Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Having just got rid of V9.com have been hit with Trovi.com [Closed]

Started by islandcat , Aug 31 2014 11:45 PM

  • This topic is locked This topic is locked

#1
islandcat
Posted 31 August 2014 - 11:45 PM

islandcat

    Member

  • Member
  • PipPipPip
  • 239 posts

OTL Extras logfile created on: 31/08/2014 6:38:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nadja\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
3.60 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 59.55% Memory free
7.20 Gb Paging File | 5.38 Gb Available in Paging File | 74.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 252.89 Gb Total Space | 214.24 Gb Free Space | 84.71% Space Free | Partition Type: NTFS
Drive D: | 25.47 Gb Total Space | 10.66 Gb Free Space | 41.87% Space Free | Partition Type: NTFS
Drive F: | 6.45 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: NADJA-PC | User Name: Nadja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066C81FC-CADA-440F-8FFB-5013D6B9A120}" = rport=138 | protocol=17 | dir=out | app=system |
"{10A5F925-26F9-4F1D-BFE3-1D50454B5584}" = lport=445 | protocol=6 | dir=in | app=system |
"{147EC636-4FAD-40E1-B0F0-31AE78A7F537}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{1773AA73-9008-4C52-8AE1-3F8F32E528DC}" = rport=137 | protocol=17 | dir=out | app=system |
"{1AAFF528-F753-4371-B8FD-6705A876528D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28F54E42-9DC1-40CA-B3EF-CDBD3AE33218}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2C26DDCC-D347-49D4-8E89-E48D24E028AA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3403B6E2-C06D-4AAA-B5F4-CEA823ADB348}" = rport=139 | protocol=6 | dir=out | app=system |
"{41A9D19E-63EE-492A-963F-D50975AA7935}" = lport=138 | protocol=17 | dir=in | app=system |
"{4632999F-38B8-4EE4-957E-13E3E797FA06}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4D6082D8-2DAB-444F-8C37-343EB7E742D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6FFA0C0C-2246-4760-87D7-CB341A9135CB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7B4D6CCB-FDCE-40F1-8B19-16C16FA59DEB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{835685C5-A494-4E6B-B9F8-5A22C4220D3D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D9C1DE2-276F-4C06-8531-49C4B308F585}" = lport=137 | protocol=17 | dir=in | app=system |
"{A14395DA-6BFA-4CCF-9771-F7AEDB63A23D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1FD607C-A82C-4CE9-893C-255709D19CC7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B9E8B066-6EAB-4612-BABC-B0F5249619EE}" = rport=445 | protocol=6 | dir=out | app=system |
"{C5C23E3D-7887-4243-AECC-AECD1FB133F8}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{D7000426-A000-4EC9-8694-5D7FB9E8ACC0}" = lport=139 | protocol=6 | dir=in | app=system |
"{D8F20EF3-EDB0-402E-8497-A4944CB6B89A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DFDCED33-FCE9-4286-A24C-5CEEDE89092F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E16ADC99-3E62-4F32-822A-3803F3961B2D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F7DEB314-0D7F-4356-8612-9825ECF6040B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{108265CB-0A53-43AF-9BC7-58C878D522A6}" = protocol=1 | dir=in | [email protected],-28543 |
"{1C4EE3EE-52A9-4680-ADDA-36ADDACD501D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{356F0B1D-9052-48ED-AECC-DEEABF11B855}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3C26916F-0690-490C-8432-36E9F8BFFA09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4687034D-FD4B-4C4E-A821-0FAAA242B8B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5301987A-3669-4B80-AE12-72CD7930C826}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{64334253-8218-429F-9755-0815CCBA989D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6CB211D2-B415-46B1-BB88-1CB7AD50EB22}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{78A629F1-CBB4-4979-AC76-C7EB6136A60D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8825BDC8-50E1-45E8-AA82-4ED72EB77BA3}" = protocol=6 | dir=out | app=system |
"{9E75E3A2-0D80-4635-BF73-FBB536D51DF9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A4802DFE-B9CF-4266-A7D5-395739CE932A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A7912785-CA2A-4839-8430-D76F4B731840}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B0447B52-4DB8-47F8-9C63-919A53C37064}" = protocol=58 | dir=in | [email protected],-28545 |
"{B49B0E08-69AB-4968-85F1-547A2E946ECB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B7485712-29DD-4E46-922E-3CB45D914F44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDB113CF-A77A-47D2-A046-FE3E4902BC9A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CFFB6950-58BF-423D-A289-59354F5C2E84}" = protocol=1 | dir=out | [email protected],-28544 |
"{D115406D-CA18-4643-8B52-277771CAF8DB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D2DADC88-4E5F-45D7-A869-F03A72E6B472}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E6E9363D-18CA-4BAE-ABC3-F3C5D6BAFFCA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E93FF0DA-64ED-4C73-8B19-12CD836A84F5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{ED710512-4178-4344-A3DF-E638C3D93F0B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FC9B165D-95A0-4D74-AAEA-44748C2B9B29}" = protocol=58 | dir=out | [email protected],-28546 |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.8
"{71CE3EA7-7F86-9C09-9E2D-F280FD66DAB5}" = AMD Catalyst Install Manager
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{83558A1B-6401-4F43-1167-A7C3C6B8481C}" = AMD Fuel
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87EF9553-DBAB-8017-EECE-AB632CA6BE5C}" = AMD AVIVO64 Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{D6B5D74E-9895-4B6C-7BE3-13DEF6F8482B}" = ccc-utility64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02732E1-2A4F-A9EF-BA7A-247DE51D1357}" = AMD Media Foundation Decoders
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"99841829BE839365AA67B2AD0E50D371F59F8A1E" = Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1)
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = Lenovo pointing device
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0398090D-9539-A2BB-89AF-C78292FDD100}" = CCC Help English
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{097E024D-BE30-4D95-B5F3-B6AE9C1568D4}" = PowerXpressHybrid
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BCB196F-838B-099B-DAF9-D895F47D1169}" = CCC Help French
"{10617854-88B2-BB05-D763-44DE4ECBE52D}" = CCC Help German
"{13DFBB9D-B02A-D176-72EF-0BE8C0E344F3}" = CCC Help Hungarian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros WLAN Client Installation Program
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{319F9E73-E40C-14CB-94A6-8E58DD18E683}" = CCC Help Turkish
"{31D696FB-AA4B-F81D-8851-74D1359E1799}" = CCC Help Greek
"{3270ADD1-4DED-ECA5-3AE1-FB6B12F2A167}" = CCC Help Polish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B9A1DFF-5AB1-7DF4-723A-7044DBD5252A}" = CCC Help Chinese Traditional
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{4033C622-B359-43B7-8BBE-9448B95FAE47}" = Catalyst Control Center - Branding
"{45A8BDA1-3CB1-8189-D281-5C741417E68F}" = CCC Help Russian
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4B4DB3EA-FC9D-6915-A58A-BB214CF6CE8E}" = CCC Help Thai
"{51838B1D-A84E-A939-5C81-75C7ED1ED23D}" = CCC Help Japanese
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{6165AAAB-F6A7-F3E2-71F4-ED4539FA963D}" = CCC Help Finnish
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7EBAD305-38BF-B090-1698-52567129707C}" = CCC Help Dutch
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8AE8D405-EE01-62FF-300B-2BCEDF39A2F5}" = CCC Help Portuguese
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94EC19B3-85F0-BA63-3333-FED0EB2C2346}" = AMD VISION Engine Control Center
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{9FE73119-F35A-51F7-C6EB-5BC1A59C6342}" = Catalyst Control Center InstallProxy
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1888A6B-077E-44FE-5261-D88FD5E2ED98}" = CCC Help Italian
"{A5CD312F-0FA0-7205-0576-220C552A5C5B}" = CCC Help Korean
"{A6763955-1785-517C-E051-A1F1E9BEFB87}" = Catalyst Control Center Profiles Mobile
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey
"{AFE5D988-1C04-29DC-D992-66CECC6BDF11}" = CCC Help Spanish
"{B641BFD0-A114-2D4D-6429-01F0F7396ED7}" = CCC Help Danish
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{C6640705-7479-4EE5-BC86-879F05F65E74}" = Google Drive
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C91BA8BE-C12B-71CA-AB0D-4260BD55D6BB}" = Catalyst Control Center Graphics Previews Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D027CF57-0205-CCD4-40E7-E8A57C047903}" = CCC Help Norwegian
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D94EA359-4C2D-DFDF-EA2E-6C8FE818D186}" = CCC Help Swedish
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F329C3CE-81FE-EE21-6684-4629C59689DB}" = CCC Help Chinese Standard
"{F4317B17-8BA1-B046-E301-436275BBF621}" = Catalyst Control Center Localization All
"{F75137CD-5051-34F4-1217-F0B98A75D188}" = CCC Help Czech
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"avast" = avast! Free Antivirus
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"inethnfd" = OffersWizard Network System Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"VeriFace" = VeriFace
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30/08/2014 3:34:41 PM | Computer Name = Nadja-PC | Source = Windows Search Service | ID = 9002
Description =
 
Error - 30/08/2014 3:34:41 PM | Computer Name = Nadja-PC | Source = Windows Search Service | ID = 3029
Description =
 
Error - 30/08/2014 3:34:43 PM | Computer Name = Nadja-PC | Source = Windows Search Service | ID = 3029
Description =
 
Error - 30/08/2014 3:34:43 PM | Computer Name = Nadja-PC | Source = Windows Search Service | ID = 3028
Description =
 
Error - 30/08/2014 3:34:43 PM | Computer Name = Nadja-PC | Source = Windows Search Service | ID = 3058
Description =
 
Error - 30/08/2014 3:34:43 PM | Computer Name = Nadja-PC | Source = Windows Search Service | ID = 7010
Description =
 
Error - 30/08/2014 3:34:45 PM | Computer Name = Nadja-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 30/08/2014 3:37:28 PM | Computer Name = Nadja-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:
 0x53518532  Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
 0x4df2be1e  Exception code: 0x40000015  Fault offset: 0x0008d6fd  Faulting process id:
 0xbe0  Faulting application start time: 0x01cfc489d1159d4a  Faulting application path:
 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe  Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll  Report Id: 12c3f3e0-307d-11e4-9cf7-dc0ea1f9c595
 
Error - 30/08/2014 3:39:09 PM | Computer Name = Nadja-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:
 0x53518532  Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
 0x4df2be1e  Exception code: 0x40000015  Fault offset: 0x0008d6fd  Faulting process id:
 0x1098  Faulting application start time: 0x01cfc48a10a7be0f  Faulting application path:
 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe  Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll  Report Id: 4f10e294-307d-11e4-9cf7-dc0ea1f9c595
 
Error - 30/08/2014 3:39:25 PM | Computer Name = Nadja-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:
 0x53518532  Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
 0x4df2be1e  Exception code: 0x40000015  Fault offset: 0x0008d6fd  Faulting process id:
 0xa10  Faulting application start time: 0x01cfc48a1a8a961d  Faulting application path:
 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe  Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll  Report Id: 58a53cb7-307d-11e4-9cf7-dc0ea1f9c595
 
[ System Events ]
Error - 29/08/2014 5:17:00 PM | Computer Name = Nadja-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 29/08/2014 6:05:54 PM | Computer Name = Nadja-PC | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
   %%2
 
Error - 29/08/2014 6:06:06 PM | Computer Name = Nadja-PC | Source = Microsoft-Windows-GroupPolicy | ID = 1096
Description = The processing of Group Policy failed. Windows could not apply the
 registry-based policy settings for the Group Policy object LocalGPO. Group Policy
 settings will not be resolved until this event is resolved. View the event details
 for more information on the file name and path that caused the failure.
 
Error - 29/08/2014 6:09:45 PM | Computer Name = Nadja-PC | Source = DCOM | ID = 10010
Description =
 
Error - 30/08/2014 3:07:37 PM | Computer Name = Nadja-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the Wlansvc service.
 
Error - 30/08/2014 3:33:56 PM | Computer Name = Nadja-PC | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
   %%2
 
Error - 30/08/2014 3:33:58 PM | Computer Name = Nadja-PC | Source = Service Control Manager | ID = 7000
Description = The Search Protect Service service failed to start due to the following
 error:   %%2
 
Error - 30/08/2014 3:34:25 PM | Computer Name = Nadja-PC | Source = Microsoft-Windows-GroupPolicy | ID = 1096
Description = The processing of Group Policy failed. Windows could not apply the
 registry-based policy settings for the Group Policy object LocalGPO. Group Policy
 settings will not be resolved until this event is resolved. View the event details
 for more information on the file name and path that caused the failure.
 
Error - 30/08/2014 3:34:46 PM | Computer Name = Nadja-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.
 
Error - 30/08/2014 3:34:47 PM | Computer Name = Nadja-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 30000 milliseconds:
 Restart the service.
 
 
< End of report >

 

OTL


  • 0

Advertisements

#2
Machiavelli
Posted 01 September 2014 - 03:07 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hello and Welcome to GeeksToGo islandcat,

my Name is Machiavelli and I will assist you with your problem.  :alarm:  The fixes are specific to your problem and should only be used for the issue on your machine!  :alarm: 
 
I'm in the 'Malware Staff Team' and will provide you with advice:
To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.
 
You must reply to posts within days. If you haven't replied within 4 days your topic will be closed. If you go away for some time please let me know. Communication is an important part here! If you are unsure about something - STOP - and ask me. No need to be afraid of asking - better ask than doing a mistake. Mistakes can lead to an unbootable PC! I would recommend to follow the topic by clicking on the Follow this topic button - you will get notified when I have replied to your topic.
 

:alarm: Below are a few tips  :alarm:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please describe your problem.

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

  • 0

#3
islandcat
Posted 02 September 2014 - 12:56 PM

islandcat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 239 posts

OTL Extras logfile created on: 31/08/2014 6:38:06 PM - Run 1

 

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nadja\Downloads

 

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

 

Internet Explorer (Version = 9.11.9600.17239)

 

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

 

 

3.60 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 59.55% Memory free

 

7.20 Gb Paging File | 5.38 Gb Available in Paging File | 74.73% Paging File free

 

Paging file location(s): ?:\pagefile.sys [binary data]

 

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

 

Drive C: | 252.89 Gb Total Space | 214.24 Gb Free Space | 84.71% Space Free | Partition Type: NTFS

 

Drive D: | 25.47 Gb Total Space | 10.66 Gb Free Space | 41.87% Space Free | Partition Type: NTFS

 

Drive F: | 6.45 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

 

 

Computer Name: NADJA-PC | User Name: Nadja | Logged in as Administrator.

 

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

 

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

 

========== Extra Registry (SafeList) ==========

 

 

 

========== File Associations ==========

 

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

 

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

 

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

 

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

 

========== Shell Spawning ==========

 

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

 

batfile [open] -- "%1" %*

 

cmdfile [open] -- "%1" %*

 

comfile [open] -- "%1" %*

 

exefile [open] -- "%1" %*

 

helpfile [open] -- Reg Error: Key error.

 

htmlfile [edit] -- Reg Error: Key error.

 

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

 

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

 

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

 

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

 

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

 

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

 

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

 

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

 

piffile [open] -- "%1" %*

 

regfile [merge] -- Reg Error: Key error.

