Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need a fixlist for Windows Vista frst.txt file [Solved]


  • This topic is locked This topic is locked

#1
lwt_intl

lwt_intl

    Member

  • Member
  • PipPip
  • 11 posts

I need a fixlist for the following FRST.txt file:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014
Ran by Admin (administrator) on ADMIN-PC on 24-06-2014 12:04:49
Running from C:\Users\Admin\Desktop\FRST
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\WINDOWS\System32\audiodg.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\pcmax\pcmax.exe
(COMPANYVERS_NAME) C:\Program Files\SafePCRepair_89\bar\1.bin\89barsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
() C:\Program Files\002\yewimmxqbs32.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [155648 2006-11-20] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [DPService] => C:\Program Files\HP\DVDPlay\DPService.exe [90112 2007-12-18] (CyberLink Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [185896 2007-02-09] (RealNetworks, Inc.)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44136 2006-11-24] (soft thinks)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1952994113-3900846881-1584432544-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-1952994113-3900846881-1584432544-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1952994113-3900846881-1584432544-1000\...\MountPoints2: {bed45704-be43-11dd-b634-806e6f6e6963} - E:\Setup.exe
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\Program Files\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co., Ltd.)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
BootExecute: autocheck autochk * lsdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperba...codeID}&um={UM}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask...r={searchTerms}
SearchScopes: HKCU - {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
SearchScopes: HKCU - {B33F6A4E-9E23-419D-BA85-31F4D9B317DE} URL = http://feed.helperba...codeID}&um={UM}
SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask...r={searchTerms}
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
BHO: Yahooo Search Protection - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Search Assistant BHO - {5d13bf91-ea09-4ed8-9acd-c6bad32617b9} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Admin\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - SafePCRepair - {a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1} -  No File
Toolbar: HKCU - SafePCRepair - {A9D9EA68-5D09-43EF-A0C5-6F6A6F82A0E1} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default
FF DefaultSearchEngine: v9
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: v9
FF Homepage: hxxp://www.v9.com/?type=hppp&ts=1403615111&from=vtt&uid=ST3160812AS_5LSBR93GXXXX5LSBR93G&i=psd&t=3449eab49
FF Keyword.URL: hxxp://www.default-search.net/search?sid=492&aid=227&itype=a&ver=12791&tm=388&src=ds&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2629 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @SafePCRepair_89.com/Plugin - C:\Program Files\SafePCRepair_89\bar\1.bin\NP89Stub.dll (MindSpark)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\user.js
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\v9.xml
FF Extension: TopArcadeHits - C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} [2013-07-19]
FF Extension: Quick Start - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\Extensions\[email protected] [2014-06-18]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\extensions\[email protected]
FF Extension: Quick Start - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\extensions\[email protected] [2014-06-18]

========================== Services (Whitelisted) =================

S2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2007-08-06] (Symantec Corporation)
U2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2007-08-06] (Symantec Corporation)
S2 CLTNetCnService; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2007-08-06] (Symantec Corporation)
S2 DefaultTabUpdate; C:\Users\Admin\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-07-19] () [File not signed]
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [358984 2014-05-21] (Verizon)
S3 ioloService; C:\Program Files\SafePCRepair\ioloToolService.exe [2625800 2013-04-05] (iolo technologies, LLC)
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]
R2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [241344 2014-05-29] ()
R2 SafePCRepair_89Service; C:\Program Files\SafePCRepair_89\bar\1.bin\89barsvc.exe [42504 2013-07-19] (COMPANYVERS_NAME)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 yewimmxqbs32; C:\Program Files\002\yewimmxqbs32.exe [541696 2014-06-17] () [File not signed]
S4 Automatic LiveUpdate Scheduler; No ImagePath
S2 Lavasoft Ad-Aware Service; No ImagePath
S3 LiveUpdate; No ImagePath
S2 SmcService; No ImagePath
S3 SNAC; No ImagePath
S2 Symantec AntiVirus; No ImagePath
S2 WRConsumerService; No ImagePath

==================== Drivers (Whitelisted) ====================

S3 COH_Mon; C:\Windows\system32\Drivers\COH_Mon.sys [23888 2008-07-30] (Symantec Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-07-21] (GFI Software)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-08-12] (Lavasoft AB)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 SBRE; C:\Windows\system32\drivers\SBREDrv.sys [95024 2010-09-22] (Sunbelt Software)
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [418864 2007-07-31] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [250416 2007-08-14] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [277040 2007-08-14] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [25136 2007-08-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [136496 2010-08-26] (Symantec Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [27576 2007-01-09] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [191544 2007-01-09] (Symantec Corporation)
R1 SysPlant; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [87424 2007-09-07] (Symantec Corporation) [File not signed]
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [49024 2007-08-06] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [39808 2007-09-07] (Symantec Corporation)
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [161920 2010-06-02] (Symantec Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100921.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100921.003\NAVEX15.SYS [X]
S1 netfilter; system32\drivers\netfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 vsdatant; a [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-24 12:03 - 2014-06-24 12:04 - 00000000 ____D () C:\FRST
2014-06-24 12:02 - 2014-06-24 12:04 - 00000000 ____D () C:\Users\Admin\Desktop\FRST
2014-06-24 09:13 - 2014-06-24 09:13 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-06-24 09:13 - 2014-06-24 09:13 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-24 09:13 - 2014-06-24 09:13 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-24 09:13 - 2014-06-24 09:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-06-24 09:13 - 2014-06-24 09:13 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00353584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-06-24 09:13 - 2014-06-24 09:13 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-06-24 09:13 - 2014-06-24 09:13 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-24 09:13 - 2014-06-24 09:13 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-06-24 09:13 - 2014-06-24 09:13 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-24 09:13 - 2014-06-24 09:13 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-24 09:13 - 2014-06-24 09:13 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-06-24 09:13 - 2014-06-24 09:13 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-24 09:13 - 2014-06-24 09:13 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-24 09:04 - 2014-06-24 09:07 - 00000000 ____D () C:\Program Files\Linkey
2014-06-24 09:04 - 2014-06-24 09:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Settings Manager
2014-06-24 09:03 - 2014-06-24 09:03 - 02077392 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\IE11-Windows6.1.exe
2014-06-24 07:15 - 2014-06-24 09:17 - 00001734 _____ () C:\Windows\PFRO.log
2014-06-24 07:15 - 2014-06-24 07:16 - 00143848 _____ () C:\Windows\Minidump\Mini062414-01.dmp
2014-06-24 07:15 - 2014-06-24 07:15 - 167555679 _____ () C:\Windows\MEMORY.DMP
2014-06-24 07:13 - 2014-06-24 07:14 - 00000000 ____D () C:\Program Files\GUME0CD.tmp
2014-06-24 07:13 - 2014-06-24 07:13 - 06010880 _____ () C:\Program Files\GUTE0CE.tmp
2014-06-24 07:13 - 2014-06-24 07:13 - 00000000 ____D () C:\Users\Admin\AppData\Local\Apps\2.0
2014-06-24 06:39 - 2014-06-24 06:39 - 00000000 ____D () C:\Program Files\GUMD92E.tmp
2014-06-22 16:02 - 2014-06-24 09:15 - 00005846 _____ () C:\Windows\IE9_main.log
2014-06-22 13:35 - 2014-06-24 11:24 - 00124944 _____ () C:\Windows\WindowsUpdate.log
2014-06-22 13:17 - 2014-06-22 13:17 - 00000810 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-22 13:17 - 2014-06-22 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-22 13:17 - 2014-06-22 13:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-22 13:16 - 2014-06-22 13:16 - 00000000 ____D () C:\Program Files\sweetpacks bundle uninstaller_CCleaner_1636641
2014-06-22 09:42 - 2014-06-22 13:12 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-06-22 09:42 - 2014-06-22 09:55 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3_triggeronce.job
2014-06-22 08:44 - 2014-06-24 11:36 - 00000000 ____D () C:\Users\Admin\Downloads\MS
2014-06-21 18:53 - 2014-06-21 18:53 - 00000000 ____D () C:\Users\Admin\Desktop\ProcessExplorer
2014-06-21 10:20 - 2012-08-09 10:48 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll
2014-06-21 10:20 - 2012-08-09 10:47 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
2014-06-21 10:20 - 2012-08-09 10:47 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
2014-06-21 10:20 - 2012-08-09 09:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2014-06-20 17:33 - 2014-06-20 17:33 - 00000846 _____ () C:\Users\Admin\Desktop\Free Window Registry Repair.lnk
2014-06-20 17:33 - 2014-06-20 17:33 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2014-06-20 17:15 - 2014-06-20 17:15 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\rightbackup
2014-06-20 16:18 - 2014-06-20 16:18 - 04814728 _____ (Support.com ) C:\Users\Admin\Downloads\ARO2014.exe
2014-06-19 19:39 - 2014-06-19 19:39 - 00000000 ____D () C:\ProgramData\2308189059
2014-06-19 19:31 - 2014-06-19 19:31 - 00000140 _____ () C:\Windows\system32\sper.dll
2014-06-19 19:30 - 2014-06-19 19:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SpeedUpPC
2014-06-19 19:16 - 2014-06-19 19:49 - 00000000 ____D () C:\ProgramData\TuneUp360
2014-06-19 19:16 - 2014-06-19 19:16 - 00062476 _____ () C:\Users\Admin\AppData\Roaming\userenv.xml
2014-06-19 19:16 - 2014-06-19 19:16 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\spotmau
2014-06-19 18:40 - 2014-06-19 18:40 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SpeedMaxPc
2014-06-19 18:39 - 2014-06-20 18:39 - 00000398 _____ () C:\Windows\Tasks\SpeedMaxPc Update3_triggeronce.job
2014-06-19 18:39 - 2014-06-19 19:14 - 00000000 ____D () C:\ProgramData\SpeedMaxPc
2014-06-19 18:09 - 2014-06-19 18:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-18 19:19 - 2014-06-18 19:19 - 00000000 ____D () C:\Users\Admin\Documents\PC Speed Maximizer
2014-06-18 19:14 - 2014-06-23 16:16 - 00000000 ____D () C:\Program Files\pcmax
2014-06-18 19:14 - 2014-06-22 08:16 - 00000354 _____ () C:\Windows\Tasks\At1.job
2014-06-18 19:10 - 2014-06-18 19:13 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-06-18 19:10 - 2014-06-18 19:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SupTab
2014-06-18 19:10 - 2014-06-18 19:10 - 00000000 ____D () C:\Program Files\SupTab
2014-06-18 18:53 - 2014-06-19 17:07 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-06-18 17:19 - 2014-06-18 17:19 - 00000687 _____ () C:\awhBAF5.tmp
2014-06-18 17:06 - 2014-06-18 17:06 - 00000687 _____ () C:\awh3590.tmp
2014-06-18 16:28 - 2014-06-18 16:28 - 00000000 ____D () C:\ProgramData\Uniblue
2014-06-17 18:44 - 2014-06-24 09:24 - 00000000 ____D () C:\temp
2014-06-17 18:44 - 2014-06-17 18:45 - 00000000 ____D () C:\Program Files\rrsavings
2014-06-17 18:42 - 2014-06-17 18:44 - 00000000 ____D () C:\Program Files\002
2014-06-15 02:46 - 2014-06-15 02:46 - 00108544 _____ () C:\Windows\system32\installd.exe
2014-06-11 07:25 - 2014-04-26 12:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 07:25 - 2014-04-04 22:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 07:25 - 2014-03-09 21:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 07:25 - 2014-03-09 21:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-04 18:36 - 2014-06-04 18:36 - 00000000 ____D () C:\Users\Admin\Documents\Blitz Media Player
2014-06-04 17:44 - 2014-06-05 15:40 - 00000000 ____D () C:\ProgramData\Fighters

==================== One Month Modified Files and Folders =======

2014-06-24 12:04 - 2014-06-24 12:03 - 00000000 ____D () C:\FRST
2014-06-24 12:04 - 2014-06-24 12:02 - 00000000 ____D () C:\Users\Admin\Desktop\FRST
2014-06-24 11:51 - 2013-10-12 08:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-24 11:36 - 2014-06-22 08:44 - 00000000 ____D () C:\Users\Admin\Downloads\MS
2014-06-24 11:24 - 2014-06-22 13:35 - 00124944 _____ () C:\Windows\WindowsUpdate.log
2014-06-24 11:21 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-24 11:19 - 2010-09-24 20:11 - 00387028 _____ () C:\aaw7boot.log
2014-06-24 11:19 - 2006-11-02 08:45 - 00003680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-24 11:19 - 2006-11-02 08:45 - 00003680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-24 11:17 - 2006-11-02 08:58 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-24 10:17 - 2013-07-19 13:16 - 00000264 _____ () C:\Windows\Tasks\TopArcadeHits.job
2014-06-24 09:39 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-06-24 09:24 - 2014-06-17 18:44 - 00000000 ____D () C:\temp
2014-06-24 09:17 - 2014-06-24 07:15 - 00001734 _____ () C:\Windows\PFRO.log
2014-06-24 09:15 - 2014-06-22 16:02 - 00005846 _____ () C:\Windows\IE9_main.log
2014-06-24 09:15 - 2006-11-02 07:18 - 00000000 ___RD () C:\Windows\Offline Web Pages
2014-06-24 09:13 - 2014-06-24 09:13 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-06-24 09:13 - 2014-06-24 09:13 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-24 09:13 - 2014-06-24 09:13 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-24 09:13 - 2014-06-24 09:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-06-24 09:13 - 2014-06-24 09:13 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00353584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-06-24 09:13 - 2014-06-24 09:13 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-06-24 09:13 - 2014-06-24 09:13 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-24 09:13 - 2014-06-24 09:13 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-06-24 09:13 - 2014-06-24 09:13 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-24 09:13 - 2014-06-24 09:13 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-24 09:13 - 2014-06-24 09:13 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-06-24 09:13 - 2014-06-24 09:13 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-06-24 09:13 - 2014-06-24 09:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-24 09:13 - 2014-06-24 09:13 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-24 09:13 - 2006-11-02 02:32 - 00008798 _____ () C:\Windows\system32\icrav03.rat
2014-06-24 09:13 - 2006-11-02 02:32 - 00001988 _____ () C:\Windows\system32\ticrf.rat
2014-06-24 09:07 - 2014-06-24 09:04 - 00000000 ____D () C:\Program Files\Linkey
2014-06-24 09:04 - 2014-06-24 09:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Settings Manager
2014-06-24 09:03 - 2014-06-24 09:03 - 02077392 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\IE11-Windows6.1.exe
2014-06-24 08:36 - 2010-09-06 08:24 - 00000000 ____D () C:\Program Files\Google
2014-06-24 08:26 - 2011-12-09 18:07 - 00591360 _____ () C:\Users\Admin\Documents\DomResStock.xls
2014-06-24 07:16 - 2014-06-24 07:15 - 00143848 _____ () C:\Windows\Minidump\Mini062414-01.dmp
2014-06-24 07:15 - 2014-06-24 07:15 - 167555679 _____ () C:\Windows\MEMORY.DMP
2014-06-24 07:15 - 2008-12-19 16:49 - 00000000 ____D () C:\Windows\Minidump
2014-06-24 07:14 - 2014-06-24 07:13 - 00000000 ____D () C:\Program Files\GUME0CD.tmp
2014-06-24 07:13 - 2014-06-24 07:13 - 06010880 _____ () C:\Program Files\GUTE0CE.tmp
2014-06-24 07:13 - 2014-06-24 07:13 - 00000000 ____D () C:\Users\Admin\AppData\Local\Apps\2.0
2014-06-24 06:39 - 2014-06-24 06:39 - 00000000 ____D () C:\Program Files\GUMD92E.tmp
2014-06-24 06:39 - 2010-09-06 12:31 - 00000000 ____D () C:\ProgramData\Google
2014-06-24 06:36 - 2013-10-12 08:08 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-24 06:36 - 2013-10-12 08:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-23 16:18 - 2013-08-23 04:48 - 00000940 _____ () C:\Users\Public\Desktop\Vz  In-Home Agent.lnk
2014-06-23 16:17 - 2014-03-16 14:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\HpUpdate
2014-06-23 16:16 - 2014-06-18 19:14 - 00000000 ____D () C:\Program Files\pcmax
2014-06-22 17:03 - 2010-10-23 07:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-22 16:14 - 2007-02-09 10:48 - 00000000 ____D () C:\Windows\Panther
2014-06-22 13:17 - 2014-06-22 13:17 - 00000810 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-22 13:17 - 2014-06-22 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-22 13:17 - 2014-06-22 13:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-22 13:16 - 2014-06-22 13:16 - 00000000 ____D () C:\Program Files\sweetpacks bundle uninstaller_CCleaner_1636641
2014-06-22 13:12 - 2014-06-22 09:42 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-06-22 09:55 - 2014-06-22 09:42 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3_triggeronce.job
2014-06-22 09:43 - 2013-07-19 12:45 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ParetoLogic
2014-06-22 08:16 - 2014-06-18 19:14 - 00000354 _____ () C:\Windows\Tasks\At1.job
2014-06-21 18:53 - 2014-06-21 18:53 - 00000000 ____D () C:\Users\Admin\Desktop\ProcessExplorer
2014-06-20 18:39 - 2014-06-19 18:39 - 00000398 _____ () C:\Windows\Tasks\SpeedMaxPc Update3_triggeronce.job
2014-06-20 18:11 - 2013-07-19 13:21 - 00000000 ____D () C:\Program Files\Free Window Registry Repair
2014-06-20 17:33 - 2014-06-20 17:33 - 00000846 _____ () C:\Users\Admin\Desktop\Free Window Registry Repair.lnk
2014-06-20 17:33 - 2014-06-20 17:33 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2014-06-20 17:33 - 2013-07-19 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2014-06-20 17:25 - 2013-07-21 10:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Systweak
2014-06-20 17:15 - 2014-06-20 17:15 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\rightbackup
2014-06-20 16:18 - 2014-06-20 16:18 - 04814728 _____ (Support.com ) C:\Users\Admin\Downloads\ARO2014.exe
2014-06-19 19:49 - 2014-06-19 19:16 - 00000000 ____D () C:\ProgramData\TuneUp360
2014-06-19 19:49 - 2014-02-02 11:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-19 19:39 - 2014-06-19 19:39 - 00000000 ____D () C:\ProgramData\2308189059
2014-06-19 19:34 - 2013-07-18 20:11 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-19 19:31 - 2014-06-19 19:31 - 00000140 _____ () C:\Windows\system32\sper.dll
2014-06-19 19:30 - 2014-06-19 19:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SpeedUpPC
2014-06-19 19:16 - 2014-06-19 19:16 - 00062476 _____ () C:\Users\Admin\AppData\Roaming\userenv.xml
2014-06-19 19:16 - 2014-06-19 19:16 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\spotmau
2014-06-19 19:15 - 2013-02-17 13:45 - 00000000 ____D () C:\Users\Admin\Desktop\JT
2014-06-19 19:15 - 2013-01-06 15:37 - 00000000 ____D () C:\Users\Admin\Desktop\Dani
2014-06-19 19:14 - 2014-06-19 18:39 - 00000000 ____D () C:\ProgramData\SpeedMaxPc
2014-06-19 18:40 - 2014-06-19 18:40 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SpeedMaxPc
2014-06-19 18:09 - 2014-06-19 18:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-19 17:48 - 2014-02-17 16:36 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-06-19 17:07 - 2014-06-18 18:53 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-06-18 19:19 - 2014-06-18 19:19 - 00000000 ____D () C:\Users\Admin\Documents\PC Speed Maximizer
2014-06-18 19:13 - 2014-06-18 19:10 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-06-18 19:10 - 2014-06-18 19:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SupTab
2014-06-18 19:10 - 2014-06-18 19:10 - 00000000 ____D () C:\Program Files\SupTab
2014-06-18 17:19 - 2014-06-18 17:19 - 00000687 _____ () C:\awhBAF5.tmp
2014-06-18 17:06 - 2014-06-18 17:06 - 00000687 _____ () C:\awh3590.tmp
2014-06-18 16:28 - 2014-06-18 16:28 - 00000000 ____D () C:\ProgramData\Uniblue
2014-06-17 21:02 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-17 18:45 - 2014-06-17 18:44 - 00000000 ____D () C:\Program Files\rrsavings
2014-06-17 18:44 - 2014-06-17 18:42 - 00000000 ____D () C:\Program Files\002
2014-06-16 08:05 - 2013-04-04 19:04 - 00000000 ____D () C:\Users\Admin\Desktop\lwt
2014-06-15 02:46 - 2014-06-15 02:46 - 00108544 _____ () C:\Windows\system32\installd.exe
2014-06-11 08:07 - 2013-07-11 18:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 07:29 - 2006-11-02 06:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-05 15:40 - 2014-06-04 17:44 - 00000000 ____D () C:\ProgramData\Fighters
2014-06-04 18:36 - 2014-06-04 18:36 - 00000000 ____D () C:\Users\Admin\Documents\Blitz Media Player

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-24 11:24

==================== End Of Log ============================

 

**** The Addition text begins here: ****

Additional scan result of Farbar Recovery Scan Tool (x86) Version:22-06-2014
Ran by Admin at 2014-06-24 12:06:00
Running from C:\Users\Admin\Desktop\FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DefaultTab (HKLM\...\DefaultTab) (Version: 2.2.8.0 - Search Results, LLC) <==== ATTENTION
DVD Play (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 2.4.4818 - Hewlett-Packard)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
Free Window Registry Repair (HKLM\...\Free Window Registry Repair) (Version:  - )
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4323.13 - PC-Doctor, Inc.)
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 1.00.0000 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 1.00.0000 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.00.0000 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP On-Screen Caps/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IHA_MessageCenter (HKLM\...\{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}) (Version: 1.8.17 - Verizon)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Isle Wars Pro 2.0 (HKLM\...\Isle Wars Pro Game_is1) (Version:  - Soleau Software, Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 6.5.0.17883 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.10.21853 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKCU\...\Juniper_Term_Services) (Version: 7.1.12.21827 - Juniper Networks)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LightScribe  1.4.136.1 (Version: 1.4.136.1 - http://www.lightscribe.com) Hidden
LiveUpdate (Symantec Corporation) (HKLM\...\PsuedoLiveUpdate) (Version: 3.5.0.64 - Symantec Corporation)
LiveUpdate (Symantec Corporation) (Version: 3.5.0.64 - Symantec Corporation) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Move Networks Media Player for Internet Explorer (HKCU\...\Move Networks Player - IE) (Version:  - )
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent hpdesktop Master Uninstall) (Version: HPCMPQ1601 - WildTangent)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PyScripter 2.5.3 (HKLM\...\PyScripter_is1) (Version: 2.5.3 - PyScripter)
Python 2.4.3 (HKLM\...\{75E71ADD-042C-4F30-BFAC-A9EC42351313}) (Version: 2.4.3150 - Martin v. Löwis)
Python 2.7 xlrd-0.7.9 (HKCU\...\xlrd-py2.7) (Version:  - )
Python 2.7.3 (HKLM\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
Redist (HKLM\...\{0F052922-4BCE-4763-A540-00857554336D}) (Version: 3.00.0000 - Verizon)
Rhapsody (HKLM\...\Rhapsody) (Version:  - )
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}) (Version: 9.0.095 - Roxio, Inc.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
soapUI 4.5.1 4.5.1 (HKLM\...\5517-2803-0637-4585) (Version: 4.5.1 - SmartBear Software)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
TopArcadeHits (HKCU\...\{C1C3E833-420E-4D78-9BA7-86AEBB272384}) (Version:  - TopArcadeHits)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Verizon Activation (HKLM\...\{92125850-CE9E-405F-8DC7-774DC36AE76C}_is1) (Version:  - Verizon)
Verizon Media Manager (HKLM\...\Verizon Media Manager) (Version: 9.4.94 - Verizon)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.59.0 - Verizon)
Webroot Software (HKLM\...\Webroot Software) (Version: 7.0.4.102 - Webroot Software, Inc.)
Webroot Software (Version: 7.0.4.102 - Webroot Software, Inc.) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )

==================== Restore Points  =========================

11-06-2014 10:26:55 Windows Update
11-06-2014 11:26:37 Windows Update
17-06-2014 19:34:15 Windows Update
17-06-2014 22:45:21 Removed Driver Support.
18-06-2014 00:59:02 Removed Driver Support.
18-06-2014 23:29:18 Removed Muvic Smartbar
20-06-2014 17:35:55 ARO 2013 - Before Installation
20-06-2014 17:37:48 ARO 2014 - FIRST RUN
20-06-2014 17:49:24 ARO 2014 Fri, Jun 20, 14  13:49
20-06-2014 20:19:40 ARO 2013 - Before Installation
20-06-2014 20:21:09 ARO 2014 - FIRST RUN
20-06-2014 20:24:03 ARO 2014 Fri, Jun 20, 14  16:24
20-06-2014 20:38:47 Windows Update
20-06-2014 21:02:48 ARO 2014 Fri, Jun 20, 14  17:02
21-06-2014 13:56:18 ARO 2013 - Before Installation
21-06-2014 13:58:28 ARO 2014 - FIRST RUN
21-06-2014 14:00:38 ARO 2014 Sat, Jun 21, 14  10:00
21-06-2014 14:19:49 Windows Update
21-06-2014 21:35:50 Installed Microsoft Fix it 50778
21-06-2014 21:37:24 Installed Microsoft Fix it 50778
22-06-2014 12:24:32 Windows Modules Installer
22-06-2014 12:44:24 Installed Microsoft Fix it 50778
22-06-2014 20:02:06 Windows Update
22-06-2014 20:47:41 Windows Modules Installer
24-06-2014 13:11:54 Windows Modules Installer

==================== Hosts content: ==========================

2006-11-02 06:23 - 2011-05-13 07:14 - 00434037 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {419A1959-ECBB-456B-B9E7-9E572AB954FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-24] (Adobe Systems Incorporated)
Task: {49971736-AF2D-4F50-ABD8-6EBE4A2B8842} - System32\Tasks\At1 => c:\Program Files\pcmax\service.exe [2014-05-29] () <==== ATTENTION
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {647DCC63-D0B8-400B-823E-C20E0E6B8ABE} - System32\Tasks\TopArcadeHits => C:\Users\Admin\AppData\Local\TopArcadeHits\updater.exe [2014-01-20] ()
Task: {6A7583FE-6092-43DC-BB72-DFA04BE72201} - System32\Tasks\HP online update program => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2011-10-28] (Hewlett-Packard)
Task: {71D55C2E-D780-4F6B-8364-C2E63586816E} - \LyricsSing Update No Task File <==== ATTENTION
Task: {7B104647-7288-477D-80FD-873B21E945CE} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {8A07DF50-099A-4701-84E6-8788ABED83C4} - System32\Tasks\SpeedMaxPc Update3_triggeronce => c:\program files\common files\speedmaxpc\uus3\Update3.exe
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {98AAE6F2-C750-478F-9ACD-8FF5564938E5} - System32\Tasks\ParetoLogic Update Version3_triggeronce => c:\program files\common files\paretologic\uus3\Pareto_Update3.exe
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {9F3D9720-21B6-4A77-941C-F6C21CA2E7DA} - System32\Tasks\Microsoft\Windows\RestartManager\{15BEA94A-320A-4d42-9B61-5FB967A9FBE8} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {A33B05AB-A061-4150-ABC7-3B4C67861DA7} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {A5F722A4-051D-4F02-8A5A-9B37BC9433B2} - System32\Tasks\InstallShield Software online update program => C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-02-16] (InstallShield Software Corporation)
Task: {BB0CAA25-07DF-4F8A-BA56-428C304C0F31} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {BDD38020-19C2-4B76-B619-0E3EFD5C2150} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {C6E24925-7FC2-4F63-9F40-2F5FA9675D2D} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {C82E09C3-63EF-4908-BD2A-D280308FEE37} - System32\Tasks\SpeedUpPC_LogOn => C:\Program Files\SpeedUpPC Pro\SpeedUpPC
Task: {DB06B8CE-0624-4A2E-9DC5-EF32669DAB2A} - System32\Tasks\Real Player online update program => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-02-09] (RealNetworks, Inc.)
Task: {DF492869-C848-4132-8B27-D1D19D2674E1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {EC5F1A1F-1AD2-4B1A-B195-70ABC57350BB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {F5B4A899-DDD3-4574-B8EC-0C5405866F4F} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\At1.job => c:\Program Files\pcmax\service.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3_triggeronce.job => c:\program files\common files\paretologic\uus3\Pareto_Update3.exe
Task: C:\Windows\Tasks\SpeedMaxPc Update3_triggeronce.job => c:\program files\common files\speedmaxpc\uus3\Update3.exe
Task: C:\Windows\Tasks\TopArcadeHits.job => C:\Users\Admin\AppData\Local\TopArcadeHits\updater.exe

==================== Loaded Modules (whitelisted) =============

2014-05-29 07:16 - 2014-05-29 07:16 - 00241344 _____ () C:\Program Files\pcmax\pcmax.exe
2014-06-17 18:44 - 2014-06-17 18:44 - 00541696 _____ () C:\Program Files\002\yewimmxqbs32.exe
2014-06-19 18:09 - 2014-06-19 18:09 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:B63300D1

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRConsumerService => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: ccApp => "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
MSCONFIG\startupreg: pcreg => C:\Program Files\pcmax\service.exe
MSCONFIG\startupreg: SafePCRepair Search Scope Monitor => "C:\PROGRA~1\SAFEPC~2\bar\1.bin\89srchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: Windows Defender => C:\Program Files\Windows Defender\MSASCui.exe -hide

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/24/2014 11:51:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16555, time stamp 0x53860f63, faulting module SpAPPSv32.dll, version 1.0.3.265, time stamp 0x536854bd, exception code 0xc0000005, fault offset 0x0000fa00,
process id 0x10b4, application start time 0xiexplore.exe0.

Error: (06/24/2014 11:47:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16555, time stamp 0x53860f63, faulting module SpAPPSv32.dll, version 1.0.3.265, time stamp 0x536854bd, exception code 0xc0000005, fault offset 0x0000fa00,
process id 0x99c, application start time 0xiexplore.exe0.

Error: (06/24/2014 11:47:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16555, time stamp 0x53860f63, faulting module SpAPPSv32.dll, version 1.0.3.265, time stamp 0x536854bd, exception code 0xc0000005, fault offset 0x0000fa00,
process id 0x11d8, application start time 0xiexplore.exe0.

Error: (06/24/2014 11:38:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16555, time stamp 0x53860f63, faulting module SpAPPSv32.dll, version 1.0.3.265, time stamp 0x536854bd, exception code 0xc0000005, fault offset 0x0000fa00,
process id 0x1340, application start time 0xiexplore.exe0.

Error: (06/24/2014 11:34:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16555, time stamp 0x53860f63, faulting module SpAPPSv32.dll, version 1.0.3.265, time stamp 0x536854bd, exception code 0xc0000005, fault offset 0x0000fa00,
process id 0x1720, application start time 0xiexplore.exe0.

Error: (06/24/2014 11:34:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16555, time stamp 0x53860f63, faulting module SpAPPSv32.dll, version 1.0.3.265, time stamp 0x536854bd, exception code 0xc0000005, fault offset 0x0000fa00,
process id 0x8e0, application start time 0xiexplore.exe0.

Error: (06/24/2014 11:34:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16555, time stamp 0x53860f63, faulting module SpAPPSv32.dll, version 1.0.3.265, time stamp 0x536854bd, exception code 0xc0000005, fault offset 0x0000fa00,
process id 0x1704, application start time 0xiexplore.exe0.

Error: (06/24/2014 11:22:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16555, time stamp 0x53860f63, faulting module SpAPPSv32.dll, version 1.0.3.265, time stamp 0x536854bd, exception code 0xc0000005, fault offset 0x0000fa00,
process id 0xb44, application start time 0xiexplore.exe0.

Error: (06/24/2014 11:17:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 30.0.0.5269 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: d28
Start Time: 01cf8fb52ab4ca61
Termination Time: 148

Error: (06/24/2014 10:50:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16555, time stamp 0x53860f63, faulting module SpAPPSv32.dll, version 1.0.3.265, time stamp 0x536854bd, exception code 0xc0000005, fault offset 0x0000fa00,
process id 0xd8c, application start time 0xiexplore.exe0.


System errors:
=============
Error: (06/24/2014 11:29:30 AM) (Source: RasMan) (EventID: 20063) (User: )
Description: Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. The specified module could not be found.

Error: (06/24/2014 11:29:30 AM) (Source: RemoteAccess) (EventID: 20151) (User: )
Description: The Control Protocol EAP in the Point to Point Protocol module C:\Windows\System32\rasppp.dll returned an error while initializing. The specified module could not be found.

Error: (06/24/2014 11:29:30 AM) (Source: RemoteAccess) (EventID: 20070) (User: )
Description: Point to Point Protocol engine was unable to load the C:\Program Files\Symantec\Symantec Endpoint Protection\SymRasMan.dll module. The specified module could not be found.

Error: (06/24/2014 11:29:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Remote Access Connection Manager%%126

Error: (06/24/2014 11:29:29 AM) (Source: RasMan) (EventID: 20063) (User: )
Description: Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. The specified module could not be found.

Error: (06/24/2014 11:29:29 AM) (Source: RemoteAccess) (EventID: 20151) (User: )
Description: The Control Protocol EAP in the Point to Point Protocol module C:\Windows\System32\rasppp.dll returned an error while initializing. The specified module could not be found.

Error: (06/24/2014 11:29:29 AM) (Source: RemoteAccess) (EventID: 20070) (User: )
Description: Point to Point Protocol engine was unable to load the C:\Program Files\Symantec\Symantec Endpoint Protection\SymRasMan.dll module. The specified module could not be found.

Error: (06/24/2014 11:29:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Remote Access Connection Manager%%126

Error: (06/24/2014 11:29:28 AM) (Source: RasMan) (EventID: 20063) (User: )
Description: Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. The specified module could not be found.

Error: (06/24/2014 11:29:28 AM) (Source: RemoteAccess) (EventID: 20151) (User: )
Description: The Control Protocol EAP in the Point to Point Protocol module C:\Windows\System32\rasppp.dll returned an error while initializing. The specified module could not be found.


Microsoft Office Sessions:
=========================
Error: (06/24/2014 11:51:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1655553860f63SpAPPSv32.dll1.0.3.265536854bdc00000050000fa0010b401cf8fc42f2a261d

Error: (06/24/2014 11:47:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1655553860f63SpAPPSv32.dll1.0.3.265536854bdc00000050000fa0099c01cf8fc39559ce5d

Error: (06/24/2014 11:47:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1655553860f63SpAPPSv32.dll1.0.3.265536854bdc00000050000fa0011d801cf8fc395a398fd

Error: (06/24/2014 11:38:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1655553860f63SpAPPSv32.dll1.0.3.265536854bdc00000050000fa00134001cf8fc247c51bad

Error: (06/24/2014 11:34:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1655553860f63SpAPPSv32.dll1.0.3.265536854bdc00000050000fa00172001cf8fc1da30a5fd

Error: (06/24/2014 11:34:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1655553860f63SpAPPSv32.dll1.0.3.265536854bdc00000050000fa008e001cf8fc1d3d93c3d

Error: (06/24/2014 11:34:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1655553860f63SpAPPSv32.dll1.0.3.265536854bdc00000050000fa00170401cf8fc1bf9d8c3d

Error: (06/24/2014 11:22:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1655553860f63SpAPPSv32.dll1.0.3.265536854bdc00000050000fa00b4401cf8fc0160e3fdd

Error: (06/24/2014 11:17:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe30.0.0.5269d2801cf8fb52ab4ca61148

Error: (06/24/2014 10:50:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1655553860f63SpAPPSv32.dll1.0.3.265536854bdc00000050000fa00d8c01cf8fbb98ed9741


CodeIntegrity Errors:
===================================
  Date: 2014-06-24 11:19:46.435
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-24 09:18:29.989
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-24 07:16:21.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-24 06:31:07.348
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-23 16:08:35.640
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-22 16:54:25.785
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-22 16:12:16.781
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-22 12:25:19.288
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-22 09:53:36.613
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-22 08:50:54.939
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 89%
Total physical RAM: 1014.64 MB
Available physical RAM: 108.75 MB
Total Pagefile: 2291.6 MB
Available Pagefile: 1290.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1875.31 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:141.96 GB) (Free:88.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:7.09 GB) (Free:0.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP OJ8600) (CDROM) (Total:0.6 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=142 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

Advertisements


#2
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :)

I am Pyxis and I will be assisting you with the problem at hand. Whilst I am taking the time to analyse your set of provided logs, I would like to stress the following reminders:
  • I am a student that is currently undergoing training. As such, my responses have to be checked by a professional before I present them to you to ensure you get the best quality help. If you deem I have overlooked your thread, which is in a matter of more than 24 hours, please send me a PM and I will get back to you shortly.
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. It is important that you only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
I hope you keep in mind these reminders. I will be right back with a full response! :thumbsup:

Thank you.
  • 0

#3
lwt_intl

lwt_intl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hello Pyxis,

Sorry for this reply, but I did not know about the installation part.  As such, I have generated 2 new files and I will leave my fingers off the downloads until we get this completed.  I will wait until you get something for me.  Thanks for your help.

Lynn

My latest FRST.txt, generated 6/27:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014
Ran by Admin (administrator) on ADMIN-PC on 27-06-2014 08:56:55
Running from C:\Users\Admin\Desktop\FRST
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\WINDOWS\System32\audiodg.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\pcmax\pcmax.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(COMPANYVERS_NAME) C:\Program Files\SafePCRepair_89\bar\1.bin\89barsvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
() C:\Program Files\002\yewimmxqbs32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealUpgrade\realupgrade.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [155648 2006-11-20] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [DPService] => C:\Program Files\HP\DVDPlay\DPService.exe [90112 2007-12-18] (CyberLink Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-06-26] (RealNetworks, Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44136 2006-11-24] (soft thinks)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1952994113-3900846881-1584432544-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-1952994113-3900846881-1584432544-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-1952994113-3900846881-1584432544-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1952994113-3900846881-1584432544-1000\...\MountPoints2: {bed45704-be43-11dd-b634-806e6f6e6963} - E:\Setup.exe
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\Program Files\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co., Ltd.)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
BootExecute: autocheck autochk * lsdeletesdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperba...codeID}&um={UM}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask...r={searchTerms}
SearchScopes: HKCU - {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
SearchScopes: HKCU - {B33F6A4E-9E23-419D-BA85-31F4D9B317DE} URL = http://feed.helperba...codeID}&um={UM}
SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask...r={searchTerms}
BHO: No Name - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -  No File
BHO: Yahooo Search Protection - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: Search Assistant BHO - {5d13bf91-ea09-4ed8-9acd-c6bad32617b9} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Admin\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - SafePCRepair - {a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1} -  No File
Toolbar: HKCU - SafePCRepair - {A9D9EA68-5D09-43EF-A0C5-6F6A6F82A0E1} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default
FF DefaultSearchEngine: v9
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: v9
FF Homepage: hxxp://www.v9.com/?type=hppp&ts=1403812266&from=vtt&uid=ST3160812AS_5LSBR93GXXXX5LSBR93G&i=psd&t=344bcc0a7
FF Keyword.URL: hxxp://www.default-search.net/search?sid=492&aid=227&itype=a&ver=12791&tm=388&src=ds&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @SafePCRepair_89.com/Plugin - C:\Program Files\SafePCRepair_89\bar\1.bin\NP89Stub.dll (MindSpark)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\user.js
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\v9.xml
FF Extension: TopArcadeHits - C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} [2013-07-19]
FF Extension: Quick Start - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\Extensions\[email protected] [2014-06-18]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\extensions\[email protected]
FF Extension: Quick Start - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\extensions\[email protected] [2014-06-18]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-26]

========================== Services (Whitelisted) =================

S2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2007-08-06] (Symantec Corporation)
U2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2007-08-06] (Symantec Corporation)
S2 CLTNetCnService; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2007-08-06] (Symantec Corporation)
S2 DefaultTabUpdate; C:\Users\Admin\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-07-19] () [File not signed]
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [358984 2014-05-21] (Verizon)
S3 ioloService; C:\Program Files\SafePCRepair\ioloToolService.exe [2625800 2013-04-05] (iolo technologies, LLC)
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]
R2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [241344 2014-05-29] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SafePCRepair_89Service; C:\Program Files\SafePCRepair_89\bar\1.bin\89barsvc.exe [42504 2013-07-19] (COMPANYVERS_NAME)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 yewimmxqbs32; C:\Program Files\002\yewimmxqbs32.exe [541696 2014-06-17] () [File not signed]
S4 Automatic LiveUpdate Scheduler; No ImagePath
S2 Lavasoft Ad-Aware Service; No ImagePath
S3 LiveUpdate; No ImagePath
S2 SmcService; No ImagePath
S3 SNAC; No ImagePath
S2 Symantec AntiVirus; No ImagePath
S2 WRConsumerService; No ImagePath

==================== Drivers (Whitelisted) ====================

S3 COH_Mon; C:\Windows\system32\Drivers\COH_Mon.sys [23888 2008-07-30] (Symantec Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-07-21] (GFI Software)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-08-12] (Lavasoft AB)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 SBRE; C:\Windows\system32\drivers\SBREDrv.sys [95024 2010-09-22] (Sunbelt Software)
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [418864 2007-07-31] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [250416 2007-08-14] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [277040 2007-08-14] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [25136 2007-08-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [136496 2010-08-26] (Symantec Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [27576 2007-01-09] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [191544 2007-01-09] (Symantec Corporation)
R1 SysPlant; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [87424 2007-09-07] (Symantec Corporation) [File not signed]
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [49024 2007-08-06] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [39808 2007-09-07] (Symantec Corporation)
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [161920 2010-06-02] (Symantec Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100921.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100921.003\NAVEX15.SYS [X]
S1 netfilter; system32\drivers\netfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 vsdatant; a [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-27 08:37 - 2014-06-27 08:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-27 08:37 - 2014-06-27 08:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-27 08:37 - 2014-06-27 08:37 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-27 08:37 - 2014-06-27 08:37 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-06-27 08:37 - 2014-06-27 08:37 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-06-27 08:36 - 2014-06-27 08:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-27 08:36 - 2014-06-27 08:36 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-27 08:36 - 2014-06-27 08:36 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-06-27 08:36 - 2014-06-27 08:36 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00353584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-06-27 08:36 - 2014-06-27 08:36 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-26 18:52 - 2014-06-26 18:52 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\RealNetworks
2014-06-26 17:32 - 2014-06-26 17:32 - 00001075 _____ () C:\Users\Public\Desktop\RealPlayer.lnk
2014-06-26 17:32 - 2014-06-26 17:32 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-06-26 17:32 - 2014-06-26 17:32 - 00000000 ____D () C:\Program Files\RealNetworks
2014-06-26 17:31 - 2014-06-26 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-06-26 17:31 - 2014-06-26 17:31 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\system32\rmoc3260.dll
2014-06-26 17:31 - 2014-06-26 17:31 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5016.dll
2014-06-26 17:31 - 2014-06-26 17:31 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5032.dll
2014-06-26 17:31 - 2014-06-26 17:31 - 00000000 ____D () C:\Program Files\Common Files\xing shared
2014-06-26 17:29 - 2014-06-26 18:52 - 00000000 ____D () C:\ProgramData\Real
2014-06-26 17:27 - 2014-06-26 17:27 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-26 17:26 - 2014-06-26 17:24 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-26 17:25 - 2014-06-26 17:24 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-26 17:25 - 2014-06-26 17:24 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-26 14:52 - 2014-06-27 08:56 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-06-26 14:52 - 2014-06-26 15:51 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-06-26 14:52 - 2014-06-26 15:50 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-06-26 14:52 - 2014-06-26 14:55 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-26 14:52 - 2014-06-26 14:52 - 00001976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-26 14:52 - 2014-06-26 14:52 - 00001964 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-26 14:52 - 2014-06-26 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-26 14:52 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-06-26 14:43 - 2014-06-26 14:43 - 00001790 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-06-26 14:43 - 2014-06-26 14:43 - 00001760 _____ () C:\Users\Admin\Desktop\Update Checker.lnk
2014-06-26 14:43 - 2014-06-26 14:43 - 00000000 ____D () C:\Program Files\FileHippo.com
2014-06-26 14:41 - 2014-06-26 14:41 - 00000856 _____ () C:\Users\Admin\Desktop\psi.exe - Shortcut.lnk
2014-06-26 14:27 - 2014-06-26 14:28 - 00000411 _____ () C:\Windows\SecuniaPackage.log
2014-06-26 14:13 - 2014-06-26 14:13 - 00000868 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-06-26 14:13 - 2014-06-26 14:13 - 00000000 ____D () C:\Program Files\Secunia
2014-06-24 12:03 - 2014-06-27 08:58 - 00000000 ____D () C:\FRST
2014-06-24 12:02 - 2014-06-27 08:56 - 00000000 ____D () C:\Users\Admin\Desktop\FRST
2014-06-24 09:04 - 2014-06-24 09:07 - 00000000 ____D () C:\Program Files\Linkey
2014-06-24 09:04 - 2014-06-24 09:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Settings Manager
2014-06-24 09:03 - 2014-06-24 09:03 - 02077392 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\IE11-Windows6.1.exe
2014-06-24 07:15 - 2014-06-26 15:49 - 00002846 _____ () C:\Windows\PFRO.log
2014-06-24 07:15 - 2014-06-24 07:16 - 00143848 _____ () C:\Windows\Minidump\Mini062414-01.dmp
2014-06-24 07:15 - 2014-06-24 07:15 - 167555679 _____ () C:\Windows\MEMORY.DMP
2014-06-24 07:13 - 2014-06-24 07:14 - 00000000 ____D () C:\Program Files\GUME0CD.tmp
2014-06-24 07:13 - 2014-06-24 07:13 - 06010880 _____ () C:\Program Files\GUTE0CE.tmp
2014-06-24 07:13 - 2014-06-24 07:13 - 00000000 ____D () C:\Users\Admin\AppData\Local\Apps\2.0
2014-06-24 06:39 - 2014-06-24 06:39 - 00000000 ____D () C:\Program Files\GUMD92E.tmp
2014-06-22 16:02 - 2014-06-27 08:37 - 00008650 _____ () C:\Windows\IE9_main.log
2014-06-22 13:35 - 2014-06-27 08:49 - 00231222 _____ () C:\Windows\WindowsUpdate.log
2014-06-22 13:17 - 2014-06-26 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-22 13:17 - 2014-06-26 17:09 - 00000810 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-22 13:17 - 2014-06-26 17:09 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-22 13:16 - 2014-06-22 13:16 - 00000000 ____D () C:\Program Files\sweetpacks bundle uninstaller_CCleaner_1636641
2014-06-22 09:42 - 2014-06-22 13:12 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-06-22 09:42 - 2014-06-22 09:55 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3_triggeronce.job
2014-06-22 08:44 - 2014-06-24 11:36 - 00000000 ____D () C:\Users\Admin\Downloads\MS
2014-06-21 18:53 - 2014-06-21 18:53 - 00000000 ____D () C:\Users\Admin\Desktop\ProcessExplorer
2014-06-21 10:20 - 2012-08-09 10:48 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll
2014-06-21 10:20 - 2012-08-09 10:47 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
2014-06-21 10:20 - 2012-08-09 10:47 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
2014-06-21 10:20 - 2012-08-09 09:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2014-06-20 17:33 - 2014-06-20 17:33 - 00000846 _____ () C:\Users\Admin\Desktop\Free Window Registry Repair.lnk
2014-06-20 17:33 - 2014-06-20 17:33 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2014-06-20 17:15 - 2014-06-20 17:15 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\rightbackup
2014-06-20 16:18 - 2014-06-20 16:18 - 04814728 _____ (Support.com ) C:\Users\Admin\Downloads\ARO2014.exe
2014-06-19 19:39 - 2014-06-19 19:39 - 00000000 ____D () C:\ProgramData\2308189059
2014-06-19 19:31 - 2014-06-19 19:31 - 00000140 _____ () C:\Windows\system32\sper.dll
2014-06-19 19:30 - 2014-06-19 19:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SpeedUpPC
2014-06-19 19:16 - 2014-06-19 19:49 - 00000000 ____D () C:\ProgramData\TuneUp360
2014-06-19 19:16 - 2014-06-19 19:16 - 00062476 _____ () C:\Users\Admin\AppData\Roaming\userenv.xml
2014-06-19 19:16 - 2014-06-19 19:16 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\spotmau
2014-06-19 18:40 - 2014-06-19 18:40 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SpeedMaxPc
2014-06-19 18:39 - 2014-06-20 18:39 - 00000398 _____ () C:\Windows\Tasks\SpeedMaxPc Update3_triggeronce.job
2014-06-19 18:39 - 2014-06-19 19:14 - 00000000 ____D () C:\ProgramData\SpeedMaxPc
2014-06-19 18:09 - 2014-06-19 18:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-18 19:19 - 2014-06-18 19:19 - 00000000 ____D () C:\Users\Admin\Documents\PC Speed Maximizer
2014-06-18 19:14 - 2014-06-23 16:16 - 00000000 ____D () C:\Program Files\pcmax
2014-06-18 19:10 - 2014-06-18 19:13 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-06-18 19:10 - 2014-06-18 19:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SupTab
2014-06-18 19:10 - 2014-06-18 19:10 - 00000000 ____D () C:\Program Files\SupTab
2014-06-18 18:53 - 2014-06-19 17:07 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-06-18 17:19 - 2014-06-18 17:19 - 00000687 _____ () C:\awhBAF5.tmp
2014-06-18 17:06 - 2014-06-18 17:06 - 00000687 _____ () C:\awh3590.tmp
2014-06-18 16:28 - 2014-06-18 16:28 - 00000000 ____D () C:\ProgramData\Uniblue
2014-06-17 18:44 - 2014-06-24 13:56 - 00000000 ____D () C:\temp
2014-06-17 18:44 - 2014-06-17 18:45 - 00000000 ____D () C:\Program Files\rrsavings
2014-06-17 18:42 - 2014-06-17 18:44 - 00000000 ____D () C:\Program Files\002
2014-06-15 02:46 - 2014-06-15 02:46 - 00108544 _____ () C:\Windows\system32\installd.exe
2014-06-11 07:25 - 2014-04-26 12:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 07:25 - 2014-04-04 22:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 07:25 - 2014-03-09 21:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 07:25 - 2014-03-09 21:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-04 18:36 - 2014-06-04 18:36 - 00000000 ____D () C:\Users\Admin\Documents\Blitz Media Player
2014-06-04 17:44 - 2014-06-05 15:40 - 00000000 ____D () C:\ProgramData\Fighters

==================== One Month Modified Files and Folders =======

2014-06-27 08:58 - 2014-06-24 12:03 - 00000000 ____D () C:\FRST
2014-06-27 08:56 - 2014-06-26 14:52 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-06-27 08:56 - 2014-06-24 12:02 - 00000000 ____D () C:\Users\Admin\Desktop\FRST
2014-06-27 08:51 - 2013-10-12 08:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-27 08:49 - 2014-06-22 13:35 - 00231222 _____ () C:\Windows\WindowsUpdate.log
2014-06-27 08:48 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-27 08:47 - 2006-11-02 08:45 - 00003680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-27 08:47 - 2006-11-02 08:45 - 00003680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-27 08:46 - 2010-09-24 20:11 - 00388820 _____ () C:\aaw7boot.log
2014-06-27 08:45 - 2006-11-02 08:58 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-27 08:41 - 2006-11-02 07:18 - 00000000 ___RD () C:\Windows\Offline Web Pages
2014-06-27 08:37 - 2014-06-27 08:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-27 08:37 - 2014-06-27 08:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-27 08:37 - 2014-06-27 08:37 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-27 08:37 - 2014-06-27 08:37 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-06-27 08:37 - 2014-06-27 08:37 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-27 08:37 - 2014-06-22 16:02 - 00008650 _____ () C:\Windows\IE9_main.log
2014-06-27 08:37 - 2006-11-02 02:32 - 00008798 _____ () C:\Windows\system32\icrav03.rat
2014-06-27 08:37 - 2006-11-02 02:32 - 00001988 _____ () C:\Windows\system32\ticrf.rat
2014-06-27 08:36 - 2014-06-27 08:36 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-06-27 08:36 - 2014-06-27 08:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-27 08:36 - 2014-06-27 08:36 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-27 08:36 - 2014-06-27 08:36 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-06-27 08:36 - 2014-06-27 08:36 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00353584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-06-27 08:36 - 2014-06-27 08:36 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-27 07:18 - 2013-07-19 13:16 - 00000264 _____ () C:\Windows\Tasks\TopArcadeHits.job
2014-06-26 21:15 - 2010-10-23 07:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-26 21:08 - 2011-12-09 18:07 - 00591360 _____ () C:\Users\Admin\Documents\DomResStock.xls
2014-06-26 20:31 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-06-26 18:52 - 2014-06-26 18:52 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\RealNetworks
2014-06-26 18:52 - 2014-06-26 17:29 - 00000000 ____D () C:\ProgramData\Real
2014-06-26 17:32 - 2014-06-26 17:32 - 00001075 _____ () C:\Users\Public\Desktop\RealPlayer.lnk
2014-06-26 17:32 - 2014-06-26 17:32 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-06-26 17:32 - 2014-06-26 17:32 - 00000000 ____D () C:\Program Files\RealNetworks
2014-06-26 17:32 - 2014-06-26 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-06-26 17:32 - 2009-10-05 16:32 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Real
2014-06-26 17:31 - 2014-06-26 17:31 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\system32\rmoc3260.dll
2014-06-26 17:31 - 2014-06-26 17:31 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5016.dll
2014-06-26 17:31 - 2014-06-26 17:31 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5032.dll
2014-06-26 17:31 - 2014-06-26 17:31 - 00000000 ____D () C:\Program Files\Common Files\xing shared
2014-06-26 17:31 - 2007-02-09 11:18 - 00272896 _____ (Progressive Networks) C:\Windows\system32\pncrt.dll
2014-06-26 17:31 - 2007-02-09 11:18 - 00000000 ____D () C:\Program Files\Common Files\Real
2014-06-26 17:31 - 2007-02-09 11:17 - 00000000 ____D () C:\Program Files\Real
2014-06-26 17:27 - 2014-06-26 17:27 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-26 17:26 - 2013-11-10 11:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-26 17:24 - 2014-06-26 17:26 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-26 17:24 - 2014-06-26 17:25 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-26 17:24 - 2014-06-26 17:25 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-26 17:24 - 2014-04-22 07:41 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-26 17:24 - 2013-03-10 14:24 - 00000000 ____D () C:\Program Files\Java
2014-06-26 17:10 - 2014-06-22 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-26 17:09 - 2014-06-22 13:17 - 00000810 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-26 17:09 - 2014-06-22 13:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-26 15:51 - 2014-06-26 14:52 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-06-26 15:50 - 2014-06-26 14:52 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-06-26 15:49 - 2014-06-24 07:15 - 00002846 _____ () C:\Windows\PFRO.log
2014-06-26 14:55 - 2014-06-26 14:52 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-26 14:52 - 2014-06-26 14:52 - 00001976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-26 14:52 - 2014-06-26 14:52 - 00001964 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-26 14:52 - 2014-06-26 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-26 14:51 - 2010-10-23 07:17 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-06-26 14:43 - 2014-06-26 14:43 - 00001790 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-06-26 14:43 - 2014-06-26 14:43 - 00001760 _____ () C:\Users\Admin\Desktop\Update Checker.lnk
2014-06-26 14:43 - 2014-06-26 14:43 - 00000000 ____D () C:\Program Files\FileHippo.com
2014-06-26 14:41 - 2014-06-26 14:41 - 00000856 _____ () C:\Users\Admin\Desktop\psi.exe - Shortcut.lnk
2014-06-26 14:39 - 2007-02-09 11:39 - 00000000 ____D () C:\Program Files\Yahoo!
2014-06-26 14:28 - 2014-06-26 14:27 - 00000411 _____ () C:\Windows\SecuniaPackage.log
2014-06-26 14:28 - 2013-10-12 08:08 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-26 14:28 - 2013-10-12 08:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-26 14:13 - 2014-06-26 14:13 - 00000868 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-06-26 14:13 - 2014-06-26 14:13 - 00000000 ____D () C:\Program Files\Secunia
2014-06-24 13:56 - 2014-06-17 18:44 - 00000000 ____D () C:\temp
2014-06-24 11:36 - 2014-06-22 08:44 - 00000000 ____D () C:\Users\Admin\Downloads\MS
2014-06-24 09:07 - 2014-06-24 09:04 - 00000000 ____D () C:\Program Files\Linkey
2014-06-24 09:04 - 2014-06-24 09:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Settings Manager
2014-06-24 09:03 - 2014-06-24 09:03 - 02077392 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\IE11-Windows6.1.exe
2014-06-24 08:36 - 2010-09-06 08:24 - 00000000 ____D () C:\Program Files\Google
2014-06-24 07:16 - 2014-06-24 07:15 - 00143848 _____ () C:\Windows\Minidump\Mini062414-01.dmp
2014-06-24 07:15 - 2014-06-24 07:15 - 167555679 _____ () C:\Windows\MEMORY.DMP
2014-06-24 07:15 - 2008-12-19 16:49 - 00000000 ____D () C:\Windows\Minidump
2014-06-24 07:14 - 2014-06-24 07:13 - 00000000 ____D () C:\Program Files\GUME0CD.tmp
2014-06-24 07:13 - 2014-06-24 07:13 - 06010880 _____ () C:\Program Files\GUTE0CE.tmp
2014-06-24 07:13 - 2014-06-24 07:13 - 00000000 ____D () C:\Users\Admin\AppData\Local\Apps\2.0
2014-06-24 06:39 - 2014-06-24 06:39 - 00000000 ____D () C:\Program Files\GUMD92E.tmp
2014-06-24 06:39 - 2010-09-06 12:31 - 00000000 ____D () C:\ProgramData\Google
2014-06-23 16:18 - 2013-08-23 04:48 - 00000940 _____ () C:\Users\Public\Desktop\Vz  In-Home Agent.lnk
2014-06-23 16:17 - 2014-03-16 14:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\HpUpdate
2014-06-23 16:16 - 2014-06-18 19:14 - 00000000 ____D () C:\Program Files\pcmax
2014-06-22 16:14 - 2007-02-09 10:48 - 00000000 ____D () C:\Windows\Panther
2014-06-22 13:16 - 2014-06-22 13:16 - 00000000 ____D () C:\Program Files\sweetpacks bundle uninstaller_CCleaner_1636641
2014-06-22 13:12 - 2014-06-22 09:42 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-06-22 09:55 - 2014-06-22 09:42 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3_triggeronce.job
2014-06-22 09:43 - 2013-07-19 12:45 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ParetoLogic
2014-06-21 18:53 - 2014-06-21 18:53 - 00000000 ____D () C:\Users\Admin\Desktop\ProcessExplorer
2014-06-20 18:39 - 2014-06-19 18:39 - 00000398 _____ () C:\Windows\Tasks\SpeedMaxPc Update3_triggeronce.job
2014-06-20 18:11 - 2013-07-19 13:21 - 00000000 ____D () C:\Program Files\Free Window Registry Repair
2014-06-20 17:33 - 2014-06-20 17:33 - 00000846 _____ () C:\Users\Admin\Desktop\Free Window Registry Repair.lnk
2014-06-20 17:33 - 2014-06-20 17:33 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2014-06-20 17:33 - 2013-07-19 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2014-06-20 17:25 - 2013-07-21 10:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Systweak
2014-06-20 17:15 - 2014-06-20 17:15 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\rightbackup
2014-06-20 16:18 - 2014-06-20 16:18 - 04814728 _____ (Support.com ) C:\Users\Admin\Downloads\ARO2014.exe
2014-06-19 19:49 - 2014-06-19 19:16 - 00000000 ____D () C:\ProgramData\TuneUp360
2014-06-19 19:49 - 2014-02-02 11:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-19 19:39 - 2014-06-19 19:39 - 00000000 ____D () C:\ProgramData\2308189059
2014-06-19 19:34 - 2013-07-18 20:11 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-19 19:31 - 2014-06-19 19:31 - 00000140 _____ () C:\Windows\system32\sper.dll
2014-06-19 19:30 - 2014-06-19 19:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SpeedUpPC
2014-06-19 19:16 - 2014-06-19 19:16 - 00062476 _____ () C:\Users\Admin\AppData\Roaming\userenv.xml
2014-06-19 19:16 - 2014-06-19 19:16 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\spotmau
2014-06-19 19:15 - 2013-02-17 13:45 - 00000000 ____D () C:\Users\Admin\Desktop\JT
2014-06-19 19:15 - 2013-01-06 15:37 - 00000000 ____D () C:\Users\Admin\Desktop\Dani
2014-06-19 19:14 - 2014-06-19 18:39 - 00000000 ____D () C:\ProgramData\SpeedMaxPc
2014-06-19 18:40 - 2014-06-19 18:40 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SpeedMaxPc
2014-06-19 18:09 - 2014-06-19 18:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-19 17:48 - 2014-02-17 16:36 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-06-19 17:07 - 2014-06-18 18:53 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-06-18 19:19 - 2014-06-18 19:19 - 00000000 ____D () C:\Users\Admin\Documents\PC Speed Maximizer
2014-06-18 19:13 - 2014-06-18 19:10 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-06-18 19:10 - 2014-06-18 19:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SupTab
2014-06-18 19:10 - 2014-06-18 19:10 - 00000000 ____D () C:\Program Files\SupTab
2014-06-18 17:19 - 2014-06-18 17:19 - 00000687 _____ () C:\awhBAF5.tmp
2014-06-18 17:06 - 2014-06-18 17:06 - 00000687 _____ () C:\awh3590.tmp
2014-06-18 16:28 - 2014-06-18 16:28 - 00000000 ____D () C:\ProgramData\Uniblue
2014-06-17 21:02 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-17 18:45 - 2014-06-17 18:44 - 00000000 ____D () C:\Program Files\rrsavings
2014-06-17 18:44 - 2014-06-17 18:42 - 00000000 ____D () C:\Program Files\002
2014-06-16 08:05 - 2013-04-04 19:04 - 00000000 ____D () C:\Users\Admin\Desktop\lwt
2014-06-15 02:46 - 2014-06-15 02:46 - 00108544 _____ () C:\Windows\system32\installd.exe
2014-06-11 08:07 - 2013-07-11 18:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 07:29 - 2006-11-02 06:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-05 15:40 - 2014-06-04 17:44 - 00000000 ____D () C:\ProgramData\Fighters
2014-06-04 18:36 - 2014-06-04 18:36 - 00000000 ____D () C:\Users\Admin\Documents\Blitz Media Player

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-27 08:53

==================== End Of Log ============================

 

 

**** My latest addition.txt, generated 6/27 ****

Additional scan result of Farbar Recovery Scan Tool (x86) Version:22-06-2014
Ran by Admin at 2014-06-27 09:10:23
Running from C:\Users\Admin\Desktop\FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\{C4B32291-F7B2-4BEC-BA4D-4195676A08CC}) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DefaultTab (HKLM\...\DefaultTab) (Version: 2.2.8.0 - Search Results, LLC) <==== ATTENTION
DVD Play (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 2.4.4818 - Hewlett-Packard)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
Free Window Registry Repair (HKLM\...\Free Window Registry Repair) (Version:  - )
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4323.13 - PC-Doctor, Inc.)
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 1.00.0000 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 1.00.0000 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.00.0000 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP On-Screen Caps/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IHA_MessageCenter (HKLM\...\{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}) (Version: 1.8.17 - Verizon)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Isle Wars Pro 2.0 (HKLM\...\Isle Wars Pro Game_is1) (Version:  - Soleau Software, Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 5 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (Version: 2.8.05.13 - Oracle, Inc.) Hidden
Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 6.5.0.17883 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.10.21853 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKCU\...\Juniper_Term_Services) (Version: 7.1.12.21827 - Juniper Networks)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LightScribe  1.4.136.1 (Version: 1.4.136.1 - http://www.lightscribe.com) Hidden
LiveUpdate (Symantec Corporation) (HKLM\...\PsuedoLiveUpdate) (Version: 3.5.0.64 - Symantec Corporation)
LiveUpdate (Symantec Corporation) (Version: 3.5.0.64 - Symantec Corporation) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Move Networks Media Player for Internet Explorer (HKCU\...\Move Networks Player - IE) (Version:  - )
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent hpdesktop Master Uninstall) (Version: HPCMPQ1601 - WildTangent)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PyScripter 2.5.3 (HKLM\...\PyScripter_is1) (Version: 2.5.3 - PyScripter)
Python 2.4.3 (HKLM\...\{75E71ADD-042C-4F30-BFAC-A9EC42351313}) (Version: 2.4.3150 - Martin v. Löwis)
Python 2.7 xlrd-0.7.9 (HKCU\...\xlrd-py2.7) (Version:  - )
Python 2.7.3 (HKLM\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Redist (HKLM\...\{0F052922-4BCE-4763-A540-00857554336D}) (Version: 3.00.0000 - Verizon)
Rhapsody (HKLM\...\Rhapsody) (Version:  - )
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}) (Version: 9.0.095 - Roxio, Inc.)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
soapUI 4.5.1 4.5.1 (HKLM\...\5517-2803-0637-4585) (Version: 4.5.1 - SmartBear Software)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
TopArcadeHits (HKCU\...\{C1C3E833-420E-4D78-9BA7-86AEBB272384}) (Version:  - TopArcadeHits)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Verizon Activation (HKLM\...\{92125850-CE9E-405F-8DC7-774DC36AE76C}_is1) (Version:  - Verizon)
Verizon Media Manager (HKLM\...\Verizon Media Manager) (Version: 9.4.94 - Verizon)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.59.0 - Verizon)
Webroot Software (HKLM\...\Webroot Software) (Version: 7.0.4.102 - Webroot Software, Inc.)
Webroot Software (Version: 7.0.4.102 - Webroot Software, Inc.) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

17-06-2014 19:34:15 Windows Update
17-06-2014 22:45:21 Removed Driver Support.
18-06-2014 00:59:02 Removed Driver Support.
18-06-2014 23:29:18 Removed Muvic Smartbar
20-06-2014 17:35:55 ARO 2013 - Before Installation
20-06-2014 17:37:48 ARO 2014 - FIRST RUN
20-06-2014 17:49:24 ARO 2014 Fri, Jun 20, 14  13:49
20-06-2014 20:19:40 ARO 2013 - Before Installation
20-06-2014 20:21:09 ARO 2014 - FIRST RUN
20-06-2014 20:24:03 ARO 2014 Fri, Jun 20, 14  16:24
20-06-2014 20:38:47 Windows Update
20-06-2014 21:02:48 ARO 2014 Fri, Jun 20, 14  17:02
21-06-2014 13:56:18 ARO 2013 - Before Installation
21-06-2014 13:58:28 ARO 2014 - FIRST RUN
21-06-2014 14:00:38 ARO 2014 Sat, Jun 21, 14  10:00
21-06-2014 14:19:49 Windows Update
21-06-2014 21:35:50 Installed Microsoft Fix it 50778
21-06-2014 21:37:24 Installed Microsoft Fix it 50778
22-06-2014 12:24:32 Windows Modules Installer
22-06-2014 12:44:24 Installed Microsoft Fix it 50778
22-06-2014 20:02:06 Windows Update
22-06-2014 20:47:41 Windows Modules Installer
24-06-2014 13:11:54 Windows Modules Installer
26-06-2014 21:23:38 Installed Java 8 Update 5
26-06-2014 22:53:43 Installed Microsoft Fix it 50778
27-06-2014 12:32:03 Windows Update

==================== Hosts content: ==========================

2006-11-02 06:23 - 2014-06-27 06:51 - 00450689 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0AD77258-0181-438C-8EAF-F1F2120B8CE4} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1952994113-3900846881-1584432544-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {419A1959-ECBB-456B-B9E7-9E572AB954FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-26] (Adobe Systems Incorporated)
Task: {4569EA79-DA81-49A2-8E49-08F86E7EB0AD} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {49971736-AF2D-4F50-ABD8-6EBE4A2B8842} - System32\Tasks\At1 => c:\Program Files\pcmax\service.exe [2014-05-29] () <==== ATTENTION
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {647DCC63-D0B8-400B-823E-C20E0E6B8ABE} - System32\Tasks\TopArcadeHits => C:\Users\Admin\AppData\Local\TopArcadeHits\updater.exe [2014-01-20] ()
Task: {6A7583FE-6092-43DC-BB72-DFA04BE72201} - System32\Tasks\HP online update program => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2011-10-28] (Hewlett-Packard)
Task: {71D55C2E-D780-4F6B-8364-C2E63586816E} - \LyricsSing Update No Task File <==== ATTENTION
Task: {8A07DF50-099A-4701-84E6-8788ABED83C4} - System32\Tasks\SpeedMaxPc Update3_triggeronce => c:\program files\common files\speedmaxpc\uus3\Update3.exe
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {98AAE6F2-C750-478F-9ACD-8FF5564938E5} - System32\Tasks\ParetoLogic Update Version3_triggeronce => c:\program files\common files\paretologic\uus3\Pareto_Update3.exe
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {9F3D9720-21B6-4A77-941C-F6C21CA2E7DA} - System32\Tasks\Microsoft\Windows\RestartManager\{15BEA94A-320A-4d42-9B61-5FB967A9FBE8} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {A33B05AB-A061-4150-ABC7-3B4C67861DA7} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {A5F722A4-051D-4F02-8A5A-9B37BC9433B2} - System32\Tasks\InstallShield Software online update program => C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-02-16] (InstallShield Software Corporation)
Task: {B1C244A8-7111-405C-BFAB-4C942ED599C5} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {B2AAF0DA-B128-4D4E-B92E-C6F5E6836D98} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1952994113-3900846881-1584432544-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {BA578625-966E-4721-8A97-FA8A1A57EBB8} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {BB0CAA25-07DF-4F8A-BA56-428C304C0F31} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {BC7C7166-75F9-45D4-912A-0E9E2B1CC63A} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {BDD38020-19C2-4B76-B619-0E3EFD5C2150} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {C6E24925-7FC2-4F63-9F40-2F5FA9675D2D} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-03-18] (Oracle Corporation)
Task: {C82E09C3-63EF-4908-BD2A-D280308FEE37} - System32\Tasks\SpeedUpPC_LogOn => C:\Program Files\SpeedUpPC Pro\SpeedUpPC
Task: {DB06B8CE-0624-4A2E-9DC5-EF32669DAB2A} - System32\Tasks\Real Player online update program => C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Task: {DF492869-C848-4132-8B27-D1D19D2674E1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {EC5F1A1F-1AD2-4B1A-B195-70ABC57350BB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {F5B4A899-DDD3-4574-B8EC-0C5405866F4F} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3_triggeronce.job => c:\program files\common files\paretologic\uus3\Pareto_Update3.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\SpeedMaxPc Update3_triggeronce.job => c:\program files\common files\speedmaxpc\uus3\Update3.exe
Task: C:\Windows\Tasks\TopArcadeHits.job => C:\Users\Admin\AppData\Local\TopArcadeHits\updater.exe

==================== Loaded Modules (whitelisted) =============

2014-05-29 07:16 - 2014-05-29 07:16 - 00241344 _____ () C:\Program Files\pcmax\pcmax.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-06-26 14:52 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-26 14:52 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-26 14:52 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-06-26 14:52 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-26 14:52 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-06-17 18:44 - 2014-06-17 18:44 - 00541696 _____ () C:\Program Files\002\yewimmxqbs32.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:B63300D1

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRConsumerService => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: ccApp => "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
MSCONFIG\startupreg: pcreg => C:\Program Files\pcmax\service.exe
MSCONFIG\startupreg: SafePCRepair Search Scope Monitor => "C:\PROGRA~1\SAFEPC~2\bar\1.bin\89srchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: Windows Defender => C:\Program Files\Windows Defender\MSASCui.exe -hide

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/27/2014 09:22:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16555, time stamp 0x53860f63, faulting module SpAPPSv32.dll, version 1.0.3.265, time stamp 0x536854bd, exception code 0xc0000005, fault offset 0x0000fa00,
process id 0x12a8, application start time 0xiexplore.exe0.

Error: (06/27/2014 08:54:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16555, time stamp 0x53860f63, faulting module SpAPPSv32.dll, version 1.0.3.265, time stamp 0x536854bd, exception code 0xc0000005, fault offset 0x0000fa00,
process id 0x808, application start time 0xiexplore.exe0.

Error: (06/27/2014 08:54:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16555, time stamp 0x53860f63, faulting module SpAPPSv32.dll, version 1.0.3.265, time stamp 0x536854bd, exception code 0xc0000005, fault offset 0x0000fa00,
process id 0xd28, application start time 0xiexplore.exe0.

Error: (06/27/2014 08:44:25 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler IEPH.RSSHandler cannot be loaded. Error description: Class not registered
.

Error: (06/27/2014 08:44:24 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler IEPH.HistoryHandler cannot be loaded. Error description: Class not registered
.

Error: (06/27/2014 08:21:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 30.0.0.5269 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 404
Start Time: 01cf92000fc6aef9
Termination Time: 4071

Error: (06/27/2014 08:06:20 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\ADMIN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0O0QERUE.DEFAULT\CACHE2\DOOMED> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (06/27/2014 08:06:19 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\ADMIN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0O0QERUE.DEFAULT\CACHE2\ENTRIES> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (06/26/2014 07:45:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/26/2014 07:45:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (06/27/2014 08:58:18 AM) (Source: RasMan) (EventID: 20063) (User: )
Description: Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. The specified module could not be found.

Error: (06/27/2014 08:58:18 AM) (Source: RemoteAccess) (EventID: 20151) (User: )
Description: The Control Protocol EAP in the Point to Point Protocol module C:\Windows\System32\rasppp.dll returned an error while initializing. The specified module could not be found.

Error: (06/27/2014 08:58:18 AM) (Source: RemoteAccess) (EventID: 20070) (User: )
Description: Point to Point Protocol engine was unable to load the C:\Program Files\Symantec\Symantec Endpoint Protection\SymRasMan.dll module. The specified module could not be found.

Error: (06/27/2014 08:58:17 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Remote Access Connection Manager%%126

Error: (06/27/2014 08:58:17 AM) (Source: RasMan) (EventID: 20063) (User: )
Description: Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. The specified module could not be found.

Error: (06/27/2014 08:58:17 AM) (Source: RemoteAccess) (EventID: 20151) (User: )
Description: The Control Protocol EAP in the Point to Point Protocol module C:\Windows\System32\rasppp.dll returned an error while initializing. The specified module could not be found.

Error: (06/27/2014 08:58:17 AM) (Source: RemoteAccess) (EventID: 20070) (User: )
Description: Point to Point Protocol engine was unable to load the C:\Program Files\Symantec\Symantec Endpoint Protection\SymRasMan.dll module. The specified module could not be found.

Error: (06/27/2014 08:58:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Remote Access Connection Manager%%126

Error: (06/27/2014 08:58:15 AM) (Source: RasMan) (EventID: 20063) (User: )
Description: Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. The specified module could not be found.

Error: (06/27/2014 08:58:15 AM) (Source: RemoteAccess) (EventID: 20151) (User: )
Description: The Control Protocol EAP in the Point to Point Protocol module C:\Windows\System32\rasppp.dll returned an error while initializing. The specified module could not be found.


Microsoft Office Sessions:
=========================
Error: (06/27/2014 09:22:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1655553860f63SpAPPSv32.dll1.0.3.265536854bdc00000050000fa0012a801cf920ad584b2d5

Error: (06/27/2014 08:54:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1655553860f63SpAPPSv32.dll1.0.3.265536854bdc00000050000fa0080801cf9206c45ac3e5

Error: (06/27/2014 08:54:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1655553860f63SpAPPSv32.dll1.0.3.265536854bdc00000050000fa00d2801cf9206ddbe9505

Error: (06/27/2014 08:44:25 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: IEPH.RSSHandlerClass not registered

Error: (06/27/2014 08:44:24 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: IEPH.HistoryHandlerClass not registered

Error: (06/27/2014 08:21:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe30.0.0.526940401cf92000fc6aef94071

Error: (06/27/2014 08:06:20 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\ADMIN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0O0QERUE.DEFAULT\CACHE2\DOOMED

Error: (06/27/2014 08:06:19 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\ADMIN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0O0QERUE.DEFAULT\CACHE2\ENTRIES

Error: (06/26/2014 07:45:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\WINDOWS\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (06/26/2014 07:45:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\WINDOWS\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe


CodeIntegrity Errors:
===================================
  Date: 2014-06-27 08:47:25.691
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-27 06:32:28.035
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-26 19:42:05.179
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-26 19:00:52.677
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-26 15:58:09.882
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-26 15:49:32.116
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-26 13:56:28.082
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-25 16:15:50.460
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-24 11:19:46.435
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-24 09:18:29.989
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 82%
Total physical RAM: 1014.64 MB
Available physical RAM: 178.27 MB
Total Pagefile: 2293.6 MB
Available Pagefile: 676.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.07 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:141.96 GB) (Free:89.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:7.09 GB) (Free:0.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP OJ8600) (CDROM) (Total:0.6 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=142 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#4
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi lwt_intl,

Thank you for going through the trouble of providing fresh logs! :) Your computer seems to be heavily infected with a lot of nasty things. We'll remove as much as we can at this phase.
  • Step 1

    Certain programs can hinder the cleaning process. As such, I ask that you remove the below program(s) to ensure no such conflict arises:
    • Spybot - Search & Destroy 2
    While disabling is an option, for a more hassle-free solution, I recommend uninstalling the above program(s) through Control Panel > Add or Remove Programs (Windows XP) or Control Panel > Programs and Features > Uninstall a Program (Windows Vista & Windows 7).

    You may re-install the program(s) later once I have declared you clean.
  • Step 2

    Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
    () C:\Program Files\002\yewimmxqbs32.exe
    () C:\Program Files\pcmax\pcmax.exe
    (Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
    (COMPANYVERS_NAME) C:\Program Files\SafePCRepair_89\bar\1.bin\89barsvc.exe
    C:\PROGRA~1\SAFEPC~2
    C:\Program Files\pcmax
    AlternateDataStreams: C:\ProgramData\TEMP:373E1720
    AlternateDataStreams: C:\ProgramData\TEMP:B63300D1
    2014-06-17 18:44 - 2014-06-17 18:44 - 00541696 _____ () C:\Program Files\002\yewimmxqbs32.exe
    2014-05-29 07:16 - 2014-05-29 07:16 - 00241344 _____ () C:\Program Files\pcmax\pcmax.exe
    Task: C:\Windows\Tasks\SpeedMaxPc Update3_triggeronce.job => c:\program files\common files\speedmaxpc\uus3\Update3.exe
    Task: C:\Windows\Tasks\TopArcadeHits.job => C:\Users\Admin\AppData\Local\TopArcadeHits\updater.exe
    Task: C:\Windows\Tasks\ParetoLogic Update Version3_triggeronce.job => c:\program files\common files\paretologic\uus3\Pareto_Update3.exe
    Task: {C82E09C3-63EF-4908-BD2A-D280308FEE37} - System32\Tasks\SpeedUpPC_LogOn => C:\Program Files\SpeedUpPC Pro\SpeedUpPC
    Task: {98AAE6F2-C750-478F-9ACD-8FF5564938E5} - System32\Tasks\ParetoLogic Update Version3_triggeronce => c:\program files\common files\paretologic\uus3\Pareto_Update3.exe
    Task: {71D55C2E-D780-4F6B-8364-C2E63586816E} - \LyricsSing Update No Task File <==== ATTENTION
    Task: {8A07DF50-099A-4701-84E6-8788ABED83C4} - System32\Tasks\SpeedMaxPc Update3_triggeronce => c:\program files\common files\speedmaxpc\uus3\Update3.exe
    Task: {647DCC63-D0B8-400B-823E-C20E0E6B8ABE} - System32\Tasks\TopArcadeHits => C:\Users\Admin\AppData\Local\TopArcadeHits\updater.exe [2014-01-20] ()
    Task: {49971736-AF2D-4F50-ABD8-6EBE4A2B8842} - System32\Tasks\At1 => c:\Program Files\pcmax\service.exe [2014-05-29] () <==== ATTENTION
    2014-06-05 15:40 - 2014-06-04 17:44 - 00000000 ____D () C:\ProgramData\Fighters
    2014-06-04 18:36 - 2014-06-04 18:36 - 00000000 ____D () C:\Users\Admin\Documents\Blitz Media Player
    2014-06-15 02:46 - 2014-06-15 02:46 - 00108544 _____ () C:\Windows\system32\installd.exe
    2014-06-17 18:45 - 2014-06-17 18:44 - 00000000 ____D () C:\Program Files\rrsavings
    2014-06-17 18:44 - 2014-06-17 18:42 - 00000000 ____D () C:\Program Files\002
    2014-06-19 17:07 - 2014-06-18 18:53 - 00000000 ____D () C:\ProgramData\BoostSoftware
    2014-06-18 19:19 - 2014-06-18 19:19 - 00000000 ____D () C:\Users\Admin\Documents\PC Speed Maximizer
    2014-06-18 19:13 - 2014-06-18 19:10 - 00000000 ____D () C:\ProgramData\IePluginServices
    2014-06-18 19:10 - 2014-06-18 19:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SupTab
    2014-06-18 19:10 - 2014-06-18 19:10 - 00000000 ____D () C:\Program Files\SupTab
    2014-06-18 17:19 - 2014-06-18 17:19 - 00000687 _____ () C:\awhBAF5.tmp
    2014-06-18 17:06 - 2014-06-18 17:06 - 00000687 _____ () C:\awh3590.tmp
    2014-06-18 16:28 - 2014-06-18 16:28 - 00000000 ____D () C:\ProgramData\Uniblue
    2014-06-19 19:14 - 2014-06-19 18:39 - 00000000 ____D () C:\ProgramData\SpeedMaxPc
    2014-06-19 18:40 - 2014-06-19 18:40 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SpeedMaxPc
    2014-06-19 19:31 - 2014-06-19 19:31 - 00000140 _____ () C:\Windows\system32\sper.dll
    2014-06-19 19:30 - 2014-06-19 19:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SpeedUpPC
    2014-06-19 19:16 - 2014-06-19 19:16 - 00062476 _____ () C:\Users\Admin\AppData\Roaming\userenv.xml
    2014-06-19 19:16 - 2014-06-19 19:16 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\spotmau
    2014-06-19 19:39 - 2014-06-19 19:39 - 00000000 ____D () C:\ProgramData\2308189059
    2014-06-20 18:39 - 2014-06-19 18:39 - 00000398 _____ () C:\Windows\Tasks\SpeedMaxPc Update3_triggeronce.job
    2014-06-20 18:11 - 2013-07-19 13:21 - 00000000 ____D () C:\Program Files\Free Window Registry Repair
    2014-06-20 17:33 - 2014-06-20 17:33 - 00000846 _____ () C:\Users\Admin\Desktop\Free Window Registry Repair.lnk
    2014-06-20 17:33 - 2014-06-20 17:33 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
    2014-06-20 17:33 - 2013-07-19 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
    2014-06-20 17:25 - 2013-07-21 10:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Systweak
    2014-06-20 17:15 - 2014-06-20 17:15 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\rightbackup
    2014-06-20 16:18 - 2014-06-20 16:18 - 04814728 _____ (Support.com ) C:\Users\Admin\Downloads\ARO2014.exe
    2014-06-19 19:49 - 2014-06-19 19:16 - 00000000 ____D () C:\ProgramData\TuneUp360
    2014-06-22 13:16 - 2014-06-22 13:16 - 00000000 ____D () C:\Program Files\sweetpacks bundle uninstaller_CCleaner_1636641
    2014-06-22 13:12 - 2014-06-22 09:42 - 00000000 ____D () C:\ProgramData\ParetoLogic
    2014-06-22 09:55 - 2014-06-22 09:42 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3_triggeronce.job
    2014-06-22 09:43 - 2013-07-19 12:45 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ParetoLogic
    2014-06-23 16:16 - 2014-06-18 19:14 - 00000000 ____D () C:\Program Files\pcmax
    2014-06-24 06:39 - 2014-06-24 06:39 - 00000000 ____D () C:\Program Files\GUMD92E.tmp
    2014-06-24 07:14 - 2014-06-24 07:13 - 00000000 ____D () C:\Program Files\GUME0CD.tmp
    2014-06-24 07:13 - 2014-06-24 07:13 - 06010880 _____ () C:\Program Files\GUTE0CE.tmp
    2014-06-24 09:07 - 2014-06-24 09:04 - 00000000 ____D () C:\Program Files\Linkey
    2014-06-24 09:04 - 2014-06-24 09:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Settings Manager
    2014-06-27 08:37 - 2006-11-02 02:32 - 00008798 _____ () C:\Windows\system32\icrav03.rat
    2014-06-27 08:37 - 2006-11-02 02:32 - 00001988 _____ () C:\Windows\system32\ticrf.rat
    R2 yewimmxqbs32; C:\Program Files\002\yewimmxqbs32.exe [541696 2014-06-17] () [File not signed]
    R2 SafePCRepair_89Service; C:\Program Files\SafePCRepair_89\bar\1.bin\89barsvc.exe [42504 2013-07-19] (COMPANYVERS_NAME)
    R2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [241344 2014-05-29] ()
    S3 ioloService; C:\Program Files\SafePCRepair\ioloToolService.exe [2625800 2013-04-05] (iolo technologies, LLC)
    R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
    S2 DefaultTabUpdate; C:\Users\Admin\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-07-19] () [File not signed]
    FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\searchplugins\default-search.xml
    FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\searchplugins\Web Search.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\v9.xml
    FF Extension: TopArcadeHits - C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} [2013-07-19]
    FF Extension: Quick Start - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\Extensions\[email protected] [2014-06-18]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\extensions\[email protected]
    FF Extension: Quick Start - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\extensions\[email protected] [2014-06-18]
    FF Plugin: @SafePCRepair_89.com/Plugin - C:\Program Files\SafePCRepair_89\bar\1.bin\NP89Stub.dll (MindSpark)
    FF DefaultSearchEngine: v9
    FF SearchEngineOrder.1: default-search.net
    FF SelectedSearchEngine: v9
    FF Homepage: hxxp://www.v9.com/?type=hppp&ts=1403812266&from=vtt&uid=ST3160812AS_5LSBR93GXXXX5LSBR93G&i=psd&t=344bcc0a7
    FF Keyword.URL: hxxp://www.default-search.net/search?sid=492&aid=227&itype=a&ver=12791&tm=388&src=ds&p=
    Toolbar: HKLM - SafePCRepair - {a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1} -  No File
    Toolbar: HKCU - SafePCRepair - {A9D9EA68-5D09-43EF-A0C5-6F6A6F82A0E1} -  No File
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Admin\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
    BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
    BHO: Search Assistant BHO - {5d13bf91-ea09-4ed8-9acd-c6bad32617b9} -  No File
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperba...codeID}&um={UM}
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask...r={searchTerms}
    SearchScopes: HKCU - {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
    SearchScopes: HKCU - {B33F6A4E-9E23-419D-BA85-31F4D9B317DE} URL = http://feed.helperba...codeID}&um={UM}
    SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask...r={searchTerms}
    BHO: No Name - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -  No File
    HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
    BootExecute: autocheck autochk * lsdeletesdnclean.exe
    AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\Program Files\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co., Ltd.)
    IFEO\bitguard.exe: [Debugger] tasklist.exe
    IFEO\bprotect.exe: [Debugger] tasklist.exe
    IFEO\bpsvc.exe: [Debugger] tasklist.exe
    IFEO\browserdefender.exe: [Debugger] tasklist.exe
    IFEO\browserprotect.exe: [Debugger] tasklist.exe
    IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
    IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
    IFEO\jumpflip: [Debugger] tasklist.exe
    IFEO\protectedsearch.exe: [Debugger] tasklist.exe
    IFEO\searchinstaller.exe: [Debugger] tasklist.exe
    IFEO\searchprotection.exe: [Debugger] tasklist.exe
    IFEO\searchprotector.exe: [Debugger] tasklist.exe
    IFEO\searchsettings.exe: [Debugger] tasklist.exe
    IFEO\searchsettings64.exe: [Debugger] tasklist.exe
    IFEO\snapdo.exe: [Debugger] tasklist.exe
    IFEO\stinst32.exe: [Debugger] tasklist.exe
    IFEO\stinst64.exe: [Debugger] tasklist.exe
    IFEO\umbrella.exe: [Debugger] tasklist.exe
    IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
    IFEO\volaro: [Debugger] tasklist.exe
    IFEO\vonteera: [Debugger] tasklist.exe
    IFEO\websteroids.exe: [Debugger] tasklist.exe
    IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
    • Run your copy of FRST. It is important to ensure it is located in your desktop.

      5mgxgF3.png

    • Press the Fix button.
    • It will produce a log (fixlog.txt) once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log(s) in your next reply.
  • Step 3

    Download 'AdwCleaner by Xplode' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Click Scan and choose Clean after.
    • Wait for it to finish. It won't take long.
    • Click OK for the next prompts. Your system will automatically reboot.
    • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner[S*].txt.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • fixlog.txt (Farbar Recovery Scan Tool)
    • AdwCleaner[S*].txt (AdwCleaner)

  • 0

#5
lwt_intl

lwt_intl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Thank you for all of your help.  I look forward to learning more.  Here is the fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:28-06-2014 02
Ran by Admin at 2014-06-29 08:41:59 Run:1
Running from C:\Users\Admin\Desktop\FRST
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
() C:\Program Files\002\yewimmxqbs32.exe
() C:\Program Files\pcmax\pcmax.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(COMPANYVERS_NAME) C:\Program Files\SafePCRepair_89\bar\1.bin\89barsvc.exe
C:\PROGRA~1\SAFEPC~2
C:\Program Files\pcmax
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:B63300D1
2014-06-17 18:44 - 2014-06-17 18:44 - 00541696 _____ () C:\Program Files\002\yewimmxqbs32.exe
2014-05-29 07:16 - 2014-05-29 07:16 - 00241344 _____ () C:\Program Files\pcmax\pcmax.exe
Task: C:\Windows\Tasks\SpeedMaxPc Update3_triggeronce.job => c:\program files\common files\speedmaxpc\uus3\Update3.exe
Task: C:\Windows\Tasks\TopArcadeHits.job => C:\Users\Admin\AppData\Local\TopArcadeHits\updater.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3_triggeronce.job => c:\program files\common files\paretologic\uus3\Pareto_Update3.exe
Task: {C82E09C3-63EF-4908-BD2A-D280308FEE37} - System32\Tasks\SpeedUpPC_LogOn => C:\Program Files\SpeedUpPC Pro\SpeedUpPC
Task: {98AAE6F2-C750-478F-9ACD-8FF5564938E5} - System32\Tasks\ParetoLogic Update Version3_triggeronce => c:\program files\common files\paretologic\uus3\Pareto_Update3.exe
Task: {71D55C2E-D780-4F6B-8364-C2E63586816E} - \LyricsSing Update No Task File <==== ATTENTION
Task: {8A07DF50-099A-4701-84E6-8788ABED83C4} - System32\Tasks\SpeedMaxPc Update3_triggeronce => c:\program files\common files\speedmaxpc\uus3\Update3.exe
Task: {647DCC63-D0B8-400B-823E-C20E0E6B8ABE} - System32\Tasks\TopArcadeHits => C:\Users\Admin\AppData\Local\TopArcadeHits\updater.exe [2014-01-20] ()
Task: {49971736-AF2D-4F50-ABD8-6EBE4A2B8842} - System32\Tasks\At1 => c:\Program Files\pcmax\service.exe [2014-05-29] () <==== ATTENTION
2014-06-05 15:40 - 2014-06-04 17:44 - 00000000 ____D () C:\ProgramData\Fighters
2014-06-04 18:36 - 2014-06-04 18:36 - 00000000 ____D () C:\Users\Admin\Documents\Blitz Media Player
2014-06-15 02:46 - 2014-06-15 02:46 - 00108544 _____ () C:\Windows\system32\installd.exe
2014-06-17 18:45 - 2014-06-17 18:44 - 00000000 ____D () C:\Program Files\rrsavings
2014-06-17 18:44 - 2014-06-17 18:42 - 00000000 ____D () C:\Program Files\002
2014-06-19 17:07 - 2014-06-18 18:53 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-06-18 19:19 - 2014-06-18 19:19 - 00000000 ____D () C:\Users\Admin\Documents\PC Speed Maximizer
2014-06-18 19:13 - 2014-06-18 19:10 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-06-18 19:10 - 2014-06-18 19:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SupTab
2014-06-18 19:10 - 2014-06-18 19:10 - 00000000 ____D () C:\Program Files\SupTab
2014-06-18 17:19 - 2014-06-18 17:19 - 00000687 _____ () C:\awhBAF5.tmp
2014-06-18 17:06 - 2014-06-18 17:06 - 00000687 _____ () C:\awh3590.tmp
2014-06-18 16:28 - 2014-06-18 16:28 - 00000000 ____D () C:\ProgramData\Uniblue
2014-06-19 19:14 - 2014-06-19 18:39 - 00000000 ____D () C:\ProgramData\SpeedMaxPc
2014-06-19 18:40 - 2014-06-19 18:40 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SpeedMaxPc
2014-06-19 19:31 - 2014-06-19 19:31 - 00000140 _____ () C:\Windows\system32\sper.dll
2014-06-19 19:30 - 2014-06-19 19:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SpeedUpPC
2014-06-19 19:16 - 2014-06-19 19:16 - 00062476 _____ () C:\Users\Admin\AppData\Roaming\userenv.xml
2014-06-19 19:16 - 2014-06-19 19:16 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\spotmau
2014-06-19 19:39 - 2014-06-19 19:39 - 00000000 ____D () C:\ProgramData\2308189059
2014-06-20 18:39 - 2014-06-19 18:39 - 00000398 _____ () C:\Windows\Tasks\SpeedMaxPc Update3_triggeronce.job
2014-06-20 18:11 - 2013-07-19 13:21 - 00000000 ____D () C:\Program Files\Free Window Registry Repair
2014-06-20 17:33 - 2014-06-20 17:33 - 00000846 _____ () C:\Users\Admin\Desktop\Free Window Registry Repair.lnk
2014-06-20 17:33 - 2014-06-20 17:33 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2014-06-20 17:33 - 2013-07-19 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2014-06-20 17:25 - 2013-07-21 10:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Systweak
2014-06-20 17:15 - 2014-06-20 17:15 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\rightbackup
2014-06-20 16:18 - 2014-06-20 16:18 - 04814728 _____ (Support.com ) C:\Users\Admin\Downloads\ARO2014.exe
2014-06-19 19:49 - 2014-06-19 19:16 - 00000000 ____D () C:\ProgramData\TuneUp360
2014-06-22 13:16 - 2014-06-22 13:16 - 00000000 ____D () C:\Program Files\sweetpacks bundle uninstaller_CCleaner_1636641
2014-06-22 13:12 - 2014-06-22 09:42 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-06-22 09:55 - 2014-06-22 09:42 - 00000418 _____ () C:\Windows\Tasks\ParetoLogic Update Version3_triggeronce.job
2014-06-22 09:43 - 2013-07-19 12:45 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ParetoLogic
2014-06-23 16:16 - 2014-06-18 19:14 - 00000000 ____D () C:\Program Files\pcmax
2014-06-24 06:39 - 2014-06-24 06:39 - 00000000 ____D () C:\Program Files\GUMD92E.tmp
2014-06-24 07:14 - 2014-06-24 07:13 - 00000000 ____D () C:\Program Files\GUME0CD.tmp
2014-06-24 07:13 - 2014-06-24 07:13 - 06010880 _____ () C:\Program Files\GUTE0CE.tmp
2014-06-24 09:07 - 2014-06-24 09:04 - 00000000 ____D () C:\Program Files\Linkey
2014-06-24 09:04 - 2014-06-24 09:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Settings Manager
2014-06-27 08:37 - 2006-11-02 02:32 - 00008798 _____ () C:\Windows\system32\icrav03.rat
2014-06-27 08:37 - 2006-11-02 02:32 - 00001988 _____ () C:\Windows\system32\ticrf.rat
R2 yewimmxqbs32; C:\Program Files\002\yewimmxqbs32.exe [541696 2014-06-17] () [File not signed]
R2 SafePCRepair_89Service; C:\Program Files\SafePCRepair_89\bar\1.bin\89barsvc.exe [42504 2013-07-19] (COMPANYVERS_NAME)
R2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [241344 2014-05-29] ()
S3 ioloService; C:\Program Files\SafePCRepair\ioloToolService.exe [2625800 2013-04-05] (iolo technologies, LLC)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
S2 DefaultTabUpdate; C:\Users\Admin\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-07-19] () [File not signed]
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\v9.xml
FF Extension: TopArcadeHits - C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} [2013-07-19]
FF Extension: Quick Start - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\Extensions\[email protected] [2014-06-18]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\extensions\[email protected]
FF Extension: Quick Start - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\extensions\[email protected] [2014-06-18]
FF Plugin: @SafePCRepair_89.com/Plugin - C:\Program Files\SafePCRepair_89\bar\1.bin\NP89Stub.dll (MindSpark)
FF DefaultSearchEngine: v9
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: v9
FF Homepage: hxxp://www.v9.com/?type=hppp&ts=1403812266&from=vtt&uid=ST3160812AS_5LSBR93GXXXX5LSBR93G&i=psd&t=344bcc0a7
FF Keyword.URL: hxxp://www.default-search.net/search?sid=492&aid=227&itype=a&ver=12791&tm=388&src=ds&p=
Toolbar: HKLM - SafePCRepair - {a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1} -  No File
Toolbar: HKCU - SafePCRepair - {A9D9EA68-5D09-43EF-A0C5-6F6A6F82A0E1} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Admin\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: Search Assistant BHO - {5d13bf91-ea09-4ed8-9acd-c6bad32617b9} -  No File
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperba...codeID}&um={UM}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask...r={searchTerms}
SearchScopes: HKCU - {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
SearchScopes: HKCU - {B33F6A4E-9E23-419D-BA85-31F4D9B317DE} URL = http://feed.helperba...codeID}&um={UM}
SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask...r={searchTerms}
BHO: No Name - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -  No File
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
BootExecute: autocheck autochk * lsdeletesdnclean.exe
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\Program Files\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co., Ltd.)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
*****************

[2568] C:\Program Files\002\yewimmxqbs32.exe => Process closed successfully.
[1604] C:\Program Files\pcmax\pcmax.exe => Process closed successfully.
[408] C:\ProgramData\IePluginServices\PluginService.exe => Process closed successfully.
[1868] C:\Program Files\SafePCRepair_89\bar\1.bin\89barsvc.exe => Process closed successfully.

"C:\PROGRA~1\SAFEPC~2" directory move:

C:\PROGRA~1\SAFEPC~2\bar\Settings\s_pid.dat => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\Message\COMMON.T8S => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\IE9Mesg\COMMON.T8S => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\gen1\COMMON.T8S => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89barsvc.exe => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89bprtct.dll => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89datact.dll => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89dyn.dll => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89feedmg.dll => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89highin.exe => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89hkstub.dll => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89htmlmu.dll => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89httpct.dll => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89idle.dll => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89impipe.exe => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89medint.exe => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89mlbtn.dll => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89msg.dll => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89Plugin.dll => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89radio.dll => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89regfft.dll => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89reghk.dll => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89regiet.dll => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89script.dll => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89skin.dll => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89sknlcr.dll => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89skplay.exe => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89SrchMn.exe => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89tpinst.dll => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89uabtn.dll => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\AppIntegrator64.exe => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\AppIntegratorStub64.dll => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\BOOTSTRAP.JS => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\CHROME.MANIFEST => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\CREXT.DLL => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\CrExtP89.exe => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\DPNMNGR.DLL => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\EXEMANAGER.DLL => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\INSTALL.RDF => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\installKeys.js => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\LOGO.BMP => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\NP89Stub.dll => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\T8EXTEX.DLL => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\T8EXTPEX.DLL => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\T8HTML.DLL => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\T8RES.DLL => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\T8TICKER.DLL => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\VERIFY.DLL => Moved successfully.
C:\PROGRA~1\SAFEPC~2\bar\1.bin\chrome\89ffxtbr.jar => Moved successfully.
Could not move "C:\PROGRA~1\SAFEPC~2" directory. => Scheduled to move on reboot.


"C:\Program Files\pcmax" directory move:

C:\Program Files\pcmax\a.exe => Moved successfully.
C:\Program Files\pcmax\msvcr100.dll => Moved successfully.
C:\Program Files\pcmax\nodown.txt => Moved successfully.
C:\Program Files\pcmax\pcmax.exe => Moved successfully.
Could not move "C:\Program Files\pcmax\service.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\pcmax" directory. => Scheduled to move on reboot.

C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\ProgramData\TEMP => ":B63300D1" ADS removed successfully.
C:\Program Files\002\yewimmxqbs32.exe => Moved successfully.
"C:\Program Files\pcmax\pcmax.exe" => File/Directory not found.
C:\Windows\Tasks\SpeedMaxPc Update3_triggeronce.job => Moved successfully.
C:\Windows\Tasks\TopArcadeHits.job => Moved successfully.
C:\Windows\Tasks\ParetoLogic Update Version3_triggeronce.job => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C82E09C3-63EF-4908-BD2A-D280308FEE37}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C82E09C3-63EF-4908-BD2A-D280308FEE37}' => Key deleted successfully.
C:\Windows\System32\Tasks\SpeedUpPC_LogOn => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpPC_LogOn' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98AAE6F2-C750-478F-9ACD-8FF5564938E5}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98AAE6F2-C750-478F-9ACD-8FF5564938E5}' => Key deleted successfully.
C:\Windows\System32\Tasks\ParetoLogic Update Version3_triggeronce => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Update Version3_triggeronce' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{71D55C2E-D780-4F6B-8364-C2E63586816E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71D55C2E-D780-4F6B-8364-C2E63586816E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyricsSing Update' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A07DF50-099A-4701-84E6-8788ABED83C4}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A07DF50-099A-4701-84E6-8788ABED83C4}' => Key deleted successfully.
C:\Windows\System32\Tasks\SpeedMaxPc Update3_triggeronce => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedMaxPc Update3_triggeronce' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{647DCC63-D0B8-400B-823E-C20E0E6B8ABE}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{647DCC63-D0B8-400B-823E-C20E0E6B8ABE}' => Key deleted successfully.
C:\Windows\System32\Tasks\TopArcadeHits => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TopArcadeHits' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49971736-AF2D-4F50-ABD8-6EBE4A2B8842}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49971736-AF2D-4F50-ABD8-6EBE4A2B8842}' => Key deleted successfully.
C:\Windows\System32\Tasks\At1 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1' => Key deleted successfully.
C:\ProgramData\Fighters => Moved successfully.
C:\Users\Admin\Documents\Blitz Media Player => Moved successfully.
C:\Windows\system32\installd.exe => Moved successfully.
C:\Program Files\rrsavings => Moved successfully.
C:\Program Files\002 => Moved successfully.
C:\ProgramData\BoostSoftware => Moved successfully.
C:\Users\Admin\Documents\PC Speed Maximizer => Moved successfully.
C:\ProgramData\IePluginServices => Moved successfully.
C:\Users\Admin\AppData\Roaming\SupTab => Moved successfully.
C:\Program Files\SupTab => Moved successfully.
C:\awhBAF5.tmp => Moved successfully.
C:\awh3590.tmp => Moved successfully.
C:\ProgramData\Uniblue => Moved successfully.
C:\ProgramData\SpeedMaxPc => Moved successfully.
C:\Users\Admin\AppData\Roaming\SpeedMaxPc => Moved successfully.
C:\Windows\system32\sper.dll => Moved successfully.
C:\Users\Admin\AppData\Roaming\SpeedUpPC => Moved successfully.
C:\Users\Admin\AppData\Roaming\userenv.xml => Moved successfully.
C:\Users\Admin\AppData\Roaming\spotmau => Moved successfully.
C:\ProgramData\2308189059 => Moved successfully.
"C:\Windows\Tasks\SpeedMaxPc Update3_triggeronce.job" => File/Directory not found.
C:\Program Files\Free Window Registry Repair => Moved successfully.
C:\Users\Admin\Desktop\Free Window Registry Repair.lnk => Moved successfully.
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair => Moved successfully.
C:\Users\Admin\AppData\Roaming\Systweak => Moved successfully.
C:\Users\Admin\AppData\Roaming\rightbackup => Moved successfully.
C:\Users\Admin\Downloads\ARO2014.exe => Moved successfully.
C:\ProgramData\TuneUp360 => Moved successfully.
C:\Program Files\sweetpacks bundle uninstaller_CCleaner_1636641 => Moved successfully.
C:\ProgramData\ParetoLogic => Moved successfully.
"C:\Windows\Tasks\ParetoLogic Update Version3_triggeronce.job" => File/Directory not found.
C:\Users\Admin\AppData\Roaming\ParetoLogic => Moved successfully.

"C:\Program Files\pcmax" directory move:

Could not move "C:\Program Files\pcmax\service.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\pcmax" directory. => Scheduled to move on reboot.

C:\Program Files\GUMD92E.tmp => Moved successfully.
C:\Program Files\GUME0CD.tmp => Moved successfully.
C:\Program Files\GUTE0CE.tmp => Moved successfully.
C:\Program Files\Linkey => Moved successfully.
C:\Users\Admin\AppData\Roaming\Settings Manager => Moved successfully.
C:\Windows\system32\icrav03.rat => Moved successfully.
C:\Windows\system32\ticrf.rat => Moved successfully.
yewimmxqbs32 => Service deleted successfully.
SafePCRepair_89Service => Service deleted successfully.
pcmaxservice => Service deleted successfully.
ioloService => Service deleted successfully.
IePluginServices => Service deleted successfully.
DefaultTabUpdate => Service deleted successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\searchplugins\default-search.xml => Moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\searchplugins\Web Search.xml => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\v9.xml => Moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} => Moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\Extensions\[email protected] => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => value deleted successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\extensions\[email protected] => not found.
'HKLM\Software\MozillaPlugins\@SafePCRepair_89.com/Plugin' => Key deleted successfully.
C:\Program Files\SafePCRepair_89\bar\1.bin\NP89Stub.dll not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1} => value deleted successfully.
'HKCR\CLSID\{a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1}' => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A9D9EA68-5D09-43EF-A0C5-6F6A6F82A0E1} => value deleted successfully.
'HKCR\CLSID\{A9D9EA68-5D09-43EF-A0C5-6F6A6F82A0E1}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
'HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}' => Key deleted successfully.
'HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}' => Key deleted successfully.
'HKCR\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d13bf91-ea09-4ed8-9acd-c6bad32617b9}' => Key deleted successfully.
'HKCR\CLSID\{5d13bf91-ea09-4ed8-9acd-c6bad32617b9}' => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B33F6A4E-9E23-419D-BA85-31F4D9B317DE}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{B33F6A4E-9E23-419D-BA85-31F4D9B317DE}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}' => Key deleted successfully.
'HKCR\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}'=> Key not found.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
"C:\PROGRA~1\SupTab\SEARCH~1.DLL" => Value Data removed successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe' => Key deleted successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-29 08:48:05)<=

C:\PROGRA~1\SAFEPC~2 => Is moved successfully.
C:\Program Files\pcmax\service.exe => Is moved successfully.
C:\Program Files\pcmax => Is moved successfully.
C:\Program Files\pcmax\service.exe => Is moved successfully.
C:\Program Files\pcmax => Is moved successfully.

==== End of Fixlog ====

 

Here is the AdwCleaner.txt:

# AdwCleaner v3.213 - Report created 29/06/2014 at 09:09:56
# Updated 23/06/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Admin - ADMIN-PC
# Running from : C:\Users\Admin\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\speedypc software
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\SafePCRepair
Folder Deleted : C:\Program Files\speedypc software
Folder Deleted : C:\Users\Admin\AppData\Local\iac
Folder Deleted : C:\Users\Admin\AppData\Local\PackageAware
Folder Deleted : C:\Users\Admin\AppData\Local\SafePCRepair_89
Folder Deleted : C:\Users\Admin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Admin\AppData\LocalLow\iac
Folder Deleted : C:\Users\Admin\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Admin\AppData\LocalLow\SafePCRepair_89
Folder Deleted : C:\Users\Admin\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Admin\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Admin\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Admin\AppData\Roaming\speedypc software
Folder Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\VideoDownloadConverter_4z
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Admin\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3291325
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3314312
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3719959C-1CCD-4FA7-8EBB-7D9DED86FCCB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{37923200-6887-4B44-95D4-CAE8F83ECFEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\SpeedMaxPC
Key Deleted : HKCU\Software\speedypc software
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Rr Savings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\LevelQualityWatcher
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\RrSavings
Key Deleted : HKLM\Software\SpeedMaxPC
Key Deleted : HKLM\Software\speedypc software
Key Deleted : HKLM\Software\SupDp
Key Deleted : HKLM\Software\SupTab
Key Deleted : HKLM\Software\SystemK
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\Software\Wpm
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16555

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default\prefs.js ]

Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");

*************************

AdwCleaner[R0].txt - [9849 octets] - [29/06/2014 09:04:16]
AdwCleaner[S0].txt - [9413 octets] - [29/06/2014 09:09:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9473 octets] ##########
 


  • 0

#6
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi lwt_intl,

That looks good. Let's see what else remains. :)
  • Step 1

    Download 'Junkware Removal Tool by thisisu' and save it to your desktop.
    • Ensure all programs and windows are closed before proceeding.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Download 'Farbar Recovery Scan Tool by Farbar' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • The program will initialize. Press Yes to accept the disclaimer.

      5mgxgF3.png

    • Press the Scan button.
    • It will produce a log (FRST.txt) on your desktop once done. Additionally, Addition.txt would be included if this is your first time running it.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log(s) in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • Addition.txt (Farbar Recovery Scan Tool)
    • FRST.txt (Farbar Recovery Scan Tool)
    • JRT.txt (Junkware Removal Tool)

  • 0

#7
lwt_intl

lwt_intl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Thank you for all of your help!  Here is the additional.txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:28-06-2014 02
Ran by Admin at 2014-06-30 07:12:47
Running from C:\Users\Admin\Desktop\FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\{C4B32291-F7B2-4BEC-BA4D-4195676A08CC}) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DVD Play (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 2.4.4818 - Hewlett-Packard)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4323.13 - PC-Doctor, Inc.)
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 1.00.0000 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 1.00.0000 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.00.0000 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP On-Screen Caps/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IHA_MessageCenter (HKLM\...\{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}) (Version: 1.8.17 - Verizon)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Isle Wars Pro 2.0 (HKLM\...\Isle Wars Pro Game_is1) (Version:  - Soleau Software, Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 5 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (Version: 2.8.05.13 - Oracle, Inc.) Hidden
Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 6.5.0.17883 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.10.21853 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKCU\...\Juniper_Term_Services) (Version: 7.1.12.21827 - Juniper Networks)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LightScribe  1.4.136.1 (Version: 1.4.136.1 - http://www.lightscribe.com) Hidden
LiveUpdate (Symantec Corporation) (HKLM\...\PsuedoLiveUpdate) (Version: 3.5.0.64 - Symantec Corporation)
LiveUpdate (Symantec Corporation) (Version: 3.5.0.64 - Symantec Corporation) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Move Networks Media Player for Internet Explorer (HKCU\...\Move Networks Player - IE) (Version:  - )
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent hpdesktop Master Uninstall) (Version: HPCMPQ1601 - WildTangent)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PyScripter 2.5.3 (HKLM\...\PyScripter_is1) (Version: 2.5.3 - PyScripter)
Python 2.4.3 (HKLM\...\{75E71ADD-042C-4F30-BFAC-A9EC42351313}) (Version: 2.4.3150 - Martin v. Löwis)
Python 2.7 xlrd-0.7.9 (HKCU\...\xlrd-py2.7) (Version:  - )
Python 2.7.3 (HKLM\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Redist (HKLM\...\{0F052922-4BCE-4763-A540-00857554336D}) (Version: 3.00.0000 - Verizon)
Rhapsody (HKLM\...\Rhapsody) (Version:  - )
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}) (Version: 9.0.095 - Roxio, Inc.)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
soapUI 4.5.1 4.5.1 (HKLM\...\5517-2803-0637-4585) (Version: 4.5.1 - SmartBear Software)
TopArcadeHits (HKCU\...\{C1C3E833-420E-4D78-9BA7-86AEBB272384}) (Version:  - TopArcadeHits)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Verizon Activation (HKLM\...\{92125850-CE9E-405F-8DC7-774DC36AE76C}_is1) (Version:  - Verizon)
Verizon Media Manager (HKLM\...\Verizon Media Manager) (Version: 9.4.94 - Verizon)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.59.0 - Verizon)
Webroot Software (HKLM\...\Webroot Software) (Version: 7.0.4.102 - Webroot Software, Inc.)
Webroot Software (Version: 7.0.4.102 - Webroot Software, Inc.) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

17-06-2014 19:34:15 Windows Update
17-06-2014 22:45:21 Removed Driver Support.
18-06-2014 00:59:02 Removed Driver Support.
18-06-2014 23:29:18 Removed Muvic Smartbar
20-06-2014 17:35:55 ARO 2013 - Before Installation
20-06-2014 17:37:48 ARO 2014 - FIRST RUN
20-06-2014 17:49:24 ARO 2014 Fri, Jun 20, 14  13:49
20-06-2014 20:19:40 ARO 2013 - Before Installation
20-06-2014 20:21:09 ARO 2014 - FIRST RUN
20-06-2014 20:24:03 ARO 2014 Fri, Jun 20, 14  16:24
20-06-2014 20:38:47 Windows Update
20-06-2014 21:02:48 ARO 2014 Fri, Jun 20, 14  17:02
21-06-2014 13:56:18 ARO 2013 - Before Installation
21-06-2014 13:58:28 ARO 2014 - FIRST RUN
21-06-2014 14:00:38 ARO 2014 Sat, Jun 21, 14  10:00
21-06-2014 14:19:49 Windows Update
21-06-2014 21:35:50 Installed Microsoft Fix it 50778
21-06-2014 21:37:24 Installed Microsoft Fix it 50778
22-06-2014 12:24:32 Windows Modules Installer
22-06-2014 12:44:24 Installed Microsoft Fix it 50778
22-06-2014 20:02:06 Windows Update
22-06-2014 20:47:41 Windows Modules Installer
24-06-2014 13:11:54 Windows Modules Installer
26-06-2014 21:23:38 Installed Java 8 Update 5
26-06-2014 22:53:43 Installed Microsoft Fix it 50778
27-06-2014 12:32:03 Windows Update

==================== Hosts content: ==========================

2006-11-02 06:23 - 2014-06-27 06:51 - 00450689 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {419A1959-ECBB-456B-B9E7-9E572AB954FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-26] (Adobe Systems Incorporated)
Task: {41A1D252-240A-487B-AAC3-D8EAF3289F01} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {5334C5DB-773E-4A94-98A9-5D8CC94B2E8A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1952994113-3900846881-1584432544-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {6A7583FE-6092-43DC-BB72-DFA04BE72201} - System32\Tasks\HP online update program => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2011-10-28] (Hewlett-Packard)
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {9AB88391-245D-46E4-BBCE-86D3E35C3330} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1952994113-3900846881-1584432544-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {9F3D9720-21B6-4A77-941C-F6C21CA2E7DA} - System32\Tasks\Microsoft\Windows\RestartManager\{15BEA94A-320A-4d42-9B61-5FB967A9FBE8} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {A33B05AB-A061-4150-ABC7-3B4C67861DA7} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {A5F722A4-051D-4F02-8A5A-9B37BC9433B2} - System32\Tasks\InstallShield Software online update program => C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-02-16] (InstallShield Software Corporation)
Task: {BB0CAA25-07DF-4F8A-BA56-428C304C0F31} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {BDD38020-19C2-4B76-B619-0E3EFD5C2150} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {C6E24925-7FC2-4F63-9F40-2F5FA9675D2D} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-03-18] (Oracle Corporation)
Task: {DB06B8CE-0624-4A2E-9DC5-EF32669DAB2A} - System32\Tasks\Real Player online update program => C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Task: {DF492869-C848-4132-8B27-D1D19D2674E1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {EC5F1A1F-1AD2-4B1A-B195-70ABC57350BB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {F5B4A899-DDD3-4574-B8EC-0C5405866F4F} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-06-19 18:09 - 2014-06-19 18:09 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRConsumerService => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: ccApp => "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
MSCONFIG\startupreg: pcreg => C:\Program Files\pcmax\service.exe
MSCONFIG\startupreg: SafePCRepair Search Scope Monitor => "C:\PROGRA~1\SAFEPC~2\bar\1.bin\89srchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: Windows Defender => C:\Program Files\Windows Defender\MSASCui.exe -hide

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-06-30 06:31:04.571
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-29 11:44:08.839
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-29 09:19:45.964
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-29 08:46:15.994
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-29 08:38:13.395
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-29 08:00:08.699
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-29 07:44:33.671
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-28 06:12:17.733
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-27 08:47:25.691
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-27 06:32:28.035
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 87%
Total physical RAM: 1014.64 MB
Available physical RAM: 125.29 MB
Total Pagefile: 2291.6 MB
Available Pagefile: 1165.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.08 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:141.96 GB) (Free:90.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:7.09 GB) (Free:0.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP OJ8600) (CDROM) (Total:0.6 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=142 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Here is the frst.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by Admin (administrator) on ADMIN-PC on 30-06-2014 07:11:36
Running from C:\Users\Admin\Desktop\FRST
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\WINDOWS\System32\audiodg.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [155648 2006-11-20] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [DPService] => C:\Program Files\HP\DVDPlay\DPService.exe [90112 2007-12-18] (CyberLink Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-06-26] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44136 2006-11-24] (soft thinks)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1952994113-3900846881-1584432544-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-1952994113-3900846881-1584432544-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1952994113-3900846881-1584432544-1000\...\MountPoints2: {bed45704-be43-11dd-b634-806e6f6e6963} - E:\Setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
BHO: Yahooo Search Protection - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-26]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-26]

========================== Services (Whitelisted) =================

S2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2007-08-06] (Symantec Corporation)
U2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2007-08-06] (Symantec Corporation)
S2 CLTNetCnService; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2007-08-06] (Symantec Corporation)
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [358984 2014-05-21] (Verizon)
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 Automatic LiveUpdate Scheduler; No ImagePath
S2 Lavasoft Ad-Aware Service; No ImagePath
S3 LiveUpdate; No ImagePath
S2 SmcService; No ImagePath
S3 SNAC; No ImagePath
S2 Symantec AntiVirus; No ImagePath
S2 WRConsumerService; No ImagePath

==================== Drivers (Whitelisted) ====================

S3 COH_Mon; C:\Windows\system32\Drivers\COH_Mon.sys [23888 2008-07-30] (Symantec Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-07-21] (GFI Software)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-08-12] (Lavasoft AB)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 SBRE; C:\Windows\system32\drivers\SBREDrv.sys [95024 2010-09-22] (Sunbelt Software)
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [418864 2007-07-31] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [250416 2007-08-14] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [277040 2007-08-14] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [25136 2007-08-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [136496 2010-08-26] (Symantec Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [27576 2007-01-09] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [191544 2007-01-09] (Symantec Corporation)
R1 SysPlant; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [87424 2007-09-07] (Symantec Corporation) [File not signed]
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [49024 2007-08-06] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [39808 2007-09-07] (Symantec Corporation)
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [161920 2010-06-02] (Symantec Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100921.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100921.003\NAVEX15.SYS [X]
S1 netfilter; system32\drivers\netfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 vsdatant; a [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-30 07:10 - 2014-06-30 07:10 - 01073664 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2014-06-30 07:08 - 2014-06-30 07:08 - 00001558 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-06-30 06:55 - 2014-06-30 06:55 - 00000000 ____D () C:\Windows\ERUNT
2014-06-30 06:54 - 2014-06-30 06:54 - 01016261 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-06-29 09:45 - 2014-06-29 09:47 - 00000000 ____D () C:\Users\Admin\Desktop\AntiVirus
2014-06-29 09:03 - 2014-06-29 09:11 - 00000000 ____D () C:\AdwCleaner
2014-06-29 08:58 - 2014-06-29 08:58 - 01342659 _____ () C:\Users\Admin\Downloads\AdwCleaner.exe
2014-06-27 08:37 - 2014-06-27 08:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-27 08:37 - 2014-06-27 08:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-27 08:37 - 2014-06-27 08:37 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-27 08:37 - 2014-06-27 08:37 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-06-27 08:37 - 2014-06-27 08:37 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-06-27 08:36 - 2014-06-27 08:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-27 08:36 - 2014-06-27 08:36 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-27 08:36 - 2014-06-27 08:36 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-06-27 08:36 - 2014-06-27 08:36 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00353584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-06-27 08:36 - 2014-06-27 08:36 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-26 18:52 - 2014-06-26 18:52 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\RealNetworks
2014-06-26 17:32 - 2014-06-26 17:32 - 00001075 _____ () C:\Users\Public\Desktop\RealPlayer.lnk
2014-06-26 17:32 - 2014-06-26 17:32 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-06-26 17:32 - 2014-06-26 17:32 - 00000000 ____D () C:\Program Files\RealNetworks
2014-06-26 17:31 - 2014-06-26 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-06-26 17:31 - 2014-06-26 17:31 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\system32\rmoc3260.dll
2014-06-26 17:31 - 2014-06-26 17:31 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5016.dll
2014-06-26 17:31 - 2014-06-26 17:31 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5032.dll
2014-06-26 17:31 - 2014-06-26 17:31 - 00000000 ____D () C:\Program Files\Common Files\xing shared
2014-06-26 17:29 - 2014-06-26 18:52 - 00000000 ____D () C:\ProgramData\Real
2014-06-26 17:27 - 2014-06-26 17:27 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-26 17:26 - 2014-06-26 17:24 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-26 17:25 - 2014-06-26 17:24 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-26 17:25 - 2014-06-26 17:24 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-26 14:52 - 2014-06-29 08:37 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-26 14:43 - 2014-06-26 14:43 - 00001790 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-06-26 14:43 - 2014-06-26 14:43 - 00001760 _____ () C:\Users\Admin\Desktop\Update Checker.lnk
2014-06-26 14:43 - 2014-06-26 14:43 - 00000000 ____D () C:\Program Files\FileHippo.com
2014-06-26 14:41 - 2014-06-26 14:41 - 00000856 _____ () C:\Users\Admin\Desktop\psi.exe - Shortcut.lnk
2014-06-26 14:27 - 2014-06-26 14:28 - 00000411 _____ () C:\Windows\SecuniaPackage.log
2014-06-26 14:13 - 2014-06-26 14:13 - 00000868 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-06-26 14:13 - 2014-06-26 14:13 - 00000000 ____D () C:\Program Files\Secunia
2014-06-24 12:03 - 2014-06-30 07:11 - 00000000 ____D () C:\FRST
2014-06-24 12:02 - 2014-06-30 07:11 - 00000000 ____D () C:\Users\Admin\Desktop\FRST
2014-06-24 09:03 - 2014-06-24 09:03 - 02077392 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\IE11-Windows6.1.exe
2014-06-24 07:15 - 2014-06-29 09:19 - 00006776 _____ () C:\Windows\PFRO.log
2014-06-24 07:13 - 2014-06-24 07:13 - 00000000 ____D () C:\Users\Admin\AppData\Local\Apps\2.0
2014-06-22 16:02 - 2014-06-27 08:37 - 00008650 _____ () C:\Windows\IE9_main.log
2014-06-22 13:35 - 2014-06-30 06:49 - 00301266 _____ () C:\Windows\WindowsUpdate.log
2014-06-22 13:17 - 2014-06-26 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-22 13:17 - 2014-06-26 17:09 - 00000810 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-22 13:17 - 2014-06-26 17:09 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-22 08:44 - 2014-06-24 11:36 - 00000000 ____D () C:\Users\Admin\Downloads\MS
2014-06-21 18:53 - 2014-06-21 18:53 - 00000000 ____D () C:\Users\Admin\Desktop\ProcessExplorer
2014-06-21 10:20 - 2012-08-09 10:48 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll
2014-06-21 10:20 - 2012-08-09 10:47 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
2014-06-21 10:20 - 2012-08-09 10:47 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
2014-06-21 10:20 - 2012-08-09 09:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2014-06-19 18:09 - 2014-06-19 18:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-17 18:44 - 2014-06-24 13:56 - 00000000 ____D () C:\temp
2014-06-11 07:25 - 2014-04-26 12:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 07:25 - 2014-04-04 22:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 07:25 - 2014-03-09 21:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 07:25 - 2014-03-09 21:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

==================== One Month Modified Files and Folders =======

2014-06-30 07:11 - 2014-06-24 12:03 - 00000000 ____D () C:\FRST
2014-06-30 07:11 - 2014-06-24 12:02 - 00000000 ____D () C:\Users\Admin\Desktop\FRST
2014-06-30 07:10 - 2014-06-30 07:10 - 01073664 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2014-06-30 07:08 - 2014-06-30 07:08 - 00001558 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-06-30 06:55 - 2014-06-30 06:55 - 00000000 ____D () C:\Windows\ERUNT
2014-06-30 06:54 - 2014-06-30 06:54 - 01016261 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-06-30 06:52 - 2013-10-12 08:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-30 06:49 - 2014-06-22 13:35 - 00301266 _____ () C:\Windows\WindowsUpdate.log
2014-06-30 06:32 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-30 06:31 - 2006-11-02 08:45 - 00003680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-30 06:31 - 2006-11-02 08:45 - 00003680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-29 12:25 - 2006-11-02 08:58 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-29 12:08 - 2011-05-08 10:50 - 00000000 ____D () C:\Users\Admin\Documents\Wine
2014-06-29 10:06 - 2011-12-09 18:07 - 00594432 _____ () C:\Users\Admin\Documents\DomResStock.xls
2014-06-29 09:47 - 2014-06-29 09:45 - 00000000 ____D () C:\Users\Admin\Desktop\AntiVirus
2014-06-29 09:19 - 2014-06-24 07:15 - 00006776 _____ () C:\Windows\PFRO.log
2014-06-29 09:11 - 2014-06-29 09:03 - 00000000 ____D () C:\AdwCleaner
2014-06-29 08:58 - 2014-06-29 08:58 - 01342659 _____ () C:\Users\Admin\Downloads\AdwCleaner.exe
2014-06-29 08:37 - 2014-06-26 14:52 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-29 08:37 - 2010-09-24 20:11 - 00389716 _____ () C:\aaw7boot.log
2014-06-29 08:20 - 2013-07-21 19:19 - 00001481 _____ () C:\Windows\wininit.ini
2014-06-29 08:19 - 2010-10-23 07:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-28 09:41 - 2012-07-08 19:16 - 00027136 _____ () C:\Users\Admin\Documents\DomResStock_Other.xls
2014-06-27 11:43 - 2008-12-19 16:49 - 00000000 ____D () C:\Windows\Minidump
2014-06-27 09:53 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-06-27 08:41 - 2006-11-02 07:18 - 00000000 ___RD () C:\Windows\Offline Web Pages
2014-06-27 08:37 - 2014-06-27 08:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-27 08:37 - 2014-06-27 08:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-27 08:37 - 2014-06-27 08:37 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-27 08:37 - 2014-06-27 08:37 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-06-27 08:37 - 2014-06-27 08:37 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-27 08:37 - 2014-06-22 16:02 - 00008650 _____ () C:\Windows\IE9_main.log
2014-06-27 08:36 - 2014-06-27 08:36 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-06-27 08:36 - 2014-06-27 08:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-27 08:36 - 2014-06-27 08:36 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-27 08:36 - 2014-06-27 08:36 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-06-27 08:36 - 2014-06-27 08:36 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00353584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-06-27 08:36 - 2014-06-27 08:36 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-26 18:52 - 2014-06-26 18:52 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\RealNetworks
2014-06-26 18:52 - 2014-06-26 17:29 - 00000000 ____D () C:\ProgramData\Real
2014-06-26 17:32 - 2014-06-26 17:32 - 00001075 _____ () C:\Users\Public\Desktop\RealPlayer.lnk
2014-06-26 17:32 - 2014-06-26 17:32 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-06-26 17:32 - 2014-06-26 17:32 - 00000000 ____D () C:\Program Files\RealNetworks
2014-06-26 17:32 - 2014-06-26 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-06-26 17:32 - 2009-10-05 16:32 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Real
2014-06-26 17:31 - 2014-06-26 17:31 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\system32\rmoc3260.dll
2014-06-26 17:31 - 2014-06-26 17:31 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5016.dll
2014-06-26 17:31 - 2014-06-26 17:31 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5032.dll
2014-06-26 17:31 - 2014-06-26 17:31 - 00000000 ____D () C:\Program Files\Common Files\xing shared
2014-06-26 17:31 - 2007-02-09 11:18 - 00272896 _____ (Progressive Networks) C:\Windows\system32\pncrt.dll
2014-06-26 17:31 - 2007-02-09 11:18 - 00000000 ____D () C:\Program Files\Common Files\Real
2014-06-26 17:31 - 2007-02-09 11:17 - 00000000 ____D () C:\Program Files\Real
2014-06-26 17:27 - 2014-06-26 17:27 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-26 17:26 - 2013-11-10 11:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-26 17:24 - 2014-06-26 17:26 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-26 17:24 - 2014-06-26 17:25 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-26 17:24 - 2014-06-26 17:25 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-26 17:24 - 2014-04-22 07:41 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-26 17:24 - 2013-03-10 14:24 - 00000000 ____D () C:\Program Files\Java
2014-06-26 17:10 - 2014-06-22 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-26 17:09 - 2014-06-22 13:17 - 00000810 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-26 17:09 - 2014-06-22 13:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-26 14:51 - 2010-10-23 07:17 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-06-26 14:43 - 2014-06-26 14:43 - 00001790 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-06-26 14:43 - 2014-06-26 14:43 - 00001760 _____ () C:\Users\Admin\Desktop\Update Checker.lnk
2014-06-26 14:43 - 2014-06-26 14:43 - 00000000 ____D () C:\Program Files\FileHippo.com
2014-06-26 14:41 - 2014-06-26 14:41 - 00000856 _____ () C:\Users\Admin\Desktop\psi.exe - Shortcut.lnk
2014-06-26 14:39 - 2007-02-09 11:39 - 00000000 ____D () C:\Program Files\Yahoo!
2014-06-26 14:28 - 2014-06-26 14:27 - 00000411 _____ () C:\Windows\SecuniaPackage.log
2014-06-26 14:28 - 2013-10-12 08:08 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-26 14:28 - 2013-10-12 08:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-26 14:13 - 2014-06-26 14:13 - 00000868 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-06-26 14:13 - 2014-06-26 14:13 - 00000000 ____D () C:\Program Files\Secunia
2014-06-24 13:56 - 2014-06-17 18:44 - 00000000 ____D () C:\temp
2014-06-24 11:36 - 2014-06-22 08:44 - 00000000 ____D () C:\Users\Admin\Downloads\MS
2014-06-24 09:03 - 2014-06-24 09:03 - 02077392 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\IE11-Windows6.1.exe
2014-06-24 08:36 - 2010-09-06 08:24 - 00000000 ____D () C:\Program Files\Google
2014-06-24 07:13 - 2014-06-24 07:13 - 00000000 ____D () C:\Users\Admin\AppData\Local\Apps\2.0
2014-06-24 06:39 - 2010-09-06 12:31 - 00000000 ____D () C:\ProgramData\Google
2014-06-23 16:18 - 2013-08-23 04:48 - 00000940 _____ () C:\Users\Public\Desktop\Vz  In-Home Agent.lnk
2014-06-23 16:17 - 2014-03-16 14:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\HpUpdate
2014-06-22 16:14 - 2007-02-09 10:48 - 00000000 ____D () C:\Windows\Panther
2014-06-21 18:53 - 2014-06-21 18:53 - 00000000 ____D () C:\Users\Admin\Desktop\ProcessExplorer
2014-06-19 19:49 - 2014-02-02 11:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-19 19:34 - 2013-07-18 20:11 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-19 19:15 - 2013-02-17 13:45 - 00000000 ____D () C:\Users\Admin\Desktop\JT
2014-06-19 19:15 - 2013-01-06 15:37 - 00000000 ____D () C:\Users\Admin\Desktop\Dani
2014-06-19 18:09 - 2014-06-19 18:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-19 17:48 - 2014-02-17 16:36 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-06-17 21:02 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-16 08:05 - 2013-04-04 19:04 - 00000000 ____D () C:\Users\Admin\Desktop\lwt
2014-06-11 08:07 - 2013-07-11 18:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 07:29 - 2006-11-02 06:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-30 06:56

==================== End Of Log ============================

 

Here is the JRT.txt:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista ™ Home Basic x86
Ran by Admin on Mon 06/30/2014 at  6:55:43.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricsing
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sparktrust



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\sparktrust"
Successfully deleted: [Folder] "C:\Users\Admin\Local Settings\Application Data\toparcadehits"
Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\microsoft\windows\start menu\programs\toparcadehits"
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{253319D6-7585-410C-B4B4-B767334A79B5}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{30D2E7B3-13ED-4192-87CF-626FE76BB9B5}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{5B01E452-F6DC-40A5-A371-D3FC84D5DEC3}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/30/2014 at  7:08:13.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#8
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi lwt_intl,

Your logs seem promising. :thumbsup: Please address a few questions I have for you:
  • Did you install any variant of Norton's or Symantec's anti-virus at one point? If so, when did you uninstall it?
  • I'd like to ask the same question for Ad-Aware.
  • Did you knowingly install RealDownloader or any product form RealNetworks?
Feel free to proceed to the below after you address the above. :)
  • Step 1

    Upon careful inspection, your log indicates that the program(s) listed below is installed on your computer. I would like to request for the removal of the program(s) as it is associated with malware, adware or spyware. Please proceed to uninstalling by going to Control Panel (Windows XP) or Programs and Features (Windows Vista or Windows 7). If Windows says it cannot locate the program(s) and that it prompts for it to be removed from the list instead, do so by allowing it.
    • TopArcadeHits
    Inform me if you encounter problems in the removal process.
  • Step 2

    Download the free version of 'Malwarebytes Anti-Malware by Malwarebytes Corporation' and save it to your desktop.
    • Double-click mbam-setup-*.exe and proceed to installing the program.
      • Accept the License Agreement.
      • At the end, ensure a check mark is only placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
    • Once the program has loaded, navigate to the Settings tab and select Detection and Protection.
      • Tick the Scan For Rootkits box.
    • Go back to the Dashboard and select Update Now. Click Scan Now after.
      • Updates can sometimes still be present. Be sure to select Update Now again if you are prompted.
      • Once the scan is complete, click Apply Actions.
      • If you are prompted to reboot, allow it by pressing Yes.
    • Navigate to the program's History tab to retrieve the log.
      • Click Application Logs and double-click on the most recent Scan Log.
      • Export the log to your desktop as a .TXT file.
      • You can also choose to directly copy the log by selecting Copy to Clipboard.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Download 'SecurityCheck by screen317' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up after once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
    Note: If you get an error about an unsupported operating system, please reboot your computer and try again.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • checkup.txt (SecurityCheck)
    • mbam-log-*.txt (Malwarebytes Anti-Malware)

  • 0

#9
lwt_intl

lwt_intl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Here are my answers.  Oh, one thing I am noticing, the svchost.exe problem is eating up loads of memory and disk access.  I turned off Microsoft Update to help alleviate the issue.  Also, firefox is averaging close to 167000K of memory.

 

    Did you install any variant of Norton's or Symantec's anti-virus at one point? If so, when did you uninstall it?
Yes, probably 5-7 years ago.  This is just a guess.
    I'd like to ask the same question for Ad-Aware.
Yes, probably 5-7 years ago it was uninstalled.  This is just a guess.
    Did you knowingly install RealDownloader or any product form RealNetworks?
I may have, but I am not sure?

Feel free to proceed to the below after you address the above. :)

    Step 1

    Upon careful inspection, your log indicates that the program(s) listed below is installed on your computer. I would like to request for the removal of the program(s) as it is associated with malware, adware or spyware. Please proceed to uninstalling by going to Control Panel (Windows XP) or Programs and Features (Windows Vista or Windows 7). If Windows says it cannot locate the program(s) and that it prompts for it to be removed from the list instead, do so by allowing it.
        TopArcadeHits
    Inform me if you encounter problems in the removal process.
I tried to uninstall it, but got an error claiming it could not be uninstalled.

 

Here are the logs.  I hope this one is right.  I had several malware things, which I cleaned up.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/1/2014
Scan Time: 4:43:47 PM
Logfile: mbam-log-01.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.01.07
Rootkit Database: v2014.07.01.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320718
Time Elapsed: 15 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 6
PUP.Optional.DefaultTab.A, C:\Users\Admin\AppData\Local\Temp\installdt.tmp, Quarantined, [6aeda0fa7803d66087d85a970af933cd],
PUP.Optional.DefaultTab.A, C:\Users\Admin\AppData\Local\Temp\installdt.tmp\XPI, Quarantined, [6aeda0fa7803d66087d85a970af933cd],
PUP.Optional.DefaultTab.A, C:\Users\Admin\AppData\Local\Temp\installdt.tmp\XPI\defaulttab, Quarantined, [6aeda0fa7803d66087d85a970af933cd],
PUP.Optional.DefaultTab.A, C:\Users\Admin\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\components, Quarantined, [6aeda0fa7803d66087d85a970af933cd],
PUP.Optional.DefaultTab.A, C:\Users\Admin\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale, Quarantined, [6aeda0fa7803d66087d85a970af933cd],
PUP.Optional.DefaultTab.A, C:\Users\Admin\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale\en-US, Quarantined, [6aeda0fa7803d66087d85a970af933cd],

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Here is the other log:

 Results of screen317's Security Check version 0.99.85  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Secunia PSI (3.0.0.9016)   
 CCleaner     
 Java 7 Update 55  
 Java 8 Update 5  
 Java version out of Date!
 Adobe Flash Player     14.0.0.125  
 Adobe Reader XI  
 Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbam.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


(end)


  • 0

#10
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi lwt_intl,

I am currently discussing a few things with our experts. I will post the next set of instructions after. :)
 

Oh, one thing I am noticing, the svchost.exe problem is eating up loads of memory and disk access.


That is normal--the one that uses up the most memory is most likely the one that handles Windows Aero. I checked the validity of your copy and it is legitimate.
 

I turned off Microsoft Update to help alleviate the issue.


It wouldn't remove the said resource hog (as that would be the process that is dealing with your graphics), but what it would do is to leave your system vulnerable. Please turn it back on. You can set it to install as per your approval. Our issue here is the amount of RAM you currently have. 1.00 GB isn't quite sufficient these days.
 

Also, firefox is averaging close to 167000K of memory.


Mine uses about the same. What you can do is to switch to another browser, or remove unnecessary add-ons to make it use less resources.
 

Yes, probably 5-7 years ago.  This is just a guess.

Yes, probably 5-7 years ago it was uninstalled.  This is just a guess.

I may have, but I am not sure?


I see. Let's remove their remnants, then.
 

Here are the logs. I hope this one is right. I had several malware things, which I cleaned up.


Done perfectly. :thumbsup:
  • 0

Advertisements


#11
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi lwt_intl,

Thank you for your patience. It may seem you have quite a lot to do today, but they finish relatively quick. :) Just to clarify the rationale behind the 4th step, note that I am asking you to enable entries (which no longer exist) so that they may reflect in the logs for complete removal.
  • Step 1

    Upon careful inspection, your log indicates that the program(s) listed below is installed on your computer. I would like to request for the removal of the program(s) as your computer needs all the resources it can get. These programs are legitimate, but are not necessary to keep. Removing them is optional. If you agree, please proceed to uninstalling by going to Control Panel (Windows XP) or Programs and Features (Windows Vista or Windows 7).
    • RealPlayer
    • Secunia
    • Update Checker
    Inform me if you encounter problems in the removal process.
  • Step 2

    You currently have the following outdated program(s) installed. I highly recommend that you perform an update. You will find the download link(s) for the new version(s) below.
    • Java Runtime Environment -- Update
    Uninstall the previous version(s) before installing the updated one(s). If you run into any errors, let me know.
  • Step 3

    Download 'Norton Removal Tool by Symantec Corporation' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Follow the on-screen instructions.
    • Reboot your computer.
    • You may safely disregard the on-screen instructions this time, as they will simply guide you into re-installing the product.
  • Step 4

    Open System Configuration by following the steps below.
    • Press the Windows and R buttons together. The Run prompt should appear.
    • Type in msconfig and press OK.
    • Navigate to the Startup tab > Enable All > Apply > OK.
    • You will be prompted to restart. Allow it by choosing Restart.
  • Step 5

    Download 'Farbar Recovery Scan Tool by Farbar' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • The program will initialize. Press Yes to accept the disclaimer.

      5mgxgF3.png

    • Press the Scan button.
    • It will produce a log (FRST.txt) on your desktop once done. Additionally, Addition.txt would be included if this is your first time running it.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log(s) in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • Addition.txt (Farbar Recovery Scan Tool)
    • FRST.txt (Farbar Recovery Scan Tool)

  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#13
lwt_intl

lwt_intl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Sorry for the delay.  Here are the txt files:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-07-2014
Ran by Admin (administrator) on ADMIN-PC on 10-07-2014 10:23:12
Running from C:\Users\Admin\Desktop\FRST
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\WINDOWS\System32\audiodg.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
() C:\hp\KBD\KbdStub.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [155648 2006-11-20] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [DPService] => C:\Program Files\HP\DVDPlay\DPService.exe [90112 2007-12-18] (CyberLink Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [SafePCRepair Search Scope Monitor] => "C:\PROGRA~1\SAFEPC~2\bar\1.bin\89srchmn.exe" /m=2 /w /h
HKLM\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe
HKLM\...\Run: [ccApp] => "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44136 2006-11-24] (soft thinks)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1952994113-3900846881-1584432544-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-1952994113-3900846881-1584432544-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1952994113-3900846881-1584432544-1000\...\MountPoints2: {bed45704-be43-11dd-b634-806e6f6e6963} - E:\Setup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
BHO: Yahooo Search Protection - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qerue.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

========================== Services (Whitelisted) =================

S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [358984 2014-05-21] (Verizon)
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]
S2 Lavasoft Ad-Aware Service; No ImagePath
S2 SmcService; No ImagePath
S3 SNAC; No ImagePath
S2 Symantec AntiVirus; No ImagePath
S2 WRConsumerService; No ImagePath

==================== Drivers (Whitelisted) ====================

R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-07-21] (GFI Software)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-08-12] (Lavasoft AB)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 SBRE; C:\Windows\system32\drivers\SBREDrv.sys [95024 2010-09-22] (Sunbelt Software)
R1 SysPlant; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [87424 2007-09-07] (Symantec Corporation) [File not signed]
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [49024 2007-08-06] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [39808 2007-09-07] (Symantec Corporation)
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [161920 2010-06-02] (Symantec Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S1 netfilter; system32\drivers\netfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 vsdatant; a [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-10 10:08 - 2014-07-10 10:08 - 00869456 _____ () C:\Users\Admin\Downloads\Norton_Removal_Tool.exe
2014-07-10 10:05 - 2014-07-10 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-10 10:05 - 2014-07-10 10:05 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-10 10:05 - 2014-07-10 10:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-10 10:05 - 2014-07-10 10:04 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-10 10:05 - 2014-07-10 10:04 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-10 10:05 - 2014-07-10 10:04 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-09 16:42 - 2014-06-06 19:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 16:42 - 2014-06-06 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 16:42 - 2014-06-06 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 16:42 - 2014-06-06 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 16:42 - 2014-06-06 18:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 16:42 - 2014-06-06 18:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 16:42 - 2014-06-06 18:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 16:42 - 2014-06-06 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 16:41 - 2014-06-06 20:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 16:41 - 2014-06-06 20:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 16:41 - 2014-06-06 19:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 16:41 - 2014-06-06 19:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 16:41 - 2014-06-06 19:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 16:41 - 2014-06-06 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-09 16:41 - 2014-06-06 18:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 16:41 - 2014-06-06 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 16:41 - 2014-06-06 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 16:41 - 2014-06-06 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-09 16:41 - 2014-06-06 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 16:41 - 2014-06-06 18:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-09 16:41 - 2014-06-06 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 16:41 - 2014-06-06 18:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-09 16:41 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 16:41 - 2014-05-30 02:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-01 16:41 - 2014-07-03 09:22 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-01 16:41 - 2014-07-01 16:41 - 00000905 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-01 16:41 - 2014-07-01 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-01 16:41 - 2014-07-01 16:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-01 16:41 - 2014-07-01 16:41 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-01 16:41 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-01 16:41 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-01 16:41 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-30 06:55 - 2014-06-30 06:55 - 00000000 ____D () C:\Windows\ERUNT
2014-06-29 09:45 - 2014-07-03 10:44 - 00000000 ____D () C:\Users\Admin\Desktop\AntiVirus
2014-06-29 09:03 - 2014-07-03 11:05 - 00000000 ____D () C:\AdwCleaner
2014-06-27 08:37 - 2014-06-27 08:37 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-27 08:37 - 2014-06-27 08:37 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-06-27 08:36 - 2014-06-27 08:36 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-06-27 08:36 - 2014-06-27 08:36 - 00353584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-06-27 08:36 - 2014-06-27 08:36 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-06-26 17:29 - 2014-07-10 09:57 - 00000000 ____D () C:\ProgramData\Real
2014-06-26 14:52 - 2014-06-29 08:37 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-26 14:43 - 2014-07-10 09:58 - 00000000 ____D () C:\Program Files\FileHippo.com
2014-06-26 14:41 - 2014-06-26 14:41 - 00000856 _____ () C:\Users\Admin\Desktop\psi.exe - Shortcut.lnk
2014-06-26 14:27 - 2014-07-09 16:34 - 00001237 _____ () C:\Windows\SecuniaPackage.log
2014-06-26 14:13 - 2014-06-26 14:13 - 00000000 ____D () C:\Program Files\Secunia
2014-06-24 12:03 - 2014-07-10 10:23 - 00000000 ____D () C:\FRST
2014-06-24 12:02 - 2014-07-10 10:23 - 00000000 ____D () C:\Users\Admin\Desktop\FRST
2014-06-24 07:15 - 2014-07-10 10:14 - 00016324 _____ () C:\Windows\PFRO.log
2014-06-24 07:13 - 2014-06-24 07:13 - 00000000 ____D () C:\Users\Admin\AppData\Local\Apps\2.0
2014-06-22 16:02 - 2014-06-27 08:37 - 00008650 _____ () C:\Windows\IE9_main.log
2014-06-22 13:35 - 2014-07-10 10:19 - 00808410 _____ () C:\Windows\WindowsUpdate.log
2014-06-22 13:17 - 2014-06-26 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-22 13:17 - 2014-06-26 17:09 - 00000810 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-22 13:17 - 2014-06-26 17:09 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-22 08:44 - 2014-06-24 11:36 - 00000000 ____D () C:\Users\Admin\Downloads\MS
2014-06-21 18:53 - 2014-06-21 18:53 - 00000000 ____D () C:\Users\Admin\Desktop\ProcessExplorer
2014-06-21 10:20 - 2012-08-09 10:48 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll
2014-06-21 10:20 - 2012-08-09 10:47 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
2014-06-21 10:20 - 2012-08-09 10:47 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
2014-06-21 10:20 - 2012-08-09 09:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2014-06-19 18:09 - 2014-06-19 18:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-11 07:25 - 2014-04-26 12:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 07:25 - 2014-04-04 22:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 07:25 - 2014-03-09 21:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 07:25 - 2014-03-09 21:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

==================== One Month Modified Files and Folders =======

2014-07-10 10:23 - 2014-06-24 12:03 - 00000000 ____D () C:\FRST
2014-07-10 10:23 - 2014-06-24 12:02 - 00000000 ____D () C:\Users\Admin\Desktop\FRST
2014-07-10 10:20 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-10 10:20 - 2006-11-02 08:45 - 00003680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-10 10:20 - 2006-11-02 08:45 - 00003680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-10 10:19 - 2014-06-22 13:35 - 00808410 _____ () C:\Windows\WindowsUpdate.log
2014-07-10 10:19 - 2006-11-02 08:58 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-10 10:14 - 2014-06-24 07:15 - 00016324 _____ () C:\Windows\PFRO.log
2014-07-10 10:14 - 2007-02-09 11:41 - 00000000 ____D () C:\ProgramData\Symantec
2014-07-10 10:14 - 2007-02-09 11:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-07-10 10:08 - 2014-07-10 10:08 - 00869456 _____ () C:\Users\Admin\Downloads\Norton_Removal_Tool.exe
2014-07-10 10:05 - 2014-07-10 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-10 10:05 - 2014-07-10 10:05 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-10 10:05 - 2013-11-10 11:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-10 10:04 - 2014-07-10 10:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-10 10:04 - 2014-07-10 10:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-10 10:04 - 2014-07-10 10:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-10 10:04 - 2014-07-10 10:05 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-10 10:02 - 2013-03-10 14:24 - 00000000 ____D () C:\Program Files\Java
2014-07-10 09:58 - 2014-06-26 14:43 - 00000000 ____D () C:\Program Files\FileHippo.com
2014-07-10 09:57 - 2014-06-26 17:29 - 00000000 ____D () C:\ProgramData\Real
2014-07-10 09:57 - 2009-10-05 16:32 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Real
2014-07-10 09:57 - 2007-02-09 11:17 - 00000000 ____D () C:\Program Files\Real
2014-07-10 09:51 - 2013-10-12 08:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-10 07:26 - 2011-12-09 18:07 - 00650752 _____ () C:\Users\Admin\Documents\DomResStock.xls
2014-07-10 06:25 - 2006-11-02 08:44 - 00395696 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 20:01 - 2013-07-11 18:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 19:37 - 2006-11-02 06:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-09 16:34 - 2014-06-26 14:27 - 00001237 _____ () C:\Windows\SecuniaPackage.log
2014-07-09 16:34 - 2013-10-12 08:08 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 16:34 - 2013-10-12 08:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 06:36 - 2014-03-16 14:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\HpUpdate
2014-07-03 11:05 - 2014-06-29 09:03 - 00000000 ____D () C:\AdwCleaner
2014-07-03 10:44 - 2014-06-29 09:45 - 00000000 ____D () C:\Users\Admin\Desktop\AntiVirus
2014-07-03 09:22 - 2014-07-01 16:41 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-02 15:17 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system
2014-07-01 17:01 - 2013-10-12 09:16 - 00000000 ____D () C:\ProgramData\ZalmanInstaller_52331
2014-07-01 16:41 - 2014-07-01 16:41 - 00000905 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-01 16:41 - 2014-07-01 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-01 16:41 - 2014-07-01 16:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-01 16:41 - 2014-07-01 16:41 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-30 06:55 - 2014-06-30 06:55 - 00000000 ____D () C:\Windows\ERUNT
2014-06-29 12:08 - 2011-05-08 10:50 - 00000000 ____D () C:\Users\Admin\Documents\Wine
2014-06-29 08:37 - 2014-06-26 14:52 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-29 08:37 - 2010-09-24 20:11 - 00389716 _____ () C:\aaw7boot.log
2014-06-29 08:20 - 2013-07-21 19:19 - 00001481 _____ () C:\Windows\wininit.ini
2014-06-29 08:19 - 2010-10-23 07:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-28 09:41 - 2012-07-08 19:16 - 00027136 _____ () C:\Users\Admin\Documents\DomResStock_Other.xls
2014-06-27 11:43 - 2008-12-19 16:49 - 00000000 ____D () C:\Windows\Minidump
2014-06-27 09:53 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-06-27 08:41 - 2006-11-02 07:18 - 00000000 ___RD () C:\Windows\Offline Web Pages
2014-06-27 08:37 - 2014-06-27 08:37 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-27 08:37 - 2014-06-27 08:37 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-06-27 08:37 - 2014-06-22 16:02 - 00008650 _____ () C:\Windows\IE9_main.log
2014-06-27 08:36 - 2014-06-27 08:36 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-06-27 08:36 - 2014-06-27 08:36 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-06-27 08:36 - 2014-06-27 08:36 - 00353584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-27 08:36 - 2014-06-27 08:36 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-06-27 08:36 - 2014-06-27 08:36 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-27 08:36 - 2014-06-27 08:36 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-06-26 17:10 - 2014-06-22 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-26 17:09 - 2014-06-22 13:17 - 00000810 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-26 17:09 - 2014-06-22 13:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-26 14:51 - 2010-10-23 07:17 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-06-26 14:41 - 2014-06-26 14:41 - 00000856 _____ () C:\Users\Admin\Desktop\psi.exe - Shortcut.lnk
2014-06-26 14:39 - 2007-02-09 11:39 - 00000000 ____D () C:\Program Files\Yahoo!
2014-06-26 14:13 - 2014-06-26 14:13 - 00000000 ____D () C:\Program Files\Secunia
2014-06-24 11:36 - 2014-06-22 08:44 - 00000000 ____D () C:\Users\Admin\Downloads\MS
2014-06-24 08:36 - 2010-09-06 08:24 - 00000000 ____D () C:\Program Files\Google
2014-06-24 07:13 - 2014-06-24 07:13 - 00000000 ____D () C:\Users\Admin\AppData\Local\Apps\2.0
2014-06-24 06:39 - 2010-09-06 12:31 - 00000000 ____D () C:\ProgramData\Google
2014-06-23 16:18 - 2013-08-23 04:48 - 00000940 _____ () C:\Users\Public\Desktop\Vz  In-Home Agent.lnk
2014-06-22 16:14 - 2007-02-09 10:48 - 00000000 ____D () C:\Windows\Panther
2014-06-21 18:53 - 2014-06-21 18:53 - 00000000 ____D () C:\Users\Admin\Desktop\ProcessExplorer
2014-06-19 19:49 - 2014-02-02 11:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-19 19:34 - 2013-07-18 20:11 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-19 19:15 - 2013-02-17 13:45 - 00000000 ____D () C:\Users\Admin\Desktop\JT
2014-06-19 19:15 - 2013-01-06 15:37 - 00000000 ____D () C:\Users\Admin\Desktop\Dani
2014-06-19 18:09 - 2014-06-19 18:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-19 17:48 - 2014-02-17 16:36 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-06-17 21:02 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-16 08:05 - 2013-04-04 19:04 - 00000000 ____D () C:\Users\Admin\Desktop\lwt

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-10 07:01

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:09-07-2014
Ran by Admin at 2014-07-10 10:25:12
Running from C:\Users\Admin\Desktop\FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\{C4B95D2E-BDE6-412D-AF7B-EC43A298C55B}) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\{3FC9A6DE-C105-4576-8F63-656FFB1BF8EB}) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DVD Play (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 2.4.4818 - Hewlett-Packard)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4323.13 - PC-Doctor, Inc.)
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 1.00.0000 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 1.00.0000 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.00.0000 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP On-Screen Caps/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IHA_MessageCenter (HKLM\...\{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}) (Version: 1.8.17 - Verizon)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Isle Wars Pro 2.0 (HKLM\...\Isle Wars Pro Game_is1) (Version:  - Soleau Software, Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 6.5.0.17883 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.10.21853 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKCU\...\Juniper_Term_Services) (Version: 7.1.12.21827 - Juniper Networks)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LightScribe  1.4.136.1 (Version: 1.4.136.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Move Networks Media Player for Internet Explorer (HKCU\...\Move Networks Player - IE) (Version:  - )
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent hpdesktop Master Uninstall) (Version: HPCMPQ1601 - WildTangent)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PyScripter 2.5.3 (HKLM\...\PyScripter_is1) (Version: 2.5.3 - PyScripter)
Python 2.4.3 (HKLM\...\{75E71ADD-042C-4F30-BFAC-A9EC42351313}) (Version: 2.4.3150 - Martin v. Löwis)
Python 2.7 xlrd-0.7.9 (HKCU\...\xlrd-py2.7) (Version:  - )
Python 2.7.3 (HKLM\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
Redist (HKLM\...\{0F052922-4BCE-4763-A540-00857554336D}) (Version: 3.00.0000 - Verizon)
Rhapsody (HKLM\...\Rhapsody) (Version:  - )
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}) (Version: 9.0.095 - Roxio, Inc.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
soapUI 4.5.1 4.5.1 (HKLM\...\5517-2803-0637-4585) (Version: 4.5.1 - SmartBear Software)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Verizon Activation (HKLM\...\{92125850-CE9E-405F-8DC7-774DC36AE76C}_is1) (Version:  - Verizon)
Verizon Media Manager (HKLM\...\Verizon Media Manager) (Version: 9.4.94 - Verizon)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.59.0 - Verizon)
Webroot Software (HKLM\...\Webroot Software) (Version: 7.0.4.102 - Webroot Software, Inc.)
Webroot Software (Version: 7.0.4.102 - Webroot Software, Inc.) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

26-06-2014 22:53:43 Installed Microsoft Fix it 50778
27-06-2014 12:32:03 Windows Update
04-07-2014 11:59:54 Windows Update
08-07-2014 11:04:33 Windows Update
09-07-2014 21:18:37 Scheduled Checkpoint
09-07-2014 23:36:02 Windows Update
10-07-2014 13:58:49 Removed Java 7 Update 55
10-07-2014 14:01:39 Removed Java 8 Update 5
10-07-2014 14:03:55 Installed Java 7 Update 60

==================== Hosts content: ==========================

2006-11-02 06:23 - 2014-06-27 06:51 - 00450689 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2180DD16-B01B-42CC-9B33-D2B2493ED7AA} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {419A1959-ECBB-456B-B9E7-9E572AB954FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {5334C5DB-773E-4A94-98A9-5D8CC94B2E8A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1952994113-3900846881-1584432544-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {6A7583FE-6092-43DC-BB72-DFA04BE72201} - System32\Tasks\HP online update program => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2011-10-28] (Hewlett-Packard)
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {9AB88391-245D-46E4-BBCE-86D3E35C3330} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1952994113-3900846881-1584432544-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {9F3D9720-21B6-4A77-941C-F6C21CA2E7DA} - System32\Tasks\Microsoft\Windows\RestartManager\{15BEA94A-320A-4d42-9B61-5FB967A9FBE8} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {A33B05AB-A061-4150-ABC7-3B4C67861DA7} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {A5F722A4-051D-4F02-8A5A-9B37BC9433B2} - System32\Tasks\InstallShield Software online update program => C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-02-16] (InstallShield Software Corporation)
Task: {BB0CAA25-07DF-4F8A-BA56-428C304C0F31} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {BDD38020-19C2-4B76-B619-0E3EFD5C2150} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {C6E24925-7FC2-4F63-9F40-2F5FA9675D2D} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-05-07] (Oracle Corporation)
Task: {DB06B8CE-0624-4A2E-9DC5-EF32669DAB2A} - System32\Tasks\Real Player online update program => C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Task: {DF492869-C848-4132-8B27-D1D19D2674E1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {EC5F1A1F-1AD2-4B1A-B195-70ABC57350BB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {F5B4A899-DDD3-4574-B8EC-0C5405866F4F} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2007-02-09 10:59 - 2006-12-08 11:16 - 00065536 _____ () C:\hp\KBD\KbdStub.exe
2014-06-19 18:09 - 2014-06-19 18:09 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRConsumerService => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/09/2014 06:12:06 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (07/09/2014 06:12:05 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/08/2014 08:36:16 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (07/08/2014 08:36:13 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/05/2014 09:36:28 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (07/05/2014 09:36:26 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/04/2014 08:24:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16555 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 16e0
Start Time: 01cf977fdf7c8cab
Termination Time: 2230

Error: (07/04/2014 07:48:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16555 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 204
Start Time: 01cf977d0bf34c9b
Termination Time: 3030

Error: (07/03/2014 11:08:26 AM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error: (07/03/2014 11:08:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application PSIA.exe, version 3.0.0.9016, time stamp 0x52a1d50f, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000005, fault offset 0x00067450,
process id 0x460, application start time 0xPSIA.exe0.


System errors:
=============
Error: (07/10/2014 10:22:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Remote Access Connection Manager%%126

Error: (07/10/2014 10:22:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Remote Access Connection Manager%%126

Error: (07/10/2014 10:22:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Remote Access Connection Manager%%126

Error: (07/10/2014 10:22:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Remote Access Connection Manager%%126

Error: (07/10/2014 10:22:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Remote Access Connection Manager%%126

Error: (07/10/2014 10:22:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Remote Access Connection Manager%%126

Error: (07/10/2014 10:22:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Remote Access Connection Manager%%126

Error: (07/10/2014 10:22:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Remote Access Connection Manager%%126

Error: (07/10/2014 10:22:15 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: netfilter

Error: (07/10/2014 10:22:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Lavasoft Ad-Aware Service%%3


Microsoft Office Sessions:
=========================
Error: (07/09/2014 06:12:06 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (07/09/2014 06:12:05 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/08/2014 08:36:16 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (07/08/2014 08:36:13 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/05/2014 09:36:28 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (07/05/2014 09:36:26 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/04/2014 08:24:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.1655516e001cf977fdf7c8cab2230

Error: (07/04/2014 07:48:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.1655520401cf977d0bf34c9b3030

Error: (07/03/2014 11:08:26 AM) (Source: SecurityCenter) (EventID: 3) (User: )
Description:

Error: (07/03/2014 11:08:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.901652a1d50fntdll.dll6.0.6002.1888151da3e27c00000050006745046001cf96cf91d3a96d


CodeIntegrity Errors:
===================================
  Date: 2014-07-10 10:24:58.409
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-10 10:24:58.035
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-10 10:24:57.707
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-10 10:24:57.333
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-10 10:24:56.584
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-10 10:24:56.194
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-10 10:24:55.789
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-10 10:24:55.211
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-10 10:20:54.225
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-10 10:15:25.455
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 57%
Total physical RAM: 1014.64 MB
Available physical RAM: 429.93 MB
Total Pagefile: 2291.63 MB
Available Pagefile: 1545.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.68 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:141.96 GB) (Free:90.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:7.09 GB) (Free:0.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP OJ8600) (CDROM) (Total:0.6 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=142 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#14
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi lwt_intl,

When you navigate to the Windows menu, do you happen to see any instances of Webroot Software? It is an anti-virus that reports to be currently installed in your system.
  • 0

#15
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi lwt_intl,

Looking deeper, it does appear that the said security program is likewise corrupted or has long been uninstalled. Nevertheless, I would appreciate it if you could check its status by doing the above. If all goes well, the below would probably be the last set of steps before I give you the usual clean-up routine (e.g. safety tips, removing used tools). :thumbsup:
  • Step 1

    Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRConsumerService => ""="Service"
    Task: {DB06B8CE-0624-4A2E-9DC5-EF32669DAB2A} - System32\Tasks\Real Player online update program => C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    Task: {BB0CAA25-07DF-4F8A-BA56-428C304C0F31} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: {9AB88391-245D-46E4-BBCE-86D3E35C3330} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1952994113-3900846881-1584432544-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    Task: {5334C5DB-773E-4A94-98A9-5D8CC94B2E8A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1952994113-3900846881-1584432544-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
    2014-06-26 14:13 - 2014-06-26 14:13 - 00000000 ____D () C:\Program Files\Secunia
    2014-06-26 14:51 - 2010-10-23 07:17 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
    2014-06-26 14:41 - 2014-06-26 14:41 - 00000856 _____ () C:\Users\Admin\Desktop\psi.exe - Shortcut.lnk
    2014-06-29 08:19 - 2010-10-23 07:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-06-29 08:37 - 2014-06-26 14:52 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
    2014-07-10 09:58 - 2014-06-26 14:43 - 00000000 ____D () C:\Program Files\FileHippo.com
    2014-07-10 09:57 - 2014-06-26 17:29 - 00000000 ____D () C:\ProgramData\Real
    2014-07-10 09:57 - 2009-10-05 16:32 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Real
    2014-07-10 09:57 - 2007-02-09 11:17 - 00000000 ____D () C:\Program Files\Real
    2014-07-10 10:14 - 2007-02-09 11:41 - 00000000 ____D () C:\ProgramData\Symantec
    2014-07-10 10:14 - 2007-02-09 11:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
    2014-07-10 10:08 - 2014-07-10 10:08 - 00869456 _____ () C:\Users\Admin\Downloads\Norton_Removal_Tool.exe
    R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-07-21] (GFI Software)
    R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-08-12] (Lavasoft AB)
    R1 SBRE; C:\Windows\system32\drivers\SBREDrv.sys [95024 2010-09-22] (Sunbelt Software)
    R1 SysPlant; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [87424 2007-09-07] (Symantec Corporation) [File not signed]
    R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [49024 2007-08-06] (Symantec Corporation)
    R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [39808 2007-09-07] (Symantec Corporation)
    S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [161920 2010-06-02] (Symantec Corporation)
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
    S1 netfilter; system32\drivers\netfilter.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S4 vsdatant; a [X]
    S2 Lavasoft Ad-Aware Service; No ImagePath
    S2 SmcService; No ImagePath
    S3 SNAC; No ImagePath
    S2 Symantec AntiVirus; No ImagePath
    S2 WRConsumerService; No ImagePath
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKCU - {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
    HKLM\...\Run: [SafePCRepair Search Scope Monitor] => "C:\PROGRA~1\SAFEPC~2\bar\1.bin\89srchmn.exe" /m=2 /w /h
    C:\PROGRA~1\SAFEPC~2
    HKLM\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe
    C:\Program Files\pcmax
    HKLM\...\Run: [ccApp] => "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    • Run your copy of FRST. It is important to ensure it is located in your desktop.

      5mgxgF3.png

    • Press the Fix button.
    • It will produce a log (fixlog.txt) once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log(s) in your next reply.
  • Step 2

    Run a free 'ESET Online Scan by ESET' by firstly saving the file to your desktop.
    • Double-click esetsmartinstaller_enu.exe. Accept the Terms of Use then click on Start.
    • Ensure the following settings are followed before clicking Start (you may or may not see the software warning at the very bottom):

      9C5bx.png

    • The virus signature database will begin to download. Wait for the scan to end--it may take several hours.
    • Upon completion, use Notepad to open and save C:\Program Files\ESET\EsetOnlineScanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit) to your desktop.
    • Select Uninstall application on close and click Finish.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Download 'Farbar Recovery Scan Tool by Farbar' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • The program will initialize. Press Yes to accept the disclaimer.

      5mgxgF3.png

    • Press the Scan button.
    • It will produce a log (FRST.txt) on your desktop once done. Additionally, Addition.txt would be included if this is your first time running it.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log(s) in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • Addition.txt (Farbar Recovery Scan Tool)
    • FRST.txt (Farbar Recovery Scan Tool)
    • fixlog.txt (Farbar Recovery Scan Tool)
    • log.txt (ESET Online Scan)

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP