already reported "Operating system is not up to date", suggesting to install available updates. I think, I have a problem with updater: it offers new updates, I download, they seem to install (I get the success message), but they do not show up in the update list. Then, the PC wants to download, and install them again, and again. The updates, which I installed a few days ago, disappeared. "appwiz.cpl" works now.

I'll send the log file to you by tomorrow.

 

Regards,

 

Zoltan






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users