 

scrfile [config] -- "%1"

 

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

 

scrfile [open] -- "%1" /S

 

txtfile [edit] -- Reg Error: Key error.

 

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

 

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

Folder [explore] -- Reg Error: Value error.

 

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

 

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

 

batfile [open] -- "%1" %*

 

cmdfile [open] -- "%1" %*

 

comfile [open] -- "%1" %*

 

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

 

exefile [open] -- "%1" %*

 

helpfile [open] -- Reg Error: Key error.

 

htmlfile [edit] -- Reg Error: Key error.

 

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

 

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

 

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

 

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

 

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

 

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

 

piffile [open] -- "%1" %*

 

regfile [merge] -- Reg Error: Key error.

 

scrfile [config] -- "%1"

 

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

 

scrfile [open] -- "%1" /S

 

txtfile [edit] -- Reg Error: Key error.

 

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

 

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

Folder [explore] -- Reg Error: Value error.

 

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

 

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

 

========== Security Center Settings ==========

 

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

"cval" = 1

 

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

 

"AntiVirusOverride" = 0

 

"AntiSpywareOverride" = 0

 

"FirewallOverride" = 0

 

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

 

========== Firewall Settings ==========

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

"EnableFirewall" = 1

 

"DisableNotifications" = 0

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

 

"EnableFirewall" = 1

 

"DisableNotifications" = 0

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

 

"EnableFirewall" = 1

 

"DisableNotifications" = 0

 

 

========== Authorized Applications List ==========

 

 

 

========== Vista Active Open Ports Exception List ==========

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 

"{066C81FC-CADA-440F-8FFB-5013D6B9A120}" = rport=138 | protocol=17 | dir=out | app=system |

 

"{10A5F925-26F9-4F1D-BFE3-1D50454B5584}" = lport=445 | protocol=6 | dir=in | app=system |

 

"{147EC636-4FAD-40E1-B0F0-31AE78A7F537}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

 

"{1773AA73-9008-4C52-8AE1-3F8F32E528DC}" = rport=137 | protocol=17 | dir=out | app=system |

 

"{1AAFF528-F753-4371-B8FD-6705A876528D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

 

"{28F54E42-9DC1-40CA-B3EF-CDBD3AE33218}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

 

"{2C26DDCC-D347-49D4-8E89-E48D24E028AA}" = lport=10243 | protocol=6 | dir=in | app=system |

 

"{3403B6E2-C06D-4AAA-B5F4-CEA823ADB348}" = rport=139 | protocol=6 | dir=out | app=system |

 

"{41A9D19E-63EE-492A-963F-D50975AA7935}" = lport=138 | protocol=17 | dir=in | app=system |

 

"{4632999F-38B8-4EE4-957E-13E3E797FA06}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

 

"{4D6082D8-2DAB-444F-8C37-343EB7E742D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

 

"{6FFA0C0C-2246-4760-87D7-CB341A9135CB}" = lport=2869 | protocol=6 | dir=in | app=system |

 

"{7B4D6CCB-FDCE-40F1-8B19-16C16FA59DEB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

 

"{835685C5-A494-4E6B-B9F8-5A22C4220D3D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

 

"{9D9C1DE2-276F-4C06-8531-49C4B308F585}" = lport=137 | protocol=17 | dir=in | app=system |

 

"{A14395DA-6BFA-4CCF-9771-F7AEDB63A23D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

 

"{A1FD607C-A82C-4CE9-893C-255709D19CC7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

 

"{B9E8B066-6EAB-4612-BABC-B0F5249619EE}" = rport=445 | protocol=6 | dir=out | app=system |

 

"{C5C23E3D-7887-4243-AECC-AECD1FB133F8}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |

 

"{D7000426-A000-4EC9-8694-5D7FB9E8ACC0}" = lport=139 | protocol=6 | dir=in | app=system |

 

"{D8F20EF3-EDB0-402E-8497-A4944CB6B89A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

 

"{DFDCED33-FCE9-4286-A24C-5CEEDE89092F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

 

"{E16ADC99-3E62-4F32-822A-3803F3961B2D}" = rport=10243 | protocol=6 | dir=out | app=system |

 

"{F7DEB314-0D7F-4356-8612-9825ECF6040B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

 

 

========== Vista Active Application Exception List ==========

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 

"{108265CB-0A53-43AF-9BC7-58C878D522A6}" = protocol=1 | dir=in | [email protected],-28543 |

 

"{1C4EE3EE-52A9-4680-ADDA-36ADDACD501D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

 

"{356F0B1D-9052-48ED-AECC-DEEABF11B855}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

 

"{3C26916F-0690-490C-8432-36E9F8BFFA09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

 

"{4687034D-FD4B-4C4E-A821-0FAAA242B8B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

 

"{5301987A-3669-4B80-AE12-72CD7930C826}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

 

"{64334253-8218-429F-9755-0815CCBA989D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

 

"{6CB211D2-B415-46B1-BB88-1CB7AD50EB22}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

 

"{78A629F1-CBB4-4979-AC76-C7EB6136A60D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

 

"{8825BDC8-50E1-45E8-AA82-4ED72EB77BA3}" = protocol=6 | dir=out | app=system |

 

"{9E75E3A2-0D80-4635-BF73-FBB536D51DF9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

 

"{A4802DFE-B9CF-4266-A7D5-395739CE932A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

 

"{A7912785-CA2A-4839-8430-D76F4B731840}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

 

"{B0447B52-4DB8-47F8-9C63-919A53C37064}" = protocol=58 | dir=in | [email protected],-28545 |

 

"{B49B0E08-69AB-4968-85F1-547A2E946ECB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

 

"{B7485712-29DD-4E46-922E-3CB45D914F44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

 

"{BDB113CF-A77A-47D2-A046-FE3E4902BC9A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

 

"{CFFB6950-58BF-423D-A289-59354F5C2E84}" = protocol=1 | dir=out | [email protected],-28544 |

 

"{D115406D-CA18-4643-8B52-277771CAF8DB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

 

"{D2DADC88-4E5F-45D7-A869-F03A72E6B472}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

 

"{E6E9363D-18CA-4BAE-ABC3-F3C5D6BAFFCA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

 

"{E93FF0DA-64ED-4C73-8B19-12CD836A84F5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

 

"{ED710512-4178-4344-A3DF-E638C3D93F0B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

 

"{FC9B165D-95A0-4D74-AAEA-44748C2B9B29}" = protocol=58 | dir=out | [email protected],-28546 |

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

 

"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support

 

"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery

 

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

 

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

 

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

 

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

 

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.8

 

"{71CE3EA7-7F86-9C09-9E2D-F280FD66DAB5}" = AMD Catalyst Install Manager

 

"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1

 

"{83558A1B-6401-4F43-1167-A7C3C6B8481C}" = AMD Fuel

 

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

 

"{87EF9553-DBAB-8017-EECE-AB632CA6BE5C}" = AMD AVIVO64 Codecs

 

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

 

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

 

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1

 

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

 

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

 

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

 

"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes

 

"{D6B5D74E-9895-4B6C-7BE3-13DEF6F8482B}" = ccc-utility64

 

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

 

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

 

"{E02732E1-2A4F-A9EF-BA7A-247DE51D1357}" = AMD Media Foundation Decoders

 

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

 

"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64

 

"99841829BE839365AA67B2AD0E50D371F59F8A1E" = Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1)

 

"CCleaner" = CCleaner

 

"CNXT_AUDIO_HDA" = Conexant HD Audio

 

"Elantech" = Lenovo pointing device

 

"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam

 

"{0398090D-9539-A2BB-89AF-C78292FDD100}" = CCC Help English

 

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

 

"{097E024D-BE30-4D95-B5F3-B6AE9C1568D4}" = PowerXpressHybrid

 

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

 

"{0BCB196F-838B-099B-DAF9-D895F47D1169}" = CCC Help French

 

"{10617854-88B2-BB05-D763-44DE4ECBE52D}" = CCC Help German

 

"{13DFBB9D-B02A-D176-72EF-0BE8C0E344F3}" = CCC Help Hungarian

 

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

 

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

 

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

 

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

 

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

 

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros WLAN Client Installation Program

 

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

 

"{319F9E73-E40C-14CB-94A6-8E58DD18E683}" = CCC Help Turkish

 

"{31D696FB-AA4B-F81D-8851-74D1359E1799}" = CCC Help Greek

 

"{3270ADD1-4DED-ECA5-3AE1-FB6B12F2A167}" = CCC Help Polish

 

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

 

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

 

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

 

"{3B9A1DFF-5AB1-7DF4-723A-7044DBD5252A}" = CCC Help Chinese Traditional

 

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

 

"{4033C622-B359-43B7-8BBE-9448B95FAE47}" = Catalyst Control Center - Branding

 

"{45A8BDA1-3CB1-8189-D281-5C741417E68F}" = CCC Help Russian

 

"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support

 

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

 

"{4B4DB3EA-FC9D-6915-A58A-BB214CF6CE8E}" = CCC Help Thai

 

"{51838B1D-A84E-A939-5C81-75C7ED1ED23D}" = CCC Help Japanese

 

"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance

 

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

 

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

 

"{6165AAAB-F6A7-F3E2-71F4-ED4539FA963D}" = CCC Help Finnish

 

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

 

"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver

 

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

 

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

 

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

 

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

 

"{7EBAD305-38BF-B090-1698-52567129707C}" = CCC Help Dutch

 

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

 

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

 

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

 

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

 

"{8AE8D405-EE01-62FF-300B-2BCEDF39A2F5}" = CCC Help Portuguese

 

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

 

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

 

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

 

"{94EC19B3-85F0-BA63-3333-FED0EB2C2346}" = AMD VISION Engine Control Center

 

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

 

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

 

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

 

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

 

"{9FE73119-F35A-51F7-C6EB-5BC1A59C6342}" = Catalyst Control Center InstallProxy

 

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

 

"{A1888A6B-077E-44FE-5261-D88FD5E2ED98}" = CCC Help Italian

 

"{A5CD312F-0FA0-7205-0576-220C552A5C5B}" = CCC Help Korean

 

"{A6763955-1785-517C-E051-A1F1E9BEFB87}" = Catalyst Control Center Profiles Mobile

 

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

 

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

 

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

 

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

 

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

 

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)

 

"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera

 

"{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey

 

"{AFE5D988-1C04-29DC-D992-66CECC6BDF11}" = CCC Help Spanish

 

"{B641BFD0-A114-2D4D-6429-01F0F7396ED7}" = CCC Help Danish

 

"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2

 

"{C6640705-7479-4EE5-BC86-879F05F65E74}" = Google Drive

 

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

 

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

 

"{C91BA8BE-C12B-71CA-AB0D-4260BD55D6BB}" = Catalyst Control Center Graphics Previews Common

 

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

 

"{D027CF57-0205-CCD4-40E7-E8A57C047903}" = CCC Help Norwegian

 

"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management

 

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

 

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

 

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

 

"{D94EA359-4C2D-DFDF-EA2E-6C8FE818D186}" = CCC Help Swedish

 

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

 

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

 

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

 

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

 

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

 

"{F329C3CE-81FE-EE21-6684-4629C59689DB}" = CCC Help Chinese Standard

 

"{F4317B17-8BA1-B046-E301-436275BBF621}" = Catalyst Control Center Localization All

 

"{F75137CD-5051-34F4-1217-F0B98A75D188}" = CCC Help Czech

 

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

 

"avast" = avast! Free Antivirus

 

"FileHippo.com" = FileHippo.com Update Checker

 

"Google Chrome" = Google Chrome

 

"inethnfd" = OffersWizard Network System Driver

 

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam

 

"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery

 

"InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey

 

"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management

 

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012

 

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

 

"VeriFace" = VeriFace

 

"VLC media player" = VLC media player 2.0.2

 

"WinLiveSuite" = Windows Live Essentials

 

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

"UnityWebPlayer" = Unity Web Player

 

 

========== Last 20 Event Log Errors ==========

 

 

[ Application Events ]

 

Error - 30/08/2014 3:34:41 PM | Computer Name = Nadja-PC | Source = Windows Search Service | ID = 9002

 

Description =

 

 

Error - 30/08/2014 3:34:41 PM | Computer Name = Nadja-PC | Source = Windows Search Service | ID = 3029

 

Description =

 

 

Error - 30/08/2014 3:34:43 PM | Computer Name = Nadja-PC | Source = Windows Search Service | ID = 3029

 

Description =

 

 

Error - 30/08/2014 3:34:43 PM | Computer Name = Nadja-PC | Source = Windows Search Service | ID = 3028

 

Description =

 

 

Error - 30/08/2014 3:34:43 PM | Computer Name = Nadja-PC | Source = Windows Search Service | ID = 3058

 

Description =

 

 

Error - 30/08/2014 3:34:43 PM | Computer Name = Nadja-PC | Source = Windows Search Service | ID = 7010

 

Description =

 

 

Error - 30/08/2014 3:34:45 PM | Computer Name = Nadja-PC | Source = WinMgmt | ID = 10

 

Description =

 

 

Error - 30/08/2014 3:37:28 PM | Computer Name = Nadja-PC | Source = Application Error | ID = 1000

 

Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:

 

0x53518532  Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:

 

0x4df2be1e  Exception code: 0x40000015  Fault offset: 0x0008d6fd  Faulting process id:

 

0xbe0  Faulting application start time: 0x01cfc489d1159d4a  Faulting application path:

 

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe  Faulting module path:

 

C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll  Report Id: 12c3f3e0-307d-11e4-9cf7-dc0ea1f9c595

 

 

Error - 30/08/2014 3:39:09 PM | Computer Name = Nadja-PC | Source = Application Error | ID = 1000

 

Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:

 

0x53518532  Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:

 

0x4df2be1e  Exception code: 0x40000015  Fault offset: 0x0008d6fd  Faulting process id:

 

0x1098  Faulting application start time: 0x01cfc48a10a7be0f  Faulting application path:

 

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe  Faulting module path:

 

C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll  Report Id: 4f10e294-307d-11e4-9cf7-dc0ea1f9c595

 

 

Error - 30/08/2014 3:39:25 PM | Computer Name = Nadja-PC | Source = Application Error | ID = 1000

 

Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:

 

0x53518532  Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:

 

0x4df2be1e  Exception code: 0x40000015  Fault offset: 0x0008d6fd  Faulting process id:

 

0xa10  Faulting application start time: 0x01cfc48a1a8a961d  Faulting application path:

 

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe  Faulting module path:

 

C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll  Report Id: 58a53cb7-307d-11e4-9cf7-dc0ea1f9c595

 

 

[ System Events ]

 

Error - 29/08/2014 5:17:00 PM | Computer Name = Nadja-PC | Source = Service Control Manager | ID = 7011

 

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

 

response from the ShellHWDetection service.

 

 

Error - 29/08/2014 6:05:54 PM | Computer Name = Nadja-PC | Source = Service Control Manager | ID = 7000

 

Description = The Bonjour Service service failed to start due to the following error:

 

   %%2

 

 

Error - 29/08/2014 6:06:06 PM | Computer Name = Nadja-PC | Source = Microsoft-Windows-GroupPolicy | ID = 1096

 

Description = The processing of Group Policy failed. Windows could not apply the

 

registry-based policy settings for the Group Policy object LocalGPO. Group Policy

 

settings will not be resolved until this event is resolved. View the event details

 

for more information on the file name and path that caused the failure.

 

 

Error - 29/08/2014 6:09:45 PM | Computer Name = Nadja-PC | Source = DCOM | ID = 10010

 

Description =

 

 

Error - 30/08/2014 3:07:37 PM | Computer Name = Nadja-PC | Source = Service Control Manager | ID = 7011

 

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

 

response from the Wlansvc service.

 

 

Error - 30/08/2014 3:33:56 PM | Computer Name = Nadja-PC | Source = Service Control Manager | ID = 7000

 

Description = The Bonjour Service service failed to start due to the following error:

 

   %%2

 

 

Error - 30/08/2014 3:33:58 PM | Computer Name = Nadja-PC | Source = Service Control Manager | ID = 7000

 

Description = The Search Protect Service service failed to start due to the following

 

error:   %%2

 

 

Error - 30/08/2014 3:34:25 PM | Computer Name = Nadja-PC | Source = Microsoft-Windows-GroupPolicy | ID = 1096

 

Description = The processing of Group Policy failed. Windows could not apply the

 

registry-based policy settings for the Group Policy object LocalGPO. Group Policy

 

settings will not be resolved until this event is resolved. View the event details

 

for more information on the file name and path that caused the failure.

 

 

Error - 30/08/2014 3:34:46 PM | Computer Name = Nadja-PC | Source = Service Control Manager | ID = 7024

 

Description = The Windows Search service terminated with service-specific error

 

%%-1073473535.

 

 

Error - 30/08/2014 3:34:47 PM | Computer Name = Nadja-PC | Source = Service Control Manager | ID = 7031

 

Description = The Windows Search service terminated unexpectedly.  It has done this

 

1 time(s).  The following corrective action will be taken in 30000 milliseconds:

 

Restart the service.

 

 

 

< End of report >

 


  • 0

#4
islandcat
Posted 02 September 2014 - 01:07 PM

islandcat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 239 posts

jScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02

 

Ran by Nadja (administrator) on NADJA-PC on 31-08-2014 12:20:27

 

Running from C:\Users\Nadja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6K53EPM

 

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

 

Internet Explorer Version 11

 

Boot Mode: Normal

 

 

The only official download link for FRST:

 

Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/

 

Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/

 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

 

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

 

 

==================== Processes (Whitelisted) =================

 

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

 

(AMD) C:\Windows\System32\atiesrxx.exe

 

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

 

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

 

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

 

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

 

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

 

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

 

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

 

(AMD) C:\Windows\System32\atieclxx.exe

 

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

 

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe

 

(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

 

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

 

(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe

 

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

 

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

 

( ) C:\Program Files (x86)\LockKey\LockKey.exe

 

(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE

 

(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe

 

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

 

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

 

(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

 

(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

 

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

 

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

 

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

 

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

 

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

 

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

 

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

 

(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

 

 

 

==================== Registry (Whitelisted) ==================

 

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

 

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2809856 2012-01-16] (ELAN Microelectronics Corp.)

 

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2012-03-01] (Conexant Systems, Inc.)

 

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8071680 2012-06-25] (Lenovo (Beijing) Limited)

 

HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6193152 2012-06-25] (Lenovo(beijing) Limited)

 

HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-06-25] (Lenovo)

 

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-22] (Advanced Micro Devices, Inc.)

 

HKLM-x32\...\Run: [LockKey] => C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )

 

HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro)

 

HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)

 

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

 

HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)

 

HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)

 

HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-06-25] (Lenovo)

 

HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)

 

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

 

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

 

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-14] (AVAST Software)

 

HKU\S-1-5-21-1218720105-1143995056-975841209-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-08-14] (Google Inc.)

 

HKU\S-1-5-21-1218720105-1143995056-975841209-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)

 

HKU\S-1-5-21-1218720105-1143995056-975841209-1001\...\Policies\system: [LogonHoursAction] 2

 

HKU\S-1-5-21-1218720105-1143995056-975841209-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

 

AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [232896 2014-08-14] (Client Connect LTD)

 

AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187328 2014-08-14] (Client Connect LTD)

 

Startup: C:\Users\Nadja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RapidMediaConverterApp.lnk

 

ShortcutTarget: RapidMediaConverterApp.lnk -> C:\Program Files (x86)\RapidMediaConverter\RapidMediaConverterApp.exe (No File)

 

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

 

 

==================== Internet (Whitelisted) ====================

 

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...D6D299E73&SSPV=

 

HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/

 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/

 

SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=

 

SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=

 

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

 

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

 

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

 

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

 

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

 

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

 

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

 

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

 

Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File

 

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

 

DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}

 

Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found ()

 

Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1

 

 

FireFox:

 

========

 

FF Plugin: @microsoft.com/GENUINE -> disabled No File

 

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

 

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

 

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

 

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

 

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

 

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File

 

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

 

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

 

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nadja\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

 

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-12]

 

 

Chrome:

 

=======

 

CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3321486&octid=EB_ORIGINAL_CTID&ISID=MAD3D6DE6-6671-4C55-BCF4-FB4CB52CBC8E&SearchSource=55&CUI=&UM=6&UP=SP228671FD-466C-41FC-86D3-826D6D299E73&SSPV=

 

CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3321486&octid=EB_ORIGINAL_CTID&ISID=MAD3D6DE6-6671-4C55-BCF4-FB4CB52CBC8E&SearchSource=55&CUI=&UM=6&UP=SP228671FD-466C-41FC-86D3-826D6D299E73&SSPV="

 

CHR Profile: C:\Users\Nadja\AppData\Local\Google\Chrome\User Data\Default

 

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nadja\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-21]

 

CHR Extension: (avast! Online Security) - C:\Users\Nadja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-21]

 

CHR Extension: (Boost) - C:\Users\Nadja\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn [2014-08-27]

 

CHR Extension: (Google Wallet) - C:\Users\Nadja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-05]

 

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-14]

 

 

==================== Services (Whitelisted) =================

 

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-03-21] (Advanced Micro Devices, Inc.) [File not signed]

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-14] (AVAST Software)

 

S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]

 

S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]

 

 

==================== Drivers (Whitelisted) ====================

 

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-14] ()

 

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-14] (AVAST Software)

 

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-14] (AVAST Software)

 

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-14] ()

 

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-14] (AVAST Software)

 

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-14] (AVAST Software)

 

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-14] (AVAST Software)

 

R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)

 

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-14] ()

 

U3 BcmSqlStartupSvc; No ImagePath

 

U2 CLKMSVC10_3A60B698; No ImagePath

 

U2 CLKMSVC10_C3B3B687; No ImagePath

 

U2 DriverService; No ImagePath

 

U2 IAStorDataMgrSvc; No ImagePath

 

U2 iATAgentService; No ImagePath

 

U2 idealife Update Service; No ImagePath

 

U3 IGRS; No ImagePath

 

U2 IviRegMgr; No ImagePath

 

U2 nvUpdatusService; No ImagePath

 

U2 Oasis2Service; No ImagePath

 

U2 PCCarerService; No ImagePath

 

U2 ReadyComm.DirectRouter; No ImagePath

 

U2 RichVideo; No ImagePath

 

U2 RtLedService; No ImagePath

 

U2 SeaPort; No ImagePath

 

U2 SoftwareService; No ImagePath

 

S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

 

U3 SQLWriter; No ImagePath

 

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

 

==================== One Month Created Files and Folders ========

 

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

 

2014-08-31 12:20 - 2014-08-31 12:20 - 00000000 ____D () C:\FRST

 

2014-08-30 12:36 - 2014-08-30 12:36 - 00002980 _____ () C:\Windows\System32\Tasks\{1EF97660-6949-4441-9D3B-6816692B62EA}

 

2014-08-30 12:33 - 2014-08-30 12:33 - 00000056 _____ () C:\Windows\setupact.log

 

2014-08-30 12:33 - 2014-08-30 12:33 - 00000000 _____ () C:\Windows\setuperr.log

 

2014-08-30 12:32 - 2014-08-30 12:32 - 00001088 _____ () C:\Windows\PFRO.log

 

2014-08-29 15:27 - 2014-08-29 15:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadja\Downloads\mbam-setup-2.0.2.1012.exe

 

2014-08-29 15:20 - 2014-08-30 12:07 - 00000000 ____D () C:\Users\Nadja\AppData\Local\SearchProtect

 

2014-08-29 14:46 - 2014-08-29 14:46 - 00002010 _____ () C:\Users\Nadja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk

 

2014-08-29 14:46 - 2014-08-29 14:46 - 00001980 _____ () C:\Users\Nadja\Desktop\Update Checker.lnk

 

2014-08-29 14:46 - 2014-08-29 14:46 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com

 

2014-08-29 13:11 - 2014-08-29 14:21 - 00000485 _____ () C:\DelFix.txt

 

2014-08-29 12:29 - 2014-08-30 12:58 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job

 

2014-08-29 12:29 - 2014-08-29 15:05 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job

 

2014-08-29 12:29 - 2014-08-29 14:53 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job

 

2014-08-29 12:29 - 2014-08-29 12:58 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP1

 

2014-08-29 12:29 - 2014-08-29 12:58 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP3

 

2014-08-29 12:29 - 2014-08-29 12:58 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP2

 

2014-08-29 12:29 - 2014-08-29 12:31 - 00000316 _____ () C:\Users\Nadja\AppData\Roaming\aps.uninstall.scan.results

 

2014-08-29 12:27 - 2014-08-29 12:27 - 00631680 _____ (ClickMeIn Limited) C:\Users\Nadja\AppData\Local\nsv93E1.tmp

 

2014-08-29 12:17 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

 

2014-08-29 12:17 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

 

2014-08-29 12:17 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

 

2014-08-27 09:13 - 2014-08-27 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter

 

2014-08-27 09:12 - 2014-08-27 09:12 - 00000000 ____D () C:\Users\Nadja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter

 

2014-08-27 09:11 - 2014-08-27 09:11 - 00000000 ____D () C:\Program Files (x86)\SearchProtect

 

2014-08-27 08:56 - 2014-08-27 08:58 - 00000229 _____ () C:\Users\Nadja\BullseyeCoverageError.txt

 

2014-08-26 18:21 - 2014-08-29 13:11 - 00000000 ____D () C:\Windows\ERUNT

 

2014-08-24 22:10 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

 

2014-08-21 18:55 - 2014-08-21 18:55 - 00002980 _____ () C:\Windows\System32\Tasks\{F1939288-DC1F-43FB-9588-21D569DB0030}

 

2014-08-21 18:55 - 2014-08-21 18:55 - 00002980 _____ () C:\Windows\System32\Tasks\{0713F309-3C4C-48D5-8B62-E925BBA78894}

 

2014-08-21 18:53 - 2014-08-21 18:53 - 00002980 _____ () C:\Windows\System32\Tasks\{C878813E-F3A3-466E-B5DA-862B70D9DFDA}

 

2014-08-21 18:51 - 2014-08-21 18:51 - 00002980 _____ () C:\Windows\System32\Tasks\{C6371E4D-85A0-44D9-B408-7269DD9FE646}

 

2014-08-21 18:50 - 2014-08-21 18:50 - 00002980 _____ () C:\Windows\System32\Tasks\{4348E318-D244-4355-98DA-7334323C6ABE}

 

2014-08-19 17:47 - 2014-08-19 17:47 - 00000898 _____ () C:\Users\Nadja\Documents\Downloads.lnk

 

2014-08-19 16:51 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

 

2014-08-19 16:51 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

 

2014-08-19 16:51 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

 

2014-08-19 16:51 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

 

2014-08-19 16:51 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

 

2014-08-19 16:51 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

 

2014-08-19 16:50 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

 

2014-08-19 16:50 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

 

2014-08-15 16:04 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

 

2014-08-15 16:04 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

 

2014-08-15 16:04 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

 

2014-08-15 16:04 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

 

2014-08-15 16:04 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

 

2014-08-15 16:04 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

 

2014-08-15 16:04 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

 

2014-08-15 16:04 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

 

2014-08-15 16:04 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

 

2014-08-15 16:04 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

 

2014-08-15 16:04 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

 

2014-08-15 16:04 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

 

2014-08-15 16:04 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls

 

2014-08-15 16:04 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

 

2014-08-15 16:04 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

 

2014-08-15 16:04 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

 

2014-08-15 16:04 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

 

2014-08-15 16:04 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

 

2014-08-15 16:04 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

 

2014-08-15 16:04 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

 

2014-08-15 16:04 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

 

2014-08-15 16:03 - 2014-07-31 16:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

 

2014-08-15 16:03 - 2014-07-31 16:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

 

2014-08-15 16:03 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

 

2014-08-15 16:03 - 2014-07-25 07:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

 

2014-08-15 16:03 - 2014-07-25 07:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

 

2014-08-15 16:03 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

 

2014-08-15 16:03 - 2014-07-25 06:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

 

2014-08-15 16:03 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

 

2014-08-15 16:03 - 2014-07-25 06:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

 

2014-08-15 16:03 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

 

2014-08-15 16:03 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

 

2014-08-15 16:03 - 2014-07-25 06:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

 

2014-08-15 16:03 - 2014-07-25 06:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

 

2014-08-15 16:03 - 2014-07-25 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

 

2014-08-15 16:03 - 2014-07-25 06:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

 

2014-08-15 16:03 - 2014-07-25 06:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

 

2014-08-15 16:03 - 2014-07-25 06:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

 

2014-08-15 16:03 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

 

2014-08-15 16:03 - 2014-07-25 05:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

 

2014-08-15 16:03 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

 

2014-08-15 16:03 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

 

2014-08-15 16:03 - 2014-07-25 05:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

 

2014-08-15 16:03 - 2014-07-25 05:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

 

2014-08-15 16:03 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

 

2014-08-15 16:03 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

 

2014-08-15 16:03 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

 

2014-08-15 16:03 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

 

2014-08-15 16:03 - 2014-07-25 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

 

2014-08-15 16:03 - 2014-07-25 05:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

 

2014-08-15 16:03 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

 

2014-08-15 16:03 - 2014-07-25 05:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

 

2014-08-15 16:03 - 2014-07-25 05:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

 

2014-08-15 16:03 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

 

2014-08-15 16:03 - 2014-07-25 05:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

 

2014-08-15 16:03 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

 

2014-08-15 16:03 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

 

2014-08-15 16:03 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

 

2014-08-15 16:03 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

 

2014-08-15 16:03 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

 

2014-08-15 16:03 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

 

2014-08-15 16:03 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

 

2014-08-15 16:03 - 2014-07-25 04:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

 

2014-08-15 16:03 - 2014-07-25 04:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

 

2014-08-15 16:03 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

 

2014-08-15 16:03 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

 

2014-08-15 16:03 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

 

2014-08-15 16:03 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

 

2014-08-15 16:03 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

 

2014-08-15 16:03 - 2014-07-25 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

 

2014-08-15 16:03 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

 

2014-08-15 16:03 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

 

2014-08-15 16:03 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

 

2014-08-15 16:03 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

 

2014-08-15 16:03 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

 

2014-08-15 16:03 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

 

2014-08-15 16:03 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

 

2014-08-15 16:03 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

 

2014-08-15 16:03 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

 

2014-08-15 16:03 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

 

2014-08-15 16:01 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

 

2014-08-15 16:01 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

 

2014-08-15 16:01 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

 

2014-08-15 16:01 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

 

2014-08-14 16:37 - 2014-08-29 14:27 - 00001201 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

 

2014-08-14 16:37 - 2014-08-14 16:37 - 00000000 ____D () C:\Users\Nadja\AppData\Local\VS Revo Group

 

2014-08-14 16:37 - 2014-08-14 16:37 - 00000000 ____D () C:\ProgramData\VS Revo Group

 

2014-08-14 16:37 - 2014-08-14 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

 

2014-08-14 16:36 - 2014-08-14 16:36 - 00000000 ____D () C:\Program Files\VS Revo Group

 

2014-08-14 16:36 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys

 

2014-08-14 16:32 - 2014-08-29 15:29 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

 

2014-08-14 16:32 - 2014-08-29 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

 

2014-08-14 16:32 - 2014-08-29 15:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

 

2014-08-14 16:32 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

 

2014-08-14 16:32 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

 

2014-08-14 16:32 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

 

2014-08-14 11:40 - 2014-08-14 11:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

 

2014-08-14 11:40 - 2014-08-14 11:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

 

2014-08-14 11:40 - 2014-08-14 11:40 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

 

2014-08-12 14:47 - 2014-08-12 14:47 - 00766464 _____ ( ) C:\Users\Nadja\Downloads\google-toolbar_setup.exe

 

 

==================== One Month Modified Files and Folders =======

 

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

 

2014-08-31 12:20 - 2014-08-31 12:20 - 00000000 ____D () C:\FRST

 

2014-08-31 12:16 - 2012-06-25 21:03 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

 

2014-08-31 12:14 - 2009-07-13 22:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI

 

2014-08-31 12:11 - 2013-10-23 20:35 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6B05B0FB-5A26-4071-A533-5A38048D1655}

 

2014-08-31 12:11 - 2013-04-12 12:43 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

 

2014-08-31 12:11 - 2012-12-26 01:02 - 01791417 _____ () C:\FaceProv.log

 

2014-08-31 12:11 - 2012-06-25 21:03 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

 

2014-08-31 12:11 - 2012-06-25 20:47 - 00000000 ____D () C:\ProgramData\VeriFace

 

2014-08-31 12:11 - 2012-06-25 20:12 - 01870792 _____ () C:\Windows\WindowsUpdate.log

 

2014-08-30 12:58 - 2014-08-29 12:29 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job

 

2014-08-30 12:41 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

 

2014-08-30 12:41 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

 

2014-08-30 12:36 - 2014-08-30 12:36 - 00002980 _____ () C:\Windows\System32\Tasks\{1EF97660-6949-4441-9D3B-6816692B62EA}

 

2014-08-30 12:34 - 2012-12-26 01:03 - 00000000 ____D () C:\Users\Nadja

 

2014-08-30 12:34 - 2012-06-25 21:07 - 00480208 _____ () C:\Windows\system32\fastboot.set

 

2014-08-30 12:33 - 2014-08-30 12:33 - 00000056 _____ () C:\Windows\setupact.log

 

2014-08-30 12:33 - 2014-08-30 12:33 - 00000000 _____ () C:\Windows\setuperr.log

 

2014-08-30 12:33 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

 

2014-08-30 12:33 - 2009-07-13 21:45 - 00263640 _____ () C:\Windows\system32\FNTCACHE.DAT

 

2014-08-30 12:32 - 2014-08-30 12:32 - 00001088 _____ () C:\Windows\PFRO.log

 

2014-08-30 12:07 - 2014-08-29 15:20 - 00000000 ____D () C:\Users\Nadja\AppData\Local\SearchProtect

 

2014-08-29 15:29 - 2014-08-14 16:32 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

 

2014-08-29 15:29 - 2014-08-14 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

 

2014-08-29 15:29 - 2014-08-14 16:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

 

2014-08-29 15:28 - 2014-08-29 15:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadja\Downloads\mbam-setup-2.0.2.1012.exe

 

2014-08-29 15:05 - 2014-08-29 12:29 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job

 

2014-08-29 15:05 - 2013-05-12 14:55 - 00000000 ____D () C:\Users\Nadja\AppData\Local\Unity

 

2014-08-29 14:53 - 2014-08-29 12:29 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job

 

2014-08-29 14:46 - 2014-08-29 14:46 - 00002010 _____ () C:\Users\Nadja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk

 

2014-08-29 14:46 - 2014-08-29 14:46 - 00001980 _____ () C:\Users\Nadja\Desktop\Update Checker.lnk

 

2014-08-29 14:46 - 2014-08-29 14:46 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com

 

2014-08-29 14:42 - 2013-08-01 11:18 - 00000000 ____D () C:\Program Files (x86)\Java

 

2014-08-29 14:27 - 2014-08-14 16:37 - 00001201 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

 

2014-08-29 14:21 - 2014-08-29 13:11 - 00000485 _____ () C:\DelFix.txt

 

2014-08-29 13:11 - 2014-08-26 18:21 - 00000000 ____D () C:\Windows\ERUNT

 

2014-08-29 12:58 - 2014-08-29 12:29 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP1

 

2014-08-29 12:58 - 2014-08-29 12:29 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP3

 

2014-08-29 12:58 - 2014-08-29 12:29 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP2

 

2014-08-29 12:31 - 2014-08-29 12:29 - 00000316 _____ () C:\Users\Nadja\AppData\Roaming\aps.uninstall.scan.results

 

2014-08-29 12:27 - 2014-08-29 12:27 - 00631680 _____ (ClickMeIn Limited) C:\Users\Nadja\AppData\Local\nsv93E1.tmp

 

2014-08-27 09:13 - 2014-08-27 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter

 

2014-08-27 09:12 - 2014-08-27 09:12 - 00000000 ____D () C:\Users\Nadja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter

 

2014-08-27 09:11 - 2014-08-27 09:11 - 00000000 ____D () C:\Program Files (x86)\SearchProtect

 

2014-08-27 08:58 - 2014-08-27 08:56 - 00000229 _____ () C:\Users\Nadja\BullseyeCoverageError.txt

 

2014-08-27 08:57 - 2013-05-12 14:54 - 00000000 ____D () C:\Users\Nadja\AppData\Local\Deployment

 

2014-08-24 23:26 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache

 

2014-08-22 19:07 - 2014-08-29 12:17 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

 

2014-08-22 18:45 - 2014-08-29 12:17 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

 

2014-08-22 17:59 - 2014-08-29 12:17 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

 

2014-08-21 18:55 - 2014-08-21 18:55 - 00002980 _____ () C:\Windows\System32\Tasks\{F1939288-DC1F-43FB-9588-21D569DB0030}

 

2014-08-21 18:55 - 2014-08-21 18:55 - 00002980 _____ () C:\Windows\System32\Tasks\{0713F309-3C4C-48D5-8B62-E925BBA78894}

 

2014-08-21 18:53 - 2014-08-21 18:53 - 00002980 _____ () C:\Windows\System32\Tasks\{C878813E-F3A3-466E-B5DA-862B70D9DFDA}

 

2014-08-21 18:51 - 2014-08-21 18:51 - 00002980 _____ () C:\Windows\System32\Tasks\{C6371E4D-85A0-44D9-B408-7269DD9FE646}

 

2014-08-21 18:50 - 2014-08-21 18:50 - 00002980 _____ () C:\Windows\System32\Tasks\{4348E318-D244-4355-98DA-7334323C6ABE}

 

2014-08-20 15:04 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

 

2014-08-20 14:48 - 2013-04-12 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

 

2014-08-19 17:47 - 2014-08-19 17:47 - 00000898 _____ () C:\Users\Nadja\Documents\Downloads.lnk

 

2014-08-19 17:43 - 2014-05-07 23:23 - 00000000 ___SD () C:\Windows\system32\CompatTel

 

2014-08-19 17:12 - 2013-09-21 19:35 - 00000000 ____D () C:\Windows\system32\MRT

 

2014-08-19 17:07 - 2014-06-15 11:36 - 00002266 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

 

2014-08-19 17:06 - 2013-09-21 19:35 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

 

2014-08-15 11:58 - 2013-05-07 14:16 - 00000000 ____D () C:\Users\Nadja\AppData\Local\CRE

 

2014-08-15 11:11 - 2012-12-27 23:24 - 00000000 ____D () C:\Users\Nadja\AppData\Local\Google

 

2014-08-14 16:58 - 2012-06-25 21:03 - 00000000 ____D () C:\ProgramData\Google

 

2014-08-14 16:58 - 2012-06-25 21:03 - 00000000 ____D () C:\Program Files\Google

 

2014-08-14 16:58 - 2012-06-25 21:02 - 00000000 ____D () C:\Program Files (x86)\Google

 

2014-08-14 16:37 - 2014-08-14 16:37 - 00000000 ____D () C:\Users\Nadja\AppData\Local\VS Revo Group

 

2014-08-14 16:37 - 2014-08-14 16:37 - 00000000 ____D () C:\ProgramData\VS Revo Group

 

2014-08-14 16:37 - 2014-08-14 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

 

2014-08-14 16:36 - 2014-08-14 16:36 - 00000000 ____D () C:\Program Files\VS Revo Group

 

2014-08-14 11:40 - 2014-08-14 11:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

 

2014-08-14 11:40 - 2014-08-14 11:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

 

2014-08-14 11:40 - 2014-08-14 11:40 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

 

2014-08-14 11:40 - 2014-02-12 19:32 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

 

2014-08-14 11:40 - 2013-04-12 12:43 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

 

2014-08-14 11:40 - 2013-04-12 12:43 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

 

2014-08-14 11:40 - 2013-04-12 12:43 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

 

2014-08-14 11:40 - 2013-04-12 12:43 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys

 

2014-08-14 11:40 - 2013-04-12 12:43 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

 

2014-08-14 11:40 - 2013-04-12 12:43 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

 

2014-08-14 11:40 - 2013-04-12 12:43 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

 

2014-08-12 14:47 - 2014-08-12 14:47 - 00766464 _____ ( ) C:\Users\Nadja\Downloads\google-toolbar_setup.exe

 

2014-08-12 14:25 - 2014-01-11 13:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

 

2014-08-12 14:25 - 2014-01-11 13:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

 

2014-08-12 14:19 - 2014-02-12 19:23 - 00000000 ____D () C:\Users\Nadja\AppData\Roaming\SoftGrid Client

 

2014-08-12 08:41 - 2009-07-13 19:34 - 00000529 _____ () C:\Windows\win.ini

 

2014-08-12 03:10 - 2014-01-11 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

 

2014-08-06 19:06 - 2014-08-15 16:01 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

 

2014-08-06 19:01 - 2014-08-15 16:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

 

2014-08-05 09:20 - 2010-11-20 20:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

 

 

==================== Bamital & volsnap Check =================

 

 

(There is no automatic fix for files that do not pass verification.)

 

 

C:\Windows\System32\winlogon.exe => File is digitally signed

 

C:\Windows\System32\wininit.exe => File is digitally signed

 

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

 

C:\Windows\explorer.exe => File is digitally signed

 

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

 

C:\Windows\System32\svchost.exe => File is digitally signed

 

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

 

C:\Windows\System32\services.exe => File is digitally signed

 

C:\Windows\System32\User32.dll => File is digitally signed

 

C:\Windows\SysWOW64\User32.dll => File is digitally signed

 

C:\Windows\System32\userinit.exe => File is digitally signed

 

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

 

C:\Windows\System32\rpcss.dll => File is digitally signed

 

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

 

LastRegBack: 2014-08-27 08:53


  • 0

#5
islandcat
Posted 02 September 2014 - 01:45 PM

islandcat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 239 posts

jOTL Extras logfile created on: 31/08/2014 6:38:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nadja\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
3.60 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 59.55% Memory free
7.20 Gb Paging File | 5.38 Gb Available in Paging File | 74.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 252.89 Gb Total Space | 214.24 Gb Free Space | 84.71% Space Free | Partition Type: NTFS
Drive D: | 25.47 Gb Total Space | 10.66 Gb Free Space | 41.87% Space Free | Partition Type: NTFS
Drive F: | 6.45 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: NADJA-PC | User Name: Nadja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066C81FC-CADA-440F-8FFB-5013D6B9A120}" = rport=138 | protocol=17 | dir=out | app=system |
"{10A5F925-26F9-4F1D-BFE3-1D50454B5584}" = lport=445 | protocol=6 | dir=in | app=system |
"{147EC636-4FAD-40E1-B0F0-31AE78A7F537}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{1773AA73-9008-4C52-8AE1-3F8F32E528DC}" = rport=137 | protocol=17 | dir=out | app=system |
"{1AAFF528-F753-4371-B8FD-6705A876528D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28F54E42-9DC1-40CA-B3EF-CDBD3AE33218}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2C26DDCC-D347-49D4-8E89-E48D24E028AA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3403B6E2-C06D-4AAA-B5F4-CEA823ADB348}" = rport=139 | protocol=6 | dir=out | app=system |
"{41A9D19E-63EE-492A-963F-D50975AA7935}" = lport=138 | protocol=17 | dir=in | app=system |
"{4632999F-38B8-4EE4-957E-13E3E797FA06}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4D6082D8-2DAB-444F-8C37-343EB7E742D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6FFA0C0C-2246-4760-87D7-CB341A9135CB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7B4D6CCB-FDCE-40F1-8B19-16C16FA59DEB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{835685C5-A494-4E6B-B9F8-5A22C4220D3D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D9C1DE2-276F-4C06-8531-49C4B308F585}" = lport=137 | protocol=17 | dir=in | app=system |
"{A14395DA-6BFA-4CCF-9771-F7AEDB63A23D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1FD607C-A82C-4CE9-893C-255709D19CC7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B9E8B066-6EAB-4612-BABC-B0F5249619EE}" = rport=445 | protocol=6 | dir=out | app=system |
"{C5C23E3D-7887-4243-AECC-AECD1FB133F8}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{D7000426-A000-4EC9-8694-5D7FB9E8ACC0}" = lport=139 | protocol=6 | dir=in | app=system |
"{D8F20EF3-EDB0-402E-8497-A4944CB6B89A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DFDCED33-FCE9-4286-A24C-5CEEDE89092F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E16ADC99-3E62-4F32-822A-3803F3961B2D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F7DEB314-0D7F-4356-8612-9825ECF6040B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{108265CB-0A53-43AF-9BC7-58C878D522A6}" = protocol=1 | dir=in | [email protected],-28543 |
"{1C4EE3EE-52A9-4680-ADDA-36ADDACD501D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{356F0B1D-9052-48ED-AECC-DEEABF11B855}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3C26916F-0690-490C-8432-36E9F8BFFA09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4687034D-FD4B-4C4E-A821-0FAAA242B8B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5301987A-3669-4B80-AE12-72CD7930C826}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{64334253-8218-429F-9755-0815CCBA989D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6CB211D2-B415-46B1-BB88-1CB7AD50EB22}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{78A629F1-CBB4-4979-AC76-C7EB6136A60D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8825BDC8-50E1-45E8-AA82-4ED72EB77BA3}" = protocol=6 | dir=out | app=system |
"{9E75E3A2-0D80-4635-BF73-FBB536D51DF9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A4802DFE-B9CF-4266-A7D5-395739CE932A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A7912785-CA2A-4839-8430-D76F4B731840}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B0447B52-4DB8-47F8-9C63-919A53C37064}" = protocol=58 | dir=in | [email protected],-28545 |
"{B49B0E08-69AB-4968-85F1-547A2E946ECB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B7485712-29DD-4E46-922E-3CB45D914F44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDB113CF-A77A-47D2-A046-FE3E4902BC9A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CFFB6950-58BF-423D-A289-59354F5C2E84}" = protocol=1 | dir=out | [email protected],-28544 |
"{D115406D-CA18-4643-8B52-277771CAF8DB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D2DADC88-4E5F-45D7-A869-F03A72E6B472}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E6E9363D-18CA-4BAE-ABC3-F3C5D6BAFFCA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E93FF0DA-64ED-4C73-8B19-12CD836A84F5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{ED710512-4178-4344-A3DF-E638C3D93F0B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FC9B165D-95A0-4D74-AAEA-44748C2B9B29}" = protocol=58 | dir=out | [email protected],-28546 |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.8
"{71CE3EA7-7F86-9C09-9E2D-F280FD66DAB5}" = AMD Catalyst Install Manager
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{83558A1B-6401-4F43-1167-A7C3C6B8481C}" = AMD Fuel
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87EF9553-DBAB-8017-EECE-AB632CA6BE5C}" = AMD AVIVO64 Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{D6B5D74E-9895-4B6C-7BE3-13DEF6F8482B}" = ccc-utility64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02732E1-2A4F-A9EF-BA7A-247DE51D1357}" = AMD Media Foundation Decoders
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"99841829BE839365AA67B2AD0E50D371F59F8A1E" = Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1)
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = Lenovo pointing device
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0398090D-9539-A2BB-89AF-C78292FDD100}" = CCC Help English
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{097E024D-BE30-4D95-B5F3-B6AE9C1568D4}" = PowerXpressHybrid
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BCB196F-838B-099B-DAF9-D895F47D1169}" = CCC Help French
"{10617854-88B2-BB05-D763-44DE4ECBE52D}" = CCC Help German
"{13DFBB9D-B02A-D176-72EF-0BE8C0E344F3}" = CCC Help Hungarian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros WLAN Client Installation Program
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{319F9E73-E40C-14CB-94A6-8E58DD18E683}" = CCC Help Turkish
"{31D696FB-AA4B-F81D-8851-74D1359E1799}" = CCC Help Greek
"{3270ADD1-4DED-ECA5-3AE1-FB6B12F2A167}" = CCC Help Polish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B9A1DFF-5AB1-7DF4-723A-7044DBD5252A}" = CCC Help Chinese Traditional
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{4033C622-B359-43B7-8BBE-9448B95FAE47}" = Catalyst Control Center - Branding
"{45A8BDA1-3CB1-8189-D281-5C741417E68F}" = CCC Help Russian
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4B4DB3EA-FC9D-6915-A58A-BB214CF6CE8E}" = CCC Help Thai
"{51838B1D-A84E-A939-5C81-75C7ED1ED23D}" = CCC Help Japanese
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{6165AAAB-F6A7-F3E2-71F4-ED4539FA963D}" = CCC Help Finnish
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7EBAD305-38BF-B090-1698-52567129707C}" = CCC Help Dutch
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8AE8D405-EE01-62FF-300B-2BCEDF39A2F5}" = CCC Help Portuguese
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94EC19B3-85F0-BA63-3333-FED0EB2C2346}" = AMD VISION Engine Control Center
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{9FE73119-F35A-51F7-C6EB-5BC1A59C6342}" = Catalyst Control Center InstallProxy
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1888A6B-077E-44FE-5261-D88FD5E2ED98}" = CCC Help Italian
"{A5CD312F-0FA0-7205-0576-220C552A5C5B}" = CCC Help Korean
"{A6763955-1785-517C-E051-A1F1E9BEFB87}" = Catalyst Control Center Profiles Mobile
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey
"{AFE5D988-1C04-29DC-D992-66CECC6BDF11}" = CCC Help Spanish
"{B641BFD0-A114-2D4D-6429-01F0F7396ED7}" = CCC Help Danish
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{C6640705-7479-4EE5-BC86-879F05F65E74}" = Google Drive
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C91BA8BE-C12B-71CA-AB0D-4260BD55D6BB}" = Catalyst Control Center Graphics Previews Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D027CF57-0205-CCD4-40E7-E8A57C047903}" = CCC Help Norwegian
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D94EA359-4C2D-DFDF-EA2E-6C8FE818D186}" = CCC Help Swedish
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F329C3CE-81FE-EE21-6684-4629C59689DB}" = CCC Help Chinese Standard
"{F4317B17-8BA1-B046-E301-436275BBF621}" = Catalyst Control Center Localization All
"{F75137CD-5051-34F4-1217-F0B98A75D188}" = CCC Help Czech
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"avast" = avast! Free Antivirus
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"inethnfd" = OffersWizard Network System Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"VeriFace" = VeriFace
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30/08/2014 3:34:41 PM | Computer Name = Nadja-PC | Source = Windows Search Service | ID = 9002
Description =
 
Error - 30/08/2014 3:34:41 PM | Computer Name = Nadja-PC | Source = Windows Search Service | ID = 3029
Description =
 
Error - 30/08/2014 3:34:43 PM | Computer Name = Nadja-PC | Source = Windows Search Service | ID = 3029
Description =
 
Error - 30/08/2014 3:34:43 PM | Computer Name = Nadja-PC | Source = Windows Search Service | ID = 3028
Description =
 
Error - 30/08/2014 3:34:43 PM | Computer Name = Nadja-PC | Source = Windows Search Service | ID = 3058
Description =
 
Error - 30/08/2014 3:34:43 PM | Computer Name = Nadja-PC | Source = Windows Search Service | ID = 7010
Description =
 
Error - 30/08/2014 3:34:45 PM | Computer Name = Nadja-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 30/08/2014 3:37:28 PM | Computer Name = Nadja-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:
 0x53518532  Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
 0x4df2be1e  Exception code: 0x40000015  Fault offset: 0x0008d6fd  Faulting process id:
 0xbe0  Faulting application start time: 0x01cfc489d1159d4a  Faulting application path:
 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe  Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll  Report Id: 12c3f3e0-307d-11e4-9cf7-dc0ea1f9c595
 
Error - 30/08/2014 3:39:09 PM | Computer Name = Nadja-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:
 0x53518532  Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
 0x4df2be1e  Exception code: 0x40000015  Fault offset: 0x0008d6fd  Faulting process id:
 0x1098  Faulting application start time: 0x01cfc48a10a7be0f  Faulting application path:
 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe  Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll  Report Id: 4f10e294-307d-11e4-9cf7-dc0ea1f9c595
 
Error - 30/08/2014 3:39:25 PM | Computer Name = Nadja-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:
 0x53518532  Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
 0x4df2be1e  Exception code: 0x40000015  Fault offset: 0x0008d6fd  Faulting process id:
 0xa10  Faulting application start time: 0x01cfc48a1a8a961d  Faulting application path:
 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe  Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll  Report Id: 58a53cb7-307d-11e4-9cf7-dc0ea1f9c595
 
[ System Events ]
Error - 29/08/2014 5:17:00 PM | Computer Name = Nadja-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 29/08/2014 6:05:54 PM | Computer Name = Nadja-PC | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
   %%2
 
Error - 29/08/2014 6:06:06 PM | Computer Name = Nadja-PC | Source = Microsoft-Windows-GroupPolicy | ID = 1096
Description = The processing of Group Policy failed. Windows could not apply the
 registry-based policy settings for the Group Policy object LocalGPO. Group Policy
 settings will not be resolved until this event is resolved. View the event details
 for more information on the file name and path that caused the failure.
 
Error - 29/08/2014 6:09:45 PM | Computer Name = Nadja-PC | Source = DCOM | ID = 10010
Description =
 
Error - 30/08/2014 3:07:37 PM | Computer Name = Nadja-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the Wlansvc service.
 
Error - 30/08/2014 3:33:56 PM | Computer Name = Nadja-PC | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
   %%2
 
Error - 30/08/2014 3:33:58 PM | Computer Name = Nadja-PC | Source = Service Control Manager | ID = 7000
Description = The Search Protect Service service failed to start due to the following
 error:   %%2
 
Error - 30/08/2014 3:34:25 PM | Computer Name = Nadja-PC | Source = Microsoft-Windows-GroupPolicy | ID = 1096
Description = The processing of Group Policy failed. Windows could not apply the
 registry-based policy settings for the Group Policy object LocalGPO. Group Policy
 settings will not be resolved until this event is resolved. View the event details
 for more information on the file name and path that caused the failure.
 
Error - 30/08/2014 3:34:46 PM | Computer Name = Nadja-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.
 
Error - 30/08/2014 3:34:47 PM | Computer Name = Nadja-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 30000 milliseconds:
 Restart the service.
 
 
< End of report >
 


  • 0

#6
Machiavelli
Posted 03 September 2014 - 05:27 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

Are you reading my instructions?


  • 0

#7
islandcat
Posted 03 September 2014 - 12:14 PM

islandcat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 239 posts

Yes and just realized sent you wrong reports. Sorry will get rid of OTL and send what you asked.


  • 0

#8
islandcat
Posted 03 September 2014 - 12:57 PM

islandcat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 239 posts

Please ignore previous scans.

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Nadja (administrator) on NADJA-PC on 03-09-2014 11:44:16
Running from C:\Users\Nadja\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2809856 2012-01-16] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2012-03-01] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8071680 2012-06-25] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6193152 2012-06-25] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-06-25] (Lenovo)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LockKey] => C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-06-25] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-14] (AVAST Software)
HKU\S-1-5-21-1218720105-1143995056-975841209-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-08-14] (Google Inc.)
HKU\S-1-5-21-1218720105-1143995056-975841209-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-1218720105-1143995056-975841209-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1218720105-1143995056-975841209-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [232896 2014-08-14] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187328 2014-08-14] (Client Connect LTD)
Startup: C:\Users\Nadja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RapidMediaConverterApp.lnk
ShortcutTarget: RapidMediaConverterApp.lnk -> C:\Program Files (x86)\RapidMediaConverter\RapidMediaConverterApp.exe (No File)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...D6D299E73&SSPV=
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found ()
Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nadja\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-12]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3321486&octid=EB_ORIGINAL_CTID&ISID=MAD3D6DE6-6671-4C55-BCF4-FB4CB52CBC8E&SearchSource=55&CUI=&UM=6&UP=SP228671FD-466C-41FC-86D3-826D6D299E73&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3321486&octid=EB_ORIGINAL_CTID&ISID=MAD3D6DE6-6671-4C55-BCF4-FB4CB52CBC8E&SearchSource=55&CUI=&UM=6&UP=SP228671FD-466C-41FC-86D3-826D6D299E73&SSPV="
CHR Profile: C:\Users\Nadja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nadja\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-21]
CHR Extension: (avast! Online Security) - C:\Users\Nadja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-21]
CHR Extension: (Boost) - C:\Users\Nadja\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn [2014-08-27]
CHR Extension: (Google Wallet) - C:\Users\Nadja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-03-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-14] (AVAST Software)
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-14] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-14] ()
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
U3 SQLWriter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 11:44 - 2014-09-03 11:44 - 00015629 _____ () C:\Users\Nadja\Downloads\FRST.txt
2014-09-03 11:43 - 2014-09-03 11:44 - 02104832 _____ (Farbar) C:\Users\Nadja\Downloads\FRST64.exe
2014-09-02 12:19 - 2014-09-02 12:19 - 00000000 ____D () C:\Users\Nadja\Documents\Youcam
2014-09-01 20:40 - 2014-09-01 20:40 - 00055822 _____ () C:\Users\Nadja\Documents\Extras.Txt
2014-08-31 18:53 - 2014-08-31 22:40 - 00086174 _____ () C:\Users\Nadja\Downloads\OTL.Txt
2014-08-31 18:53 - 2014-08-31 18:53 - 00055822 _____ () C:\Users\Nadja\Downloads\Extras.Txt
2014-08-31 18:37 - 2014-08-31 18:37 - 00602112 _____ (OldTimer Tools) C:\Users\Nadja\Downloads\OTL.exe
2014-08-31 13:15 - 2014-08-31 13:15 - 00041571 _____ () C:\Users\Nadja\Documents\FRST.txt
2014-08-31 12:20 - 2014-09-03 11:44 - 00000000 ____D () C:\FRST
2014-08-30 12:36 - 2014-08-30 12:36 - 00002980 _____ () C:\Windows\System32\Tasks\{1EF97660-6949-4441-9D3B-6816692B62EA}
2014-08-30 12:33 - 2014-08-30 12:33 - 00000056 _____ () C:\Windows\setupact.log
2014-08-30 12:33 - 2014-08-30 12:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-30 12:32 - 2014-08-30 12:32 - 00001088 _____ () C:\Windows\PFRO.log
2014-08-29 15:27 - 2014-08-29 15:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadja\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-29 15:20 - 2014-08-30 12:07 - 00000000 ____D () C:\Users\Nadja\AppData\Local\SearchProtect
2014-08-29 14:46 - 2014-08-29 14:46 - 00002010 _____ () C:\Users\Nadja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-08-29 14:46 - 2014-08-29 14:46 - 00001980 _____ () C:\Users\Nadja\Desktop\Update Checker.lnk
2014-08-29 14:46 - 2014-08-29 14:46 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-08-29 13:11 - 2014-08-29 14:21 - 00000485 _____ () C:\DelFix.txt
2014-08-29 12:29 - 2014-08-30 12:58 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-08-29 12:29 - 2014-08-29 15:05 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-08-29 12:29 - 2014-08-29 14:53 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-08-29 12:29 - 2014-08-29 12:58 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-08-29 12:29 - 2014-08-29 12:58 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-08-29 12:29 - 2014-08-29 12:58 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-08-29 12:29 - 2014-08-29 12:31 - 00000316 _____ () C:\Users\Nadja\AppData\Roaming\aps.uninstall.scan.results
2014-08-29 12:27 - 2014-08-29 12:27 - 00631680 _____ (ClickMeIn Limited) C:\Users\Nadja\AppData\Local\nsv93E1.tmp
2014-08-29 12:17 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 12:17 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 12:17 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 09:13 - 2014-08-27 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter
2014-08-27 09:12 - 2014-08-27 09:12 - 00000000 ____D () C:\Users\Nadja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter
2014-08-27 09:11 - 2014-08-27 09:11 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-08-27 08:56 - 2014-08-27 08:58 - 00000229 _____ () C:\Users\Nadja\BullseyeCoverageError.txt
2014-08-26 18:21 - 2014-08-29 13:11 - 00000000 ____D () C:\Windows\ERUNT
2014-08-24 22:10 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-21 18:55 - 2014-08-21 18:55 - 00002980 _____ () C:\Windows\System32\Tasks\{F1939288-DC1F-43FB-9588-21D569DB0030}
2014-08-21 18:55 - 2014-08-21 18:55 - 00002980 _____ () C:\Windows\System32\Tasks\{0713F309-3C4C-48D5-8B62-E925BBA78894}
2014-08-21 18:53 - 2014-08-21 18:53 - 00002980 _____ () C:\Windows\System32\Tasks\{C878813E-F3A3-466E-B5DA-862B70D9DFDA}
2014-08-21 18:51 - 2014-08-21 18:51 - 00002980 _____ () C:\Windows\System32\Tasks\{C6371E4D-85A0-44D9-B408-7269DD9FE646}
2014-08-21 18:50 - 2014-08-21 18:50 - 00002980 _____ () C:\Windows\System32\Tasks\{4348E318-D244-4355-98DA-7334323C6ABE}
2014-08-19 17:47 - 2014-08-19 17:47 - 00000898 _____ () C:\Users\Nadja\Documents\Downloads.lnk
2014-08-19 16:51 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-19 16:51 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-19 16:51 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-19 16:51 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-19 16:51 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-19 16:51 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-19 16:50 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-19 16:50 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 16:04 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 16:04 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 16:04 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 16:04 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 16:04 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 16:04 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 16:04 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 16:04 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 16:04 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 16:04 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 16:04 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 16:04 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 16:04 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 16:04 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 16:04 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 16:04 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 16:04 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 16:04 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 16:04 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 16:04 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 16:04 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 16:03 - 2014-07-31 16:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 16:03 - 2014-07-31 16:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 16:03 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 16:03 - 2014-07-25 07:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 16:03 - 2014-07-25 07:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 16:03 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 16:03 - 2014-07-25 06:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 16:03 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 16:03 - 2014-07-25 06:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 16:03 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 16:03 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 16:03 - 2014-07-25 06:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 16:03 - 2014-07-25 06:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 16:03 - 2014-07-25 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 16:03 - 2014-07-25 06:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 16:03 - 2014-07-25 06:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 16:03 - 2014-07-25 06:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 16:03 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 16:03 - 2014-07-25 05:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 16:03 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 16:03 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 16:03 - 2014-07-25 05:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 16:03 - 2014-07-25 05:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 16:03 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 16:03 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 16:03 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 16:03 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 16:03 - 2014-07-25 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 16:03 - 2014-07-25 05:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 16:03 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 16:03 - 2014-07-25 05:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 16:03 - 2014-07-25 05:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 16:03 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 16:03 - 2014-07-25 05:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 16:03 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 16:03 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 16:03 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 16:03 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 16:03 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 16:03 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 16:03 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 16:03 - 2014-07-25 04:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 16:03 - 2014-07-25 04:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 16:03 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 16:03 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 16:03 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 16:03 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 16:03 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 16:03 - 2014-07-25 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 16:03 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 16:03 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 16:03 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 16:03 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 16:03 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 16:03 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 16:03 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 16:03 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 16:03 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 16:03 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 16:01 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 16:01 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 16:01 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 16:01 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 16:37 - 2014-08-29 14:27 - 00001201 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-08-14 16:37 - 2014-08-14 16:37 - 00000000 ____D () C:\Users\Nadja\AppData\Local\VS Revo Group
2014-08-14 16:37 - 2014-08-14 16:37 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-08-14 16:37 - 2014-08-14 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-08-14 16:36 - 2014-08-14 16:36 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-08-14 16:36 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-08-14 16:32 - 2014-08-29 15:29 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-14 16:32 - 2014-08-29 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-14 16:32 - 2014-08-29 15:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-14 16:32 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-14 16:32 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-14 16:32 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-14 11:40 - 2014-08-14 11:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-14 11:40 - 2014-08-14 11:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-14 11:40 - 2014-08-14 11:40 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-12 14:47 - 2014-08-12 14:47 - 00766464 _____ ( ) C:\Users\Nadja\Downloads\google-toolbar_setup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 11:44 - 2014-09-03 11:44 - 00015629 _____ () C:\Users\Nadja\Downloads\FRST.txt
2014-09-03 11:44 - 2014-09-03 11:43 - 02104832 _____ (Farbar) C:\Users\Nadja\Downloads\FRST64.exe
2014-09-03 11:44 - 2014-08-31 12:20 - 00000000 ____D () C:\FRST
2014-09-03 11:44 - 2009-07-13 22:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-03 11:43 - 2012-06-25 21:03 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-03 11:42 - 2013-10-23 20:35 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6B05B0FB-5A26-4071-A533-5A38048D1655}
2014-09-03 11:42 - 2013-04-12 12:43 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-03 11:42 - 2012-12-26 01:02 - 01802141 _____ () C:\FaceProv.log
2014-09-03 11:42 - 2012-06-25 20:47 - 00000000 ____D () C:\ProgramData\VeriFace
2014-09-03 06:31 - 2012-06-25 21:03 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-03 06:18 - 2012-06-25 20:12 - 01985175 _____ () C:\Windows\WindowsUpdate.log
2014-09-02 12:19 - 2014-09-02 12:19 - 00000000 ____D () C:\Users\Nadja\Documents\Youcam
2014-09-01 20:40 - 2014-09-01 20:40 - 00055822 _____ () C:\Users\Nadja\Documents\Extras.Txt
2014-08-31 22:40 - 2014-08-31 18:53 - 00086174 _____ () C:\Users\Nadja\Downloads\OTL.Txt
2014-08-31 18:53 - 2014-08-31 18:53 - 00055822 _____ () C:\Users\Nadja\Downloads\Extras.Txt
2014-08-31 18:37 - 2014-08-31 18:37 - 00602112 _____ (OldTimer Tools) C:\Users\Nadja\Downloads\OTL.exe
2014-08-31 13:15 - 2014-08-31 13:15 - 00041571 _____ () C:\Users\Nadja\Documents\FRST.txt
2014-08-30 12:58 - 2014-08-29 12:29 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-08-30 12:41 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-30 12:41 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-30 12:36 - 2014-08-30 12:36 - 00002980 _____ () C:\Windows\System32\Tasks\{1EF97660-6949-4441-9D3B-6816692B62EA}
2014-08-30 12:34 - 2012-12-26 01:03 - 00000000 ____D () C:\Users\Nadja
2014-08-30 12:34 - 2012-06-25 21:07 - 00480208 _____ () C:\Windows\system32\fastboot.set
2014-08-30 12:33 - 2014-08-30 12:33 - 00000056 _____ () C:\Windows\setupact.log
2014-08-30 12:33 - 2014-08-30 12:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-30 12:33 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-30 12:33 - 2009-07-13 21:45 - 00263640 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-30 12:32 - 2014-08-30 12:32 - 00001088 _____ () C:\Windows\PFRO.log
2014-08-30 12:07 - 2014-08-29 15:20 - 00000000 ____D () C:\Users\Nadja\AppData\Local\SearchProtect
2014-08-29 15:29 - 2014-08-14 16:32 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-29 15:29 - 2014-08-14 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-29 15:29 - 2014-08-14 16:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-29 15:28 - 2014-08-29 15:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadja\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-29 15:05 - 2014-08-29 12:29 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-08-29 15:05 - 2013-05-12 14:55 - 00000000 ____D () C:\Users\Nadja\AppData\Local\Unity
2014-08-29 14:53 - 2014-08-29 12:29 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-08-29 14:46 - 2014-08-29 14:46 - 00002010 _____ () C:\Users\Nadja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-08-29 14:46 - 2014-08-29 14:46 - 00001980 _____ () C:\Users\Nadja\Desktop\Update Checker.lnk
2014-08-29 14:46 - 2014-08-29 14:46 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-08-29 14:42 - 2013-08-01 11:18 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-29 14:27 - 2014-08-14 16:37 - 00001201 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-08-29 14:21 - 2014-08-29 13:11 - 00000485 _____ () C:\DelFix.txt
2014-08-29 13:11 - 2014-08-26 18:21 - 00000000 ____D () C:\Windows\ERUNT
2014-08-29 12:58 - 2014-08-29 12:29 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-08-29 12:58 - 2014-08-29 12:29 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-08-29 12:58 - 2014-08-29 12:29 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-08-29 12:31 - 2014-08-29 12:29 - 00000316 _____ () C:\Users\Nadja\AppData\Roaming\aps.uninstall.scan.results
2014-08-29 12:27 - 2014-08-29 12:27 - 00631680 _____ (ClickMeIn Limited) C:\Users\Nadja\AppData\Local\nsv93E1.tmp
2014-08-27 09:13 - 2014-08-27 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter
2014-08-27 09:12 - 2014-08-27 09:12 - 00000000 ____D () C:\Users\Nadja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter
2014-08-27 09:11 - 2014-08-27 09:11 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-08-27 08:58 - 2014-08-27 08:56 - 00000229 _____ () C:\Users\Nadja\BullseyeCoverageError.txt
2014-08-27 08:57 - 2013-05-12 14:54 - 00000000 ____D () C:\Users\Nadja\AppData\Local\Deployment
2014-08-24 23:26 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-22 19:07 - 2014-08-29 12:17 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:45 - 2014-08-29 12:17 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 17:59 - 2014-08-29 12:17 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 18:55 - 2014-08-21 18:55 - 00002980 _____ () C:\Windows\System32\Tasks\{F1939288-DC1F-43FB-9588-21D569DB0030}
2014-08-21 18:55 - 2014-08-21 18:55 - 00002980 _____ () C:\Windows\System32\Tasks\{0713F309-3C4C-48D5-8B62-E925BBA78894}
2014-08-21 18:53 - 2014-08-21 18:53 - 00002980 _____ () C:\Windows\System32\Tasks\{C878813E-F3A3-466E-B5DA-862B70D9DFDA}
2014-08-21 18:51 - 2014-08-21 18:51 - 00002980 _____ () C:\Windows\System32\Tasks\{C6371E4D-85A0-44D9-B408-7269DD9FE646}
2014-08-21 18:50 - 2014-08-21 18:50 - 00002980 _____ () C:\Windows\System32\Tasks\{4348E318-D244-4355-98DA-7334323C6ABE}
2014-08-20 15:04 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-20 14:48 - 2013-04-12 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-19 17:47 - 2014-08-19 17:47 - 00000898 _____ () C:\Users\Nadja\Documents\Downloads.lnk
2014-08-19 17:43 - 2014-05-07 23:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-19 17:12 - 2013-09-21 19:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-19 17:07 - 2014-06-15 11:36 - 00002266 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-19 17:06 - 2013-09-21 19:35 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 11:58 - 2013-05-07 14:16 - 00000000 ____D () C:\Users\Nadja\AppData\Local\CRE
2014-08-15 11:11 - 2012-12-27 23:24 - 00000000 ____D () C:\Users\Nadja\AppData\Local\Google
2014-08-14 16:58 - 2012-06-25 21:03 - 00000000 ____D () C:\ProgramData\Google
2014-08-14 16:58 - 2012-06-25 21:03 - 00000000 ____D () C:\Program Files\Google
2014-08-14 16:58 - 2012-06-25 21:02 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-14 16:37 - 2014-08-14 16:37 - 00000000 ____D () C:\Users\Nadja\AppData\Local\VS Revo Group
2014-08-14 16:37 - 2014-08-14 16:37 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-08-14 16:37 - 2014-08-14 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-08-14 16:36 - 2014-08-14 16:36 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-08-14 11:40 - 2014-08-14 11:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-14 11:40 - 2014-08-14 11:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-14 11:40 - 2014-08-14 11:40 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-14 11:40 - 2014-02-12 19:32 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-14 11:40 - 2013-04-12 12:43 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-14 11:40 - 2013-04-12 12:43 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-14 11:40 - 2013-04-12 12:43 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-14 11:40 - 2013-04-12 12:43 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-14 11:40 - 2013-04-12 12:43 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-14 11:40 - 2013-04-12 12:43 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-14 11:40 - 2013-04-12 12:43 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-12 14:47 - 2014-08-12 14:47 - 00766464 _____ ( ) C:\Users\Nadja\Downloads\google-toolbar_setup.exe
2014-08-12 14:25 - 2014-01-11 13:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-12 14:25 - 2014-01-11 13:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-12 14:19 - 2014-02-12 19:23 - 00000000 ____D () C:\Users\Nadja\AppData\Roaming\SoftGrid Client
2014-08-12 08:41 - 2009-07-13 19:34 - 00000529 _____ () C:\Windows\win.ini
2014-08-12 03:10 - 2014-01-11 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-06 19:06 - 2014-08-15 16:01 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 19:01 - 2014-08-15 16:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2010-11-20 20:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-27 08:53

==================== End Of Log ============================


  • 0

#9
islandcat
Posted 03 September 2014 - 01:00 PM

islandcat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 239 posts

FRST scan addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by Nadja at 2014-09-03 11:48:40
Running from C:\Users\Nadja\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.851.4 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 12.1.0.20321 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{71CE3EA7-7F86-9C09-9E2D-F280FD66DAB5}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0321.2215.37961 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70321.2226 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0321.2215.37961 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros WLAN Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0321.2215.37961 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0321.2215.37961 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0321.2215.37961 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0321.2215.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0321.2215.37961 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.34.0 - Conexant)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.11 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.3 - Lenovo)
Energy Management (x32 Version: 7.0.3.3 - Lenovo) Hidden
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.12.204.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.9 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3712 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3712 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 10.4.2.8 - ELAN Microelectronic Corp.)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
LockKey (HKLM-x32\...\InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}) (Version: 1.38.1.2 - Lenovo)
LockKey (x32 Version: 1.38.1.2 - Lenovo) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
OffersWizard Network System Driver (HKLM-x32\...\inethnfd) (Version: 1.0.0.3001 - ) <==== ATTENTION
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39016 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)
VLC media player 2.0.2 (HKLM-x32\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

29-08-2014 21:20:23 End of disinfection
29-08-2014 21:29:33 Revo Uninstaller Pro's restore point - Java 7 Update 55
29-08-2014 21:30:40 Removed Java 7 Update 55
29-08-2014 21:52:43 Revo Uninstaller Pro's restore point - AnyProtect
29-08-2014 21:55:08 Revo Uninstaller Pro's restore point - Boost for Internet Explorer
29-08-2014 21:58:46 Revo Uninstaller Pro's restore point - RapidMediaConverter
29-08-2014 22:01:03 Revo Uninstaller Pro's restore point - Remote Desktop Access (VuuPC)
29-08-2014 22:13:23 Revo Uninstaller Pro's restore point - Adobe Flash Player 14 ActiveX
29-08-2014 22:16:02 Revo Uninstaller Pro's restore point - Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
29-08-2014 22:16:37 Removed Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
29-08-2014 22:18:10 Revo Uninstaller Pro's restore point - Search Protect
30-08-2014 19:07:48 Windows Update
01-09-2014 02:00:35 Windows Backup
02-09-2014 23:13:46 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0F9EBB7D-8D34-4C5C-BC42-2DFA88275CBD} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-28] (CyberLink)
Task: {14F4D0F0-5645-4CE1-947A-368CB91B5FAD} - System32\Tasks\{4348E318-D244-4355-98DA-7334323C6ABE} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-05-12] (Malwarebytes Corporation)
Task: {19F52C4E-1DDF-4A8C-8386-26AADDB5B2DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25] (Google Inc.)
Task: {405B6F54-E49C-469F-B1BC-D984995FD7DA} - System32\Tasks\Health-Check-deep => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: {45B8B226-D9BE-4E54-AA8F-4D1D54F48EC9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-14] (AVAST Software)
Task: {6E000423-767D-4A45-9E3C-FFF5824BAE36} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {8BA53C00-9AE7-493E-BDF0-699EADEA146B} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {8EB57BFF-484D-4580-B8FF-6BCAFB47F19A} - System32\Tasks\{0713F309-3C4C-48D5-8B62-E925BBA78894} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-05-12] (Malwarebytes Corporation)
Task: {A3D02FAA-C94E-44F5-ACA1-4A6D87A72BDB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AD11CCFA-98EE-41AB-86A1-D050EE686D7B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C08B67E0-2EF0-4BD5-9173-CC57429ED8EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25] (Google Inc.)
Task: {CF33A5DF-A848-4C72-926B-6474003466CD} - System32\Tasks\{F1939288-DC1F-43FB-9588-21D569DB0030} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-05-12] (Malwarebytes Corporation)
Task: {D23B5BB3-0054-4CD9-B946-987CF778D6B8} - System32\Tasks\{1EF97660-6949-4441-9D3B-6816692B62EA} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-05-12] (Malwarebytes Corporation)
Task: {D9D8AE21-2923-457A-B64A-E899069DCF48} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {DB45E8F2-5E59-4F07-A334-FF9429C341E6} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {E4954C70-550B-4EF3-A7B7-48AD142ECB81} - System32\Tasks\{C6371E4D-85A0-44D9-B408-7269DD9FE646} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-05-12] (Malwarebytes Corporation)
Task: {F6E61165-F0FC-44FA-AC4F-B3D3F05425F4} - System32\Tasks\{C878813E-F3A3-466E-B5DA-862B70D9DFDA} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-05-12] (Malwarebytes Corporation)
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-03-21 22:30 - 2012-03-21 22:30 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-06-25 20:47 - 2012-06-25 20:47 - 00628064 _____ () C:\Windows\system32\SimpleExt.dll
2008-12-20 03:20 - 2012-06-25 21:06 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-02-21 13:06 - 2012-06-25 21:06 - 01490944 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2008-12-20 03:20 - 2012-06-25 21:06 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-03-21 22:30 - 2012-03-21 22:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-11-09 09:55 - 2011-11-09 09:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-03-21 22:09 - 2012-03-21 22:09 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-08-14 11:40 - 2014-08-14 11:40 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-30 12:08 - 2014-08-30 12:08 - 02805248 _____ () C:\Program Files\AVAST Software\Avast\defs\14083001\algo.dll
2014-09-03 06:19 - 2014-09-03 06:19 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\14090300\algo.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-06-25 20:47 - 2012-06-25 20:47 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2014-08-14 11:40 - 2014-08-14 11:40 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2014 00:00:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.2.183.21, time stamp: 0x4b95e661
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000223e0
Faulting process id: 0xa80
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3

Error: (08/31/2014 07:05:23 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: There is not enough free space on the backup storage location to back up the data. (0x80780048).

Error: (08/30/2014 00:39:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xa10
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/30/2014 00:39:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1098
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/30/2014 00:37:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xbe0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/30/2014 00:34:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2014 00:34:43 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2014 00:34:43 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2014 00:34:43 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2014 00:34:43 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)

System errors:
=============
Error: (08/30/2014 00:34:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/30/2014 00:34:46 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (08/30/2014 00:34:25 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: Nadja-PC)
Description: The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.

Error: (08/30/2014 00:33:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Protect Service service failed to start due to the following error:
%%2

Error: (08/30/2014 00:33:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bonjour Service service failed to start due to the following error:
%%2

Error: (08/30/2014 00:07:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (08/29/2014 03:09:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {73C9DFA0-750D-11E1-B0C4-0800200C9A66}

Error: (08/29/2014 03:06:06 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: Nadja-PC)
Description: The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.

Error: (08/29/2014 03:05:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bonjour Service service failed to start due to the following error:
%%2

Error: (08/29/2014 02:17:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Microsoft Office Sessions:
=========================
Error: (09/02/2014 00:00:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.2.183.214b95e661ntdll.dll6.1.7601.18247521ea8e7c0000005000223e0a8001cfc6df2b2587c1C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll758b179c-32d3-11e4-9cf7-dc0ea1f9c595

Error: (08/31/2014 07:05:23 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: There is not enough free space on the backup storage location to back up the data. (0x80780048)

Error: (08/30/2014 00:39:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fda1001cfc48a1a8a961dC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll58a53cb7-307d-11e4-9cf7-dc0ea1f9c595

Error: (08/30/2014 00:39:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd109801cfc48a10a7be0fC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll4f10e294-307d-11e4-9cf7-dc0ea1f9c595

Error: (08/30/2014 00:37:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdbe001cfc489d1159d4aC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll12c3f3e0-307d-11e4-9cf7-dc0ea1f9c595

Error: (08/30/2014 00:34:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2014 00:34:43 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2014 00:34:43 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2014 00:34:43 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2014 00:34:43 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

CodeIntegrity Errors:
===================================
  Date: 2012-12-30 14:13:36.246
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\SETDA70.tmp because the set of per-page image hashes could not be found on the system.

  Date: 2012-12-30 14:13:36.122
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\SETDA70.tmp because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD E1-1200 APU with Radeon™ HD Graphics
Percentage of memory in use: 47%
Total physical RAM: 3689.37 MB
Available physical RAM: 1925.27 MB
Total Pagefile: 7376.91 MB
Available Pagefile: 5239.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:252.89 GB) (Free:213.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:10.6 GB) NTFS
Drive f: (DIARY_OF_A_WIMPY_KID_DOG_DAYS) (CDROM) (Total:6.45 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 0C27766B)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=252.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.5 GB) - (Type=12)

==================== End Of Log ============================


  • 0

#10
Machiavelli
Posted 03 September 2014 - 01:37 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

I have asked this in my first post: 

 

Please describe your problem.

 


  • 0

Advertisements

#11
islandcat
Posted 03 September 2014 - 11:17 PM

islandcat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 239 posts

Sorry I was hit by V9.com and with help from here got rid of it. While cleaning up left over files got hit with Trovi.com. Thats why I posted OTL in the beginning.

 

rather than attempt to try and get rid of it myself thought I would ask for professional help on here.


Edited by islandcat, 03 September 2014 - 11:19 PM.

  • 0

#12
Machiavelli
Posted 04 September 2014 - 03:06 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

Running from C:\Users\Nadja\Downloads

Please save all tools on your Desktop.

 
Part I: Warnings
 
 

  • Warning I

That isn't really a warning of me - but I noticed that you were helped several times over here. Maybe you should think of what you are downloading that you don't get any Malware etc. - I will give you tips when we are finished with the Malware Removal
 
Part II: Uninstalls

 

We need to remove programs using "Programs and Features"

Click the "Start" orb on the taskbar, and then click the "Control Panel" button.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

OffersWizard Network System Driver)

Additional instructions can be found here if needed.
 
 
Part III: Action
 
 
 
Step 1: FRST Fix
 
We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

Step 2: Adwarecleaner
 
Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1

  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here:C:\AdwCleaner\
 
Step 3: Junkware Removal Tool
 
thisisujrt.gifPlease download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 
Step 4: FRST Scan

  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

 
 
Part IV: Logs request
 
 
 
For the next time I need to see following logs:-

  • FRST Log
  • Junkware Removal Tool log
  • Adwarecleaner Log
  • FRST fixlog

Please also tell me how your computer is running currently. If you have any issues please tell me which.

Attached Files


  • 0

#13
islandcat
Posted 04 September 2014 - 07:59 PM

islandcat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 239 posts
1.FRST log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014 02
Ran by Nadja at 2014-09-04 14:22:57 Run:1
Running from C:\Users\Nadja\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [232896 2014-08-14] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187328 2014-08-14] (Client Connect LTD)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...D6D299E73&SSPV=
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found ()
Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3321486&octid=EB_ORIGINAL_CTID&ISID=MAD3D6DE6-6671-4C55-BCF4-FB4CB52CBC8E&SearchSource=55&CUI=&UM=6&UP=SP228671FD-466C-41FC-86D3-826D6D299E73&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3321486&octid=EB_ORIGINAL_CTID&ISID=MAD3D6DE6-6671-4C55-BCF4-FB4CB52CBC8E&SearchSource=55&CUI=&UM=6&UP=SP228671FD-466C-41FC-86D3-826D6D299E73&SSPV="
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]
2014-08-27 09:11 - 2014-08-27 09:11 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
Task: {8BA53C00-9AE7-493E-BDF0-699EADEA146B} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {D9D8AE21-2923-457A-B64A-E899069DCF48} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {DB45E8F2-5E59-4F07-A334-FF9429C341E6} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
C:\Program Files (x86)\AnyProtectEx
*****************

"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data removed successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => Key not found.
Winsock: Catalog entry 000000000009 => Deleted successfully.
Winsock: Catalog entry 000000000009 => Deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
CltMngSvc => Service deleted successfully.
C:\Program Files (x86)\SearchProtect => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8BA53C00-9AE7-493E-BDF0-699EADEA146B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BA53C00-9AE7-493E-BDF0-699EADEA146B}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9D8AE21-2923-457A-B64A-E899069DCF48}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9D8AE21-2923-457A-B64A-E899069DCF48}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB45E8F2-5E59-4F07-A334-FF9429C341E6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB45E8F2-5E59-4F07-A334-FF9429C341E6}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => Key deleted successfully.
C:\Windows\Tasks\APSnotifierPP1.job => Moved successfully.
C:\Windows\Tasks\APSnotifierPP2.job => Moved successfully.
C:\Windows\Tasks\APSnotifierPP3.job => Moved successfully.
"C:\Program Files (x86)\AnyProtectEx" => File/Directory not found.

==== End of Fixlog ====
  • 0

#14
islandcat
Posted 04 September 2014 - 09:15 PM

islandcat

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 239 posts

2.Junkware log
j~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Nadja on 04/09/2014 at 19:18:43.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 04/09/2014 at 19:42:29.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This doesn't seem right does it?

3. Adware log

# AdwCleaner v3.309 - Report created 04/09/2014 at 14:42:06
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Nadja - NADJA-PC
# Running from : C:\Users\Nadja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WXFYEHY\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Nadja\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Nadja\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn
[!] Folder Deleted : C:\Users\Nadja\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn
File Deleted : C:\Users\Nadja\AppData\Roaming\aps.uninstall.scan.results

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Google Chrome v36.0.1985.143

[ File : C:\Users\Nadja\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321486&octid=EB_ORIGINAL_CTID&ISID=MAD3D6DE6-6671-4C55-BCF4-FB4CB52CBC8E&SearchSource=58&CUI=&UM=6&UP=SP228671FD-466C-41FC-86D3-826D6D299E73&q={searchTerms}&SSPV=
Deleted [Startup_urls] : hxxp://www.trovi.com/?gd=&ctid=CT3321486&octid=EB_ORIGINAL_CTID&ISID=MAD3D6DE6-6671-4C55-BCF4-FB4CB52CBC8E&SearchSource=55&CUI=&UM=6&UP=SP228671FD-466C-41FC-86D3-826D6D299E73&SSPV=
Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3321486&octid=EB_ORIGINAL_CTID&ISID=MAD3D6DE6-6671-4C55-BCF4-FB4CB52CBC8E&SearchSource=55&CUI=&UM=6&UP=SP228671FD-466C-41FC-86D3-826D6D299E73&SSPV=

*************************

AdwCleaner[R0].txt - [2352 octets] - [04/09/2014 14:39:27]
AdwCleaner[S0].txt - [2186 octets] - [04/09/2014 14:42:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2246 octets] ##########

4. FRST
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Nadja (administrator) on NADJA-PC on 04-09-2014 20:11:31
Running from C:\Users\Nadja\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Thisisu) C:\Users\Nadja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUJLMAWV\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2809856 2012-01-16] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2012-03-01] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8071680 2012-06-25] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6193152 2012-06-25] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-06-25] (Lenovo)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LockKey] => C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-06-25] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-14] (AVAST Software)
HKU\S-1-5-21-1218720105-1143995056-975841209-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-08-14] (Google Inc.)
HKU\S-1-5-21-1218720105-1143995056-975841209-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-1218720105-1143995056-975841209-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1218720105-1143995056-975841209-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Nadja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RapidMediaConverterApp.lnk
ShortcutTarget: RapidMediaConverterApp.lnk -> C:\Program Files (x86)\RapidMediaConverter\RapidMediaConverterApp.exe (No File)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nadja\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-12]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Nadja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nadja\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-21]
CHR Extension: (avast! Online Security) - C:\Users\Nadja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-21]
CHR Extension: (Google Wallet) - C:\Users\Nadja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-03-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-14] (AVAST Software)
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-14] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-14] ()
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
U3 SQLWriter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-04 19:42 - 2014-09-04 19:42 - 00000625 _____ () C:\Users\Nadja\Desktop\JRT.txt
2014-09-04 15:09 - 2014-09-04 15:09 - 00001138 _____ () C:\Users\Nadja\Desktop\Fixlog - Shortcut.lnk
2014-09-04 14:37 - 2014-09-04 14:42 - 00000000 ____D () C:\AdwCleaner
2014-09-04 14:22 - 2014-09-04 14:22 - 00001147 _____ () C:\Users\Nadja\Desktop\FRSTfix - Shortcut.lnk
2014-09-04 14:22 - 2014-09-04 14:22 - 00001106 _____ () C:\Users\Public\Documents\Pictures - Shortcut.lnk
2014-09-04 14:03 - 2014-09-04 14:04 - 00000240 _____ () C:\Users\Nadja\Downloads\Search.txt
2014-09-04 13:40 - 2014-09-04 13:58 - 00000003 _____ () C:\Users\Nadja\Downloads\FRSTfix.txt
2014-09-04 13:32 - 2014-09-04 13:32 - 00001138 _____ () C:\Users\Nadja\Desktop\FRST64 - Shortcut.lnk
2014-09-04 13:08 - 2014-09-04 13:08 - 00000505 _____ () C:\Users\Nadja\Documents\Devices and Printers - Shortcut.lnk
2014-09-03 11:51 - 2014-09-03 11:51 - 00031295 _____ () C:\Users\Nadja\Downloads\AdditionFRST.txt
2014-09-03 11:48 - 2014-09-03 11:50 - 00031295 _____ () C:\Users\Nadja\Downloads\Addition.txt
2014-09-03 11:44 - 2014-09-04 20:11 - 00013182 _____ () C:\Users\Nadja\Downloads\FRST.txt
2014-09-03 11:43 - 2014-09-03 11:44 - 02104832 _____ (Farbar) C:\Users\Nadja\Downloads\FRST64.exe
2014-09-02 12:19 - 2014-09-02 12:19 - 00000000 ____D () C:\Users\Nadja\Documents\Youcam
2014-09-01 20:40 - 2014-09-01 20:40 - 00055822 _____ () C:\Users\Nadja\Documents\Extras.Txt
2014-08-31 18:53 - 2014-08-31 22:40 - 00086174 _____ () C:\Users\Nadja\Downloads\OTL.Txt
2014-08-31 18:37 - 2014-08-31 18:37 - 00602112 _____ (OldTimer Tools) C:\Users\Nadja\Downloads\OTL.exe
2014-08-31 12:20 - 2014-09-04 20:11 - 00000000 ____D () C:\FRST
2014-08-30 12:36 - 2014-08-30 12:36 - 00002980 _____ () C:\Windows\System32\Tasks\{1EF97660-6949-4441-9D3B-6816692B62EA}
2014-08-30 12:33 - 2014-09-04 14:43 - 00000168 _____ () C:\Windows\setupact.log
2014-08-30 12:33 - 2014-08-30 12:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-30 12:32 - 2014-09-04 14:43 - 00001768 _____ () C:\Windows\PFRO.log
2014-08-29 15:27 - 2014-08-29 15:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadja\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-29 14:46 - 2014-08-29 14:46 - 00002010 _____ () C:\Users\Nadja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-08-29 14:46 - 2014-08-29 14:46 - 00001980 _____ () C:\Users\Nadja\Desktop\Update Checker.lnk
2014-08-29 14:46 - 2014-08-29 14:46 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-08-29 13:11 - 2014-08-29 14:21 - 00000485 _____ () C:\DelFix.txt
2014-08-29 12:27 - 2014-08-29 12:27 - 00631680 _____ (ClickMeIn Limited) C:\Users\Nadja\AppData\Local\nsv93E1.tmp
2014-08-29 12:17 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 12:17 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 12:17 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 09:13 - 2014-08-27 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter
2014-08-27 09:12 - 2014-08-27 09:12 - 00000000 ____D () C:\Users\Nadja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter
2014-08-27 08:56 - 2014-08-27 08:58 - 00000229 _____ () C:\Users\Nadja\BullseyeCoverageError.txt
2014-08-26 18:21 - 2014-08-29 13:11 - 00000000 ____D () C:\Windows\ERUNT
2014-08-24 22:10 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-21 18:55 - 2014-08-21 18:55 - 00002980 _____ () C:\Windows\System32\Tasks\{F1939288-DC1F-43FB-9588-21D569DB0030}
2014-08-21 18:55 - 2014-08-21 18:55 - 00002980 _____ () C:\Windows\System32\Tasks\{0713F309-3C4C-48D5-8B62-E925BBA78894}
2014-08-21 18:53 - 2014-08-21 18:53 - 00002980 _____ () C:\Windows\System32\Tasks\{C878813E-F3A3-466E-B5DA-862B70D9DFDA}
2014-08-21 18:51 - 2014-08-21 18:51 - 00002980 _____ () C:\Windows\System32\Tasks\{C6371E4D-85A0-44D9-B408-7269DD9FE646}
2014-08-21 18:50 - 2014-08-21 18:50 - 00002980 _____ () C:\Windows\System32\Tasks\{4348E318-D244-4355-98DA-7334323C6ABE}
2014-08-19 17:47 - 2014-08-19 17:47 - 00000898 _____ () C:\Users\Nadja\Documents\Downloads.lnk
2014-08-19 16:51 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-19 16:51 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-19 16:51 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-19 16:51 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-19 16:51 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-19 16:51 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-19 16:50 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-19 16:50 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 16:04 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 16:04 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 16:04 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 16:04 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 16:04 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 16:04 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 16:04 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 16:04 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 16:04 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 16:04 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 16:04 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 16:04 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 16:04 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 16:04 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 16:04 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 16:04 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 16:04 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 16:04 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 16:04 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 16:04 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 16:04 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 16:03 - 2014-07-31 16:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 16:03 - 2014-07-31 16:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 16:03 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 16:03 - 2014-07-25 07:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 16:03 - 2014-07-25 07:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 16:03 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 16:03 - 2014-07-25 06:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 16:03 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 16:03 - 2014-07-25 06:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 16:03 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 16:03 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 16:03 - 2014-07-25 06:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 16:03 - 2014-07-25 06:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 16:03 - 2014-07-25 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 16:03 - 2014-07-25 06:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 16:03 - 2014-07-25 06:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 16:03 - 2014-07-25 06:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 16:03 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 16:03 - 2014-07-25 05:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 16:03 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 16:03 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 16:03 - 2014-07-25 05:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 16:03 - 2014-07-25 05:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 16:03 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 16:03 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 16:03 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 16:03 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 16:03 - 2014-07-25 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 16:03 - 2014-07-25 05:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 16:03 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 16:03 - 2014-07-25 05:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 16:03 - 2014-07-25 05:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 16:03 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 16:03 - 2014-07-25 05:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 16:03 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 16:03 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 16:03 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 16:03 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 16:03 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 16:03 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 16:03 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 16:03 - 2014-07-25 04:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 16:03 - 2014-07-25 04:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 16:03 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 16:03 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 16:03 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 16:03 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 16:03 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 16:03 - 2014-07-25 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 16:03 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 16:03 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 16:03 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 16:03 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 16:03 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 16:03 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 16:03 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 16:03 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 16:03 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 16:03 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 16:01 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 16:01 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 16:01 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 16:01 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 16:37 - 2014-08-29 14:27 - 00001201 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-08-14 16:37 - 2014-08-14 16:37 - 00000000 ____D () C:\Users\Nadja\AppData\Local\VS Revo Group
2014-08-14 16:37 - 2014-08-14 16:37 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-08-14 16:37 - 2014-08-14 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-08-14 16:36 - 2014-08-14 16:36 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-08-14 16:36 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-08-14 16:32 - 2014-08-29 15:29 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-14 16:32 - 2014-08-29 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-14 16:32 - 2014-08-29 15:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-14 16:32 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-14 16:32 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-14 16:32 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-14 11:40 - 2014-08-14 11:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-14 11:40 - 2014-08-14 11:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-14 11:40 - 2014-08-14 11:40 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-12 14:47 - 2014-08-12 14:47 - 00766464 _____ ( ) C:\Users\Nadja\Downloads\google-toolbar_setup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-04 20:12 - 2014-09-03 11:44 - 00013182 _____ () C:\Users\Nadja\Downloads\FRST.txt
2014-09-04 20:11 - 2014-08-31 12:20 - 00000000 ____D () C:\FRST
2014-09-04 20:05 - 2012-06-25 21:03 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-04 19:42 - 2014-09-04 19:42 - 00000625 _____ () C:\Users\Nadja\Desktop\JRT.txt
2014-09-04 18:57 - 2014-06-15 11:36 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-04 18:49 - 2009-07-13 22:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-04 18:47 - 2012-12-26 01:02 - 01811918 _____ () C:\FaceProv.log
2014-09-04 18:47 - 2012-06-25 20:47 - 00000000 ____D () C:\ProgramData\VeriFace
2014-09-04 18:47 - 2012-06-25 20:12 - 02032804 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 15:09 - 2014-09-04 15:09 - 00001138 _____ () C:\Users\Nadja\Desktop\Fixlog - Shortcut.lnk
2014-09-04 14:51 - 2012-06-25 21:07 - 00571732 _____ () C:\Windows\system32\fastboot.set
2014-09-04 14:51 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 14:51 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 14:50 - 2012-12-26 01:03 - 00000000 ____D () C:\Users\Nadja
2014-09-04 14:50 - 2012-06-25 21:03 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-04 14:43 - 2014-08-30 12:33 - 00000168 _____ () C:\Windows\setupact.log
2014-09-04 14:43 - 2014-08-30 12:32 - 00001768 _____ () C:\Windows\PFRO.log
2014-09-04 14:43 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-04 14:42 - 2014-09-04 14:37 - 00000000 ____D () C:\AdwCleaner
2014-09-04 14:29 - 2013-10-23 20:35 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6B05B0FB-5A26-4071-A533-5A38048D1655}
2014-09-04 14:22 - 2014-09-04 14:22 - 00001147 _____ () C:\Users\Nadja\Desktop\FRSTfix - Shortcut.lnk
2014-09-04 14:22 - 2014-09-04 14:22 - 00001106 _____ () C:\Users\Public\Documents\Pictures - Shortcut.lnk
2014-09-04 14:04 - 2014-09-04 14:03 - 00000240 _____ () C:\Users\Nadja\Downloads\Search.txt
2014-09-04 13:58 - 2014-09-04 13:40 - 00000003 _____ () C:\Users\Nadja\Downloads\FRSTfix.txt
2014-09-04 13:32 - 2014-09-04 13:32 - 00001138 _____ () C:\Users\Nadja\Desktop\FRST64 - Shortcut.lnk
2014-09-04 13:08 - 2014-09-04 13:08 - 00000505 _____ () C:\Users\Nadja\Documents\Devices and Printers - Shortcut.lnk
2014-09-03 11:51 - 2014-09-03 11:51 - 00031295 _____ () C:\Users\Nadja\Downloads\AdditionFRST.txt
2014-09-03 11:50 - 2014-09-03 11:48 - 00031295 _____ () C:\Users\Nadja\Downloads\Addition.txt
2014-09-03 11:44 - 2014-09-03 11:43 - 02104832 _____ (Farbar) C:\Users\Nadja\Downloads\FRST64.exe
2014-09-03 11:42 - 2013-04-12 12:43 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-02 12:19 - 2014-09-02 12:19 - 00000000 ____D () C:\Users\Nadja\Documents\Youcam
2014-09-01 20:40 - 2014-09-01 20:40 - 00055822 _____ () C:\Users\Nadja\Documents\Extras.Txt
2014-08-31 22:40 - 2014-08-31 18:53 - 00086174 _____ () C:\Users\Nadja\Downloads\OTL.Txt
2014-08-31 18:37 - 2014-08-31 18:37 - 00602112 _____ (OldTimer Tools) C:\Users\Nadja\Downloads\OTL.exe
2014-08-30 12:36 - 2014-08-30 12:36 - 00002980 _____ () C:\Windows\System32\Tasks\{1EF97660-6949-4441-9D3B-6816692B62EA}
2014-08-30 12:33 - 2014-08-30 12:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-30 12:33 - 2009-07-13 21:45 - 00263640 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 15:29 - 2014-08-14 16:32 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-29 15:29 - 2014-08-14 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-29 15:29 - 2014-08-14 16:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-29 15:28 - 2014-08-29 15:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadja\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-29 15:05 - 2013-05-12 14:55 - 00000000 ____D () C:\Users\Nadja\AppData\Local\Unity
2014-08-29 14:46 - 2014-08-29 14:46 - 00002010 _____ () C:\Users\Nadja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-08-29 14:46 - 2014-08-29 14:46 - 00001980 _____ () C:\Users\Nadja\Desktop\Update Checker.lnk
2014-08-29 14:46 - 2014-08-29 14:46 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-08-29 14:42 - 2013-08-01 11:18 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-29 14:27 - 2014-08-14 16:37 - 00001201 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-08-29 14:21 - 2014-08-29 13:11 - 00000485 _____ () C:\DelFix.txt
2014-08-29 13:11 - 2014-08-26 18:21 - 00000000 ____D () C:\Windows\ERUNT
2014-08-29 12:27 - 2014-08-29 12:27 - 00631680 _____ (ClickMeIn Limited) C:\Users\Nadja\AppData\Local\nsv93E1.tmp
2014-08-27 09:13 - 2014-08-27 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter
2014-08-27 09:12 - 2014-08-27 09:12 - 00000000 ____D () C:\Users\Nadja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter
2014-08-27 08:58 - 2014-08-27 08:56 - 00000229 _____ () C:\Users\Nadja\BullseyeCoverageError.txt
2014-08-27 08:57 - 2013-05-12 14:54 - 00000000 ____D () C:\Users\Nadja\AppData\Local\Deployment
2014-08-24 23:26 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-22 19:07 - 2014-08-29 12:17 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:45 - 2014-08-29 12:17 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 17:59 - 2014-08-29 12:17 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 18:55 - 2014-08-21 18:55 - 00002980 _____ () C:\Windows\System32\Tasks\{F1939288-DC1F-43FB-9588-21D569DB0030}
2014-08-21 18:55 - 2014-08-21 18:55 - 00002980 _____ () C:\Windows\System32\Tasks\{0713F309-3C4C-48D5-8B62-E925BBA78894}
2014-08-21 18:53 - 2014-08-21 18:53 - 00002980 _____ () C:\Windows\System32\Tasks\{C878813E-F3A3-466E-B5DA-862B70D9DFDA}
2014-08-21 18:51 - 2014-08-21 18:51 - 00002980 _____ () C:\Windows\System32\Tasks\{C6371E4D-85A0-44D9-B408-7269DD9FE646}
2014-08-21 18:50 - 2014-08-21 18:50 - 00002980 _____ () C:\Windows\System32\Tasks\{4348E318-D244-4355-98DA-7334323C6ABE}
2014-08-20 15:04 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-20 14:48 - 2013-04-12 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-19 17:47 - 2014-08-19 17:47 - 00000898 _____ () C:\Users\Nadja\Documents\Downloads.lnk
2014-08-19 17:43 - 2014-05-07 23:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-19 17:12 - 2013-09-21 19:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-19 17:06 - 2013-09-21 19:35 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 11:58 - 2013-05-07 14:16 - 00000000 ____D () C:\Users\Nadja\AppData\Local\CRE
2014-08-15 11:11 - 2012-12-27 23:24 - 00000000 ____D () C:\Users\Nadja\AppData\Local\Google
2014-08-14 16:58 - 2012-06-25 21:03 - 00000000 ____D () C:\ProgramData\Google
2014-08-14 16:58 - 2012-06-25 21:03 - 00000000 ____D () C:\Program Files\Google
2014-08-14 16:58 - 2012-06-25 21:02 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-14 16:37 - 2014-08-14 16:37 - 00000000 ____D () C:\Users\Nadja\AppData\Local\VS Revo Group
2014-08-14 16:37 - 2014-08-14 16:37 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-08-14 16:37 - 2014-08-14 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-08-14 16:36 - 2014-08-14 16:36 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-08-14 11:40 - 2014-08-14 11:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-14 11:40 - 2014-08-14 11:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-14 11:40 - 2014-08-14 11:40 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-14 11:40 - 2014-02-12 19:32 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-14 11:40 - 2013-04-12 12:43 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-14 11:40 - 2013-04-12 12:43 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-14 11:40 - 2013-04-12 12:43 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-14 11:40 - 2013-04-12 12:43 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-14 11:40 - 2013-04-12 12:43 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-14 11:40 - 2013-04-12 12:43 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-14 11:40 - 2013-04-12 12:43 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-12 14:47 - 2014-08-12 14:47 - 00766464 _____ ( ) C:\Users\Nadja\Downloads\google-toolbar_setup.exe
2014-08-12 14:25 - 2014-01-11 13:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-12 14:25 - 2014-01-11 13:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-12 14:19 - 2014-02-12 19:23 - 00000000 ____D () C:\Users\Nadja\AppData\Roaming\SoftGrid Client
2014-08-12 08:41 - 2009-07-13 19:34 - 00000529 _____ () C:\Windows\win.ini
2014-08-12 03:10 - 2014-01-11 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-06 19:06 - 2014-08-15 16:01 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 19:01 - 2014-08-15 16:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2010-11-20 20:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Nadja\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 08:53

==================== End Of Log ============================

I hope I got it all right this time. Thanks for your patience. It seems to be running fine now. No sign of Malware


Edited by islandcat, 04 September 2014 - 11:44 PM.

  • 0

#15
Machiavelli
Posted 05 September 2014 - 03:06 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

I don't think you are following my instructions. Please save all tools on your Desktop.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP