Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Howto remove Firefox Redirect malware [Closed]


  • This topic is locked This topic is locked

#1
The WABBIT

The WABBIT

    New Member

  • Member
  • Pip
  • 3 posts

Hi I am having problems with a Firefox redirect malware that is attempting to send me to a forged website, "www.readytwos.com".  Simalure to what the person in this post was having, firefox redirect/"Reported Web Forgery"
. This is a first for me on coming across a malware/virus that infects Firefox. What surprises me is that it got through three anti-virus tools that I use.  (One active and two for maintenance scans twice aweek.) So after readying throught the other thread. I went and d/l'd the Farbar Recovery Scan Tool mentioned there.  I have run it and recieved the two logs, they are listed below.  any help on removing this malware/virus is greatly appreciated.

 

 

Before, you mention it. Yes, I do know that Firefox is setup for a proxy. This was done by myself for access on certain networks. And that I am aware of the low drive space. (Too much installed, but still not all that I need, and HD not large enough for what I need.)

 

 

FRST.txt is provided below:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014
Ran by The WABBIT (administrator) on WABBITSCOMPUTER on 27-12-2014 12:29:47
Running from C:\Users\The WABBIT\Desktop
Loaded Profile: The WABBIT (Available profiles: The WABBIT)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(O&O Software GmbH) C:\Program Files\OO Software\DriveLED\DriveLED.exe
() C:\Program Files (x86)\ibVPN\ibVPN.service.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(BitTorrent Inc.) C:\uTorrent\utorrent.exe
(Akamai Technologies, Inc.) C:\Users\The WABBIT\AppData\Local\Akamai\netsession_win.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Akamai Technologies, Inc.) C:\Users\The WABBIT\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Don HO [email protected]) C:\Program Files (x86)\Notepad++\notepad++.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3004508294-471313756-1794315825-1000\...\Run: [Vidalia] => "C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\vidalia.exe"
HKU\S-1-5-21-3004508294-471313756-1794315825-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-3004508294-471313756-1794315825-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3129560 2014-02-24] (Disc Soft Ltd)
HKU\S-1-5-21-3004508294-471313756-1794315825-1000\...\Run: [uTorrent] => C:\uTorrent\utorrent.exe [3562832 2014-09-10] (BitTorrent Inc.)
HKU\S-1-5-21-3004508294-471313756-1794315825-1000\...\Run: [Akamai NetSession Interface] => C:\Users\The WABBIT\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3004508294-471313756-1794315825-1000\...\MountPoints2: {0e686678-848b-11e4-8650-9ed87e179942} - F:\autorun.exe
HKU\S-1-5-21-3004508294-471313756-1794315825-1000\...\MountPoints2: {15d3a5be-6902-11e4-9f63-82faa1dae64f} - E:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-3004508294-471313756-1794315825-1000\...\MountPoints2: {49de773a-8272-11e4-9861-ac8112001b7c} - E:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-3004508294-471313756-1794315825-1000\...\MountPoints2: {fe8d0920-76ae-11e4-b095-f5ec430e490f} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3004508294-471313756-1794315825-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2014-12-03] () <==== ATTENTION
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = http://www.google.co...age={startPage}
SearchScopes: HKU\.DEFAULT -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = http://www.google.co...age={startPage}
SearchScopes: HKU\S-1-5-21-3004508294-471313756-1794315825-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.co...age={startPage}
SearchScopes: HKU\S-1-5-21-3004508294-471313756-1794315825-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.co...age={startPage}
SearchScopes: HKU\S-1-5-21-3004508294-471313756-1794315825-1000 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = http://www.google.co...age={startPage}
SearchScopes: HKU\S-1-5-21-3004508294-471313756-1794315825-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...ct=sb&qsrc=2869
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3004508294-471313756-1794315825-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3004508294-471313756-1794315825-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.140.243.57 10.140.243.55

FireFox:
========
FF ProfilePath: C:\Users\The WABBIT\AppData\Roaming\Mozilla\Firefox\Profiles\3olbuafe.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 9050
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3004508294-471313756-1794315825-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\The WABBIT\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\The WABBIT\AppData\Roaming\Mozilla\Firefox\Profiles\3olbuafe.default\user.js
FF SearchPlugin: C:\Users\The WABBIT\AppData\Roaming\Mozilla\Firefox\Profiles\3olbuafe.default\searchplugins\safesearch.xml
FF Extension: YoutubeAdBlocke - C:\Users\The WABBIT\AppData\Roaming\Mozilla\Firefox\Profiles\3olbuafe.default\Extensions\[email protected] [2014-10-14]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\The WABBIT\AppData\Roaming\Mozilla\Firefox\Profiles\3olbuafe.default\Extensions\[email protected] [2014-12-24]
FF Extension: FoxyProxy Standard - C:\Users\The WABBIT\AppData\Roaming\Mozilla\Firefox\Profiles\3olbuafe.default\Extensions\[email protected] [2014-10-11]
FF Extension: YouTube Unblocker - C:\Users\The WABBIT\AppData\Roaming\Mozilla\Firefox\Profiles\3olbuafe.default\Extensions\[email protected] [2014-11-04]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\The WABBIT\AppData\Roaming\Mozilla\Firefox\Profiles\3olbuafe.default\Extensions\[email protected] [2014-10-11]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\The WABBIT\AppData\Roaming\Mozilla\Firefox\Profiles\3olbuafe.default\Extensions\[email protected] [2014-10-11]
FF Extension: MEGA - C:\Users\The WABBIT\AppData\Roaming\Mozilla\Firefox\Profiles\3olbuafe.default\Extensions\[email protected] [2014-10-11]
FF Extension: YouTube Center - C:\Users\The WABBIT\AppData\Roaming\Mozilla\Firefox\Profiles\3olbuafe.default\Extensions\[email protected] [2014-10-11]
FF Extension: {3de1f0d5-4b0f-41c4-9671-6b6df5d7cfd0} - C:\Users\The WABBIT\AppData\Roaming\Mozilla\Firefox\Profiles\3olbuafe.default\Extensions\{3de1f0d5-4b0f-41c4-9671-6b6df5d7cfd0}.xpi [2014-11-13]
FF Extension: Adblock Plus - C:\Users\The WABBIT\AppData\Roaming\Mozilla\Firefox\Profiles\3olbuafe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2014-10-25]
FF HKLM\...\Firefox\Extensions: [{121C6AF3-6778-4360-AFDB-57BD4E3E4343}] - C:\Program Files\Playzy\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-10-19]
FF HKLM-x32\...\Firefox\Extensions: [{121C6AF3-6778-4360-AFDB-57BD4E3E4343}] - C:\Program Files\Playzy\Firefox
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-12-23]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\The WABBIT\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (HTML Coupon) - C:\Users\The WABBIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\acgimceffoceigocablmjdpebeodphgc [2014-10-14]
CHR Extension: (GoSave) - C:\Users\The WABBIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\heijamdgdffahhfmgibpphebmhekbhih [2014-10-14]
CHR Extension: (SafeNSearch) - C:\Users\The WABBIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkomdmnobcnfknncnajbdbecjaoobchb [2014-10-13]
CHR Extension: (GoSave) - C:\Users\The WABBIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfaeehiddheakbpeklgkbglmajcdpbpn [2014-10-14]
CHR Extension: (Google Wallet) - C:\Users\The WABBIT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-06-30] (Hewlett-Packard Company) [File not signed]
S2 IBG_gds_db; C:\Program Files (x86)\Embarcadero\Studio\15.0\InterBaseXE3\bin\ibguard.exe [636744 2014-05-14] (Embarcadero Technologies, Inc.)
S3 IBS_gds_db; C:\Program Files (x86)\Embarcadero\Studio\15.0\InterBaseXE3\bin\ibserver.exe [5489992 2014-05-14] (Embarcadero Technologies, Inc.)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-12-01] (The OpenVPN Project)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-26] (Electronic Arts)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-17] (Realtek Semiconductor Corp.) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-11-26] (Microsoft Corporation) [File not signed]
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-07] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-07] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-07] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-07] (LG Electronics Inc.)
S3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [31744 2010-08-02] (Google Inc)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-23] (Disc Soft Ltd)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-20] (Microsoft Corporation)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 oodrvled; C:\Windows\System32\DRIVERS\oodrvled.sys [30800 2011-03-02] (O&O Software GmbH)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-10-23] (Duplex Secure Ltd.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2011-02-14] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2011-02-14] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2011-02-14] (LG Electronics Inc.)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-02-10] (CyberLink Corp.)
U3 a5ltlhb6; C:\Windows\System32\Drivers\a5ltlhb6.sys [0 ] (Advanced Micro Devices)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 12:29 - 2014-12-27 12:31 - 00026613 _____ () C:\Users\The WABBIT\Desktop\FRST.txt
2014-12-27 12:29 - 2014-12-27 12:30 - 00000000 ____D () C:\FRST
2014-12-27 12:28 - 2014-12-27 12:28 - 02122752 _____ (Farbar) C:\Users\The WABBIT\Desktop\FRST64.exe
2014-12-27 11:32 - 2014-12-27 11:32 - 00002468 _____ () C:\Users\Public\Desktop\Character and Starship Creator.lnk
2014-12-27 09:18 - 2014-12-27 09:18 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-26 14:08 - 2014-12-27 09:30 - 00000000 ____D () C:\Program Files (x86)\Net-7
2014-12-26 14:08 - 2014-12-26 14:08 - 00001089 _____ () C:\Users\The WABBIT\Desktop\LaunchNet7.lnk
2014-12-26 14:05 - 2014-12-26 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2014-12-26 14:03 - 2014-12-26 14:03 - 00000000 ____D () C:\Program Files (x86)\EA GAMES
2014-12-23 18:31 - 2014-12-23 18:31 - 00001461 _____ () C:\Users\Public\Desktop\Adobe Application Manager.lnk
2014-12-23 18:18 - 2014-12-23 18:31 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-12-23 18:18 - 2014-12-23 18:31 - 00002225 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-12-23 18:18 - 2014-12-23 18:31 - 00002064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-12-23 18:18 - 2014-12-23 18:18 - 00002155 _____ () C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2014-12-23 18:18 - 2014-12-23 18:18 - 00002041 _____ () C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2014-12-23 13:12 - 2014-12-23 15:05 - 00092176 _____ () C:\s57c
2014-12-23 10:13 - 2014-12-23 16:04 - 673633506 _____ () C:\Users\The WABBIT\Downloads\Today, Younger Sister Gave Me a Kindness English Version RE121332.rar
2014-12-22 10:35 - 2014-12-22 10:36 - 00000000 ____D () C:\Users\The WABBIT\AppData\Local\Akamai
2014-12-22 10:35 - 2014-12-22 10:35 - 00000000 ____D () C:\AeriaGames
2014-12-22 10:34 - 2014-12-22 10:34 - 00483352 _____ (Aeria Games & Entertainment) C:\Users\The WABBIT\Downloads\edeneternal_us_downloader.exe
2014-12-20 12:46 - 2014-12-20 12:58 - 00001187 _____ () C:\Windows\PWCMDLST.BAK
2014-12-20 10:30 - 2014-12-20 10:31 - 00000622 _____ () C:\Users\The WABBIT\Desktop\TakeOwnership.zip
2014-12-18 11:03 - 2014-12-18 11:03 - 03435140 _____ () C:\Users\The WABBIT\Downloads\WinAIO Maker Professional v1.3.zip
2014-12-17 21:06 - 2014-12-17 22:30 - 00000000 ____D () C:\Users\The WABBIT\Desktop\Steve's Girls Wallpaper
2014-12-15 21:43 - 2014-12-15 21:43 - 00000000 ____D () C:\Users\The WABBIT\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-12-15 19:41 - 2014-12-15 21:50 - 00000000 ____D () C:\Program Files (x86)\APE for Windows
2014-12-15 19:41 - 2014-12-15 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\APE for Windows
2014-12-15 16:10 - 2014-12-15 16:10 - 00042132 _____ () C:\Windows\XF2000.INI
2014-12-15 16:00 - 2014-12-15 21:46 - 00000000 ____D () C:\ProgramData\WinZip
2014-12-15 14:18 - 2014-12-15 16:25 - 00000532 _____ () C:\Windows\ATList.ini
2014-12-15 13:45 - 2014-12-17 15:31 - 00000000 ____D () C:\Program Files (x86)\Atari800WinPLus
2014-12-15 13:45 - 2014-12-15 13:45 - 00001086 _____ () C:\Users\Public\Desktop\Atari800Win PLus 4.1.lnk
2014-12-15 13:45 - 2014-12-15 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari800Win PLus
2014-12-15 12:48 - 2014-12-23 21:43 - 00000000 ____D () C:\Users\The WABBIT\Downloads\ATARI
2014-12-15 12:06 - 2014-12-15 12:07 - 00000000 ____D () C:\Program Files (x86)\PDF Password Remover
2014-12-15 12:06 - 2014-12-15 12:06 - 00001156 _____ () C:\Users\Public\Desktop\PDF Password Remover.lnk
2014-12-15 12:06 - 2014-12-15 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Password Remover
2014-12-15 11:22 - 2014-12-15 11:23 - 00000000 ____D () C:\Users\The WABBIT\Documents\Ahead PDF Password Remover
2014-12-15 11:21 - 2014-12-15 11:21 - 01863739 _____ (AheadPDF ) C:\Users\The WABBIT\Downloads\aheadpdf-password-remover.exe
2014-12-15 11:21 - 2014-12-15 11:21 - 00000000 ____D () C:\ProgramData\AheadPDF
2014-12-14 14:16 - 2014-12-14 14:17 - 37151015 _____ ( ) C:\Users\The WABBIT\Downloads\K-Lite_Codec_Pack_1090_Mega.exe
2014-12-14 13:57 - 2014-12-14 13:57 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-12-14 13:56 - 2014-12-14 14:19 - 00000000 ____D () C:\Users\The WABBIT\AppData\Roaming\Origin
2014-12-14 13:56 - 2014-12-14 14:09 - 00000000 ____D () C:\Users\The WABBIT\AppData\Local\Origin
2014-12-14 13:53 - 2014-12-26 13:56 - 00000000 ____D () C:\ProgramData\Origin
2014-12-14 13:53 - 2014-12-26 13:47 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-14 13:53 - 2014-12-14 13:53 - 00000994 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-12-14 13:53 - 2014-12-14 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-14 13:53 - 2014-12-14 13:53 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-14 13:50 - 2014-12-14 13:50 - 17103000 _____ (Electronic Arts, Inc.) C:\Users\The WABBIT\Downloads\OriginThinSetup.exe
2014-12-14 13:26 - 2014-12-14 17:57 - 00000000 ____D () C:\Users\The WABBIT\Desktop\temp
2014-12-13 20:00 - 2014-12-05 07:22 - 12205577 _____ () C:\Users\The WABBIT\Desktop\VLC 0.9.10_9998.apk
2014-12-13 16:00 - 2014-12-13 16:00 - 01359558 _____ () C:\Users\The WABBIT\Downloads\mounts2sd-4.6.2_aroma.zip
2014-12-13 11:05 - 2014-12-13 11:05 - 01054385 _____ () C:\Users\The WABBIT\Downloads\Mounts2SD_MTD_1.1.0.zip
2014-12-13 11:02 - 2014-12-13 11:02 - 01060488 _____ () C:\Users\The WABBIT\Downloads\Mounts2SD_MTD_1.2.0.zip
2014-12-13 11:02 - 2014-12-13 11:02 - 01057393 _____ () C:\Users\The WABBIT\Downloads\Mounts2SD_MTD_1.1.3-2.zip
2014-12-13 11:02 - 2014-12-13 11:02 - 00914080 _____ () C:\Users\The WABBIT\Downloads\Mounts2SD-1.1.3-2.apk
2014-12-13 11:01 - 2014-12-13 11:01 - 00962938 _____ () C:\Users\The WABBIT\Downloads\Mounts2SD-2.0.1.apk
2014-12-13 11:00 - 2014-12-13 11:00 - 01099014 _____ () C:\Users\The WABBIT\Downloads\Mounts2SD_MTD_2.1.0.zip
2014-12-13 10:49 - 2014-12-13 10:49 - 01101172 _____ () C:\Users\The WABBIT\Downloads\Mounts2SD_MTD_2.2.0.zip
2014-12-13 10:48 - 2014-12-13 10:48 - 01071998 _____ () C:\Users\The WABBIT\Downloads\Mounts2SD_Ext4_2.2.0.zip
2014-12-12 20:17 - 2014-12-12 20:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-12-12 20:16 - 2014-12-12 20:16 - 00000000 ____D () C:\Program Files\Handset_USB_Driver
2014-12-12 20:16 - 2012-09-04 13:49 - 00162816 _____ (HS Coporation) C:\Windows\system32\Drivers\ghsnet.sys
2014-12-12 20:16 - 2012-09-04 13:42 - 00123520 _____ (HS Coporation) C:\Windows\system32\Drivers\ghsser.sys
2014-12-12 20:16 - 2012-07-18 13:58 - 00132104 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\zghsser.sys
2014-12-12 20:16 - 2012-06-20 11:51 - 00171272 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\zghsnet.sys
2014-12-12 20:16 - 2012-06-20 11:51 - 00020232 _____ (HandSet Incorporated) C:\Windows\system32\Drivers\massfilter_hs.sys
2014-12-12 20:16 - 2012-06-04 11:55 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2014-12-12 20:16 - 2011-10-26 15:31 - 00067608 _____ (Google, inc) C:\Windows\AdbWinUsbApi.dll
2014-12-12 20:16 - 2011-08-15 16:43 - 00584584 _____ () C:\Windows\adb.exe
2014-12-12 20:16 - 2011-08-15 16:43 - 00102936 _____ (Google, inc) C:\Windows\AdbWinApi.dll
2014-12-11 11:11 - 2014-12-11 11:38 - 00000000 ____D () C:\Temp Archives
2014-12-11 10:50 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\The WABBIT\Documents\ATARI
2014-12-10 06:56 - 2014-12-10 06:56 - 00000000 ____D () C:\Users\The WABBIT\AppData\Roaming\dvdcss
2014-12-10 06:26 - 2014-12-10 06:26 - 00000000 ____D () C:\Users\The WABBIT\Documents\CyberLink
2014-12-06 19:30 - 2014-12-06 19:34 - 00180064 _____ () C:\dir_search.txt
2014-12-06 11:34 - 2014-12-06 11:34 - 00001808 _____ () C:\Users\The WABBIT\Desktop\Tor.lnk
2014-12-06 11:34 - 2014-12-06 11:34 - 00000000 ____D () C:\Users\The WABBIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tor
2014-12-06 11:34 - 2014-12-06 11:34 - 00000000 ____D () C:\Program Files (x86)\Tor
2014-12-06 11:30 - 2014-12-06 11:30 - 01883596 _____ () C:\Users\The WABBIT\Downloads\tor-0.2.4.23-win32.exe
2014-12-06 11:28 - 2014-12-06 11:30 - 34305058 _____ () C:\Users\The WABBIT\Downloads\torbrowser-install-4.0.2_en-US.exe
2014-12-05 16:05 - 2014-12-18 11:23 - 00000000 ____D () C:\Users\The WABBIT\Documents\Web Pages
2014-12-05 11:11 - 2014-12-05 11:11 - 00278320 _____ () C:\Windows\Minidump\120514-85894-01.dmp
2014-12-04 19:46 - 2014-12-27 10:08 - 00015598 _____ () C:\Windows\setupact.log
2014-12-04 19:46 - 2014-12-20 12:50 - 00744086 _____ () C:\Windows\PFRO.log
2014-12-04 19:46 - 2014-12-04 19:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-04 15:20 - 2014-12-04 15:20 - 00001251 _____ () C:\Users\The WABBIT\Desktop\DNSBench.ini
2014-12-03 16:17 - 2014-12-03 16:18 - 04718592 _____ (Inquisitor ) C:\Users\The WABBIT\Downloads\Artificial Girl 3 HF Patch1.0-1.exe
2014-12-03 16:17 - 2014-12-03 16:17 - 00000000 _____ () C:\Users\The WABBIT\Downloads\Artificial Girl 3 HF Patch1.0.exe
2014-12-03 15:36 - 2014-12-03 15:36 - 00167296 _____ (Gibson Research Corp.) C:\Users\The WABBIT\Desktop\DNSBench.exe
2014-12-03 14:58 - 2014-12-03 14:58 - 00001085 _____ () C:\Users\Public\Desktop\Exact Audio Copy.lnk
2014-12-03 14:58 - 2014-12-03 14:58 - 00000000 ____D () C:\Users\The WABBIT\AppData\Roaming\EAC
2014-12-03 14:58 - 2014-12-03 14:58 - 00000000 ____D () C:\Users\The WABBIT\AppData\Roaming\AccurateRip
2014-12-03 14:58 - 2014-12-03 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
2014-12-03 14:58 - 2014-12-03 14:58 - 00000000 ____D () C:\Program Files (x86)\Exact Audio Copy
2014-12-03 14:57 - 2014-12-03 14:57 - 04422611 _____ () C:\Users\The WABBIT\Downloads\eac-1.0beta3.exe
2014-12-03 14:56 - 2014-12-03 14:56 - 00001099 _____ () C:\Users\The WABBIT\Desktop\FairStars CD Ripper.lnk
2014-12-03 14:56 - 2014-12-03 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FairStars CD Ripper
2014-12-03 14:56 - 2014-12-03 14:56 - 00000000 ____D () C:\Program Files (x86)\FairStars CD Ripper
2014-12-03 14:49 - 2014-12-03 14:49 - 03347947 _____ (FairStars Soft ) C:\Users\The WABBIT\Downloads\fscdripper_setup.exe
2014-12-02 11:40 - 2014-12-02 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2014-12-02 11:39 - 2014-12-02 11:39 - 01798416 _____ () C:\Users\The WABBIT\Downloads\openvpn-install-2.3.6-I601-x86_64.exe
2014-12-01 19:45 - 2014-12-01 19:45 - 00000000 ____D () C:\Users\The WABBIT\AppData\Local\Net7
2014-12-01 19:10 - 2014-12-26 14:13 - 00000000 ____D () C:\Users\The WABBIT\AppData\Local\LaunchNet7
2014-12-01 19:06 - 2014-12-26 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Net-7 Entertainment
2014-12-01 07:42 - 2014-12-01 07:46 - 00000000 ____D () C:\Users\The WABBIT\Downloads\Utilities
2014-12-01 07:41 - 2014-12-01 07:41 - 00000000 ____D () C:\Users\The WABBIT\Downloads\O&O Software
2014-12-01 07:40 - 2014-12-01 07:47 - 00000000 ____D () C:\Users\The WABBIT\Downloads\Games
2014-12-01 07:34 - 2014-12-01 07:34 - 00000000 ____D () C:\Users\The WABBIT\Downloads\VPN Folder
2014-12-01 07:27 - 2014-12-01 07:45 - 00000000 ____D () C:\Users\The WABBIT\Downloads\Windows
2014-11-29 21:07 - 2014-11-29 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TMS Unicode Component Pack
2014-11-29 21:07 - 2014-09-11 12:44 - 00416768 _____ () C:\Windows\SysWOW64\TMSUnicodeDXE7.bpl
2014-11-29 21:07 - 2014-09-11 12:44 - 00178176 _____ () C:\Windows\SysWOW64\TMSUnicodeDEDXE7.bpl
2014-11-29 21:07 - 2014-05-16 14:20 - 00415744 _____ () C:\Windows\SysWOW64\TMSUnicodeDXE6.bpl
2014-11-29 21:07 - 2014-05-16 14:20 - 00174592 _____ () C:\Windows\SysWOW64\TMSUnicodeDEDXE6.bpl
2014-11-29 21:07 - 2013-09-23 15:00 - 00414720 _____ () C:\Windows\SysWOW64\TMSUnicodeDXE5.bpl
2014-11-29 21:07 - 2013-09-23 15:00 - 00174080 _____ () C:\Windows\SysWOW64\TMSUnicodeDEDXE5.bpl
2014-11-29 21:07 - 2013-05-10 16:37 - 00650752 _____ () C:\Windows\SysWOW64\TMSUnicodeDXE4.bpl
2014-11-29 21:07 - 2013-05-10 16:37 - 00649728 _____ () C:\Windows\SysWOW64\TMSUnicodeDXE3.bpl
2014-11-29 21:07 - 2013-05-10 16:37 - 00410112 _____ () C:\Windows\SysWOW64\TMSUnicodeDEDXE4.bpl
2014-11-29 21:07 - 2013-05-10 16:37 - 00409600 _____ () C:\Windows\SysWOW64\TMSUnicodeDEDXE3.bpl
2014-11-29 21:07 - 2011-09-29 08:52 - 00647680 _____ () C:\Windows\SysWOW64\TMSUnicodeDXE2.bpl
2014-11-29 21:07 - 2011-09-29 08:52 - 00409600 _____ () C:\Windows\SysWOW64\TMSUnicodeDEDXE2.bpl
2014-11-29 21:07 - 2010-09-21 16:14 - 00324096 _____ () C:\Windows\SysWOW64\TMSUnicodeD2011.bpl
2014-11-29 21:07 - 2010-09-21 16:14 - 00098816 _____ () C:\Windows\SysWOW64\TMSUnicodeDED2011.bpl
2014-11-29 20:18 - 2014-11-29 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TMS Smooth Controls Pack Trial Version
2014-11-29 20:18 - 2014-11-14 14:51 - 04113920 _____ () C:\Windows\SysWOW64\TMSSmoothControlsPackPkgdXE7.bpl
2014-11-29 20:18 - 2014-11-14 14:51 - 00216064 _____ () C:\Windows\SysWOW64\TMSSmoothControlsPackPkgDEdXE7.bpl
2014-11-29 15:05 - 2014-11-29 15:05 - 00000000 ____D () C:\ionworx
2014-11-29 12:56 - 2014-09-07 06:00 - 02281416 _____ (Raize Software, Inc.) C:\Windows\SysWOW64\RaizeComponentsTrialVcl210.bpl
2014-11-29 12:56 - 2014-09-07 06:00 - 00485832 _____ (Raize Software, Inc.) C:\Windows\SysWOW64\RaizeComponentsTrialVclDb210.bpl
2014-11-29 12:30 - 2014-11-29 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TMS TAdvMemo RS XE7
2014-11-29 12:30 - 2014-10-21 10:13 - 00809984 _____ () C:\Windows\SysWOW64\advmemopkgdXE7.bpl
2014-11-29 11:49 - 2014-11-29 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TMS Scripter for RAD Studio XE7
2014-11-29 11:43 - 2014-11-29 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TMS Instrumentation Workshop RSXE7
2014-11-29 11:42 - 2014-11-29 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TMS Async 32
2014-11-29 11:42 - 2014-11-29 20:18 - 00000000 ____D () C:\Users\Public\Documents\tmssoftware
2014-11-29 11:42 - 2014-09-08 10:08 - 00296448 _____ () C:\Windows\SysWOW64\vacommpkgdXE7.bpl
2014-11-29 11:42 - 2014-05-16 09:53 - 00295936 _____ () C:\Windows\SysWOW64\vacommpkgdXE6.bpl
2014-11-29 11:42 - 2014-01-24 18:45 - 00295424 _____ () C:\Windows\SysWOW64\vacommpkgdXE5.bpl
2014-11-29 11:42 - 2013-06-14 10:00 - 00526336 _____ () C:\Windows\SysWOW64\vacommpkgdXE4.bpl
2014-11-29 11:42 - 2013-06-14 10:00 - 00526336 _____ () C:\Windows\SysWOW64\vacommpkgdXE3.bpl
2014-11-29 11:42 - 2011-09-04 10:49 - 00227840 _____ () C:\Windows\SysWOW64\vacommpkgdXE2.bpl
2014-11-29 11:42 - 2011-04-26 15:39 - 00210432 _____ () C:\Windows\SysWOW64\vacommpkgd2011.bpl
2014-11-29 11:42 - 2010-03-01 15:23 - 00209920 _____ () C:\Windows\SysWOW64\vacommpkgd2010.bpl
2014-11-28 18:30 - 2014-11-28 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TMS Component Pack v6.4
2014-11-28 17:01 - 2011-03-31 05:00 - 01711616 _____ (Raize Software, Inc.) C:\Windows\SysWOW64\RaizeComponentsVcl70.bpl
2014-11-28 17:01 - 2011-03-31 05:00 - 00358400 _____ (Raize Software, Inc.) C:\Windows\SysWOW64\RaizeComponentsVclDb70.bpl
2014-11-28 12:53 - 2014-11-28 12:53 - 00000228 _____ () C:\Windows\SysWOW64\debug.log
2014-11-28 12:26 - 2014-11-28 12:26 - 00000409 _____ () C:\Users\Public\Desktop\HP USB Disk Storage Format Tool.lnk
2014-11-28 12:26 - 2014-11-28 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard Company
2014-11-28 12:26 - 2014-11-28 12:26 - 00000000 ____D () C:\DriveKey
2014-11-28 10:54 - 2014-11-28 13:35 - 00000000 ____D () C:\Users\The WABBIT\Desktop\Dell Inspiron mini 10 (1011) bios

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 12:31 - 2014-10-15 11:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-27 12:31 - 2014-10-14 14:09 - 00000370 _____ () C:\Windows\Tasks\CIMT_S-1-5-21-3004508294-471313756-1794315825-1000.job
2014-12-27 12:30 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\tracing
2014-12-27 12:29 - 2014-09-10 00:24 - 00000000 ____D () C:\uTorrent
2014-12-27 11:32 - 2014-10-11 12:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-27 10:55 - 2014-10-14 14:09 - 00001360 _____ () C:\Windows\Tasks\JFZSHPA.job
2014-12-27 10:35 - 2014-10-12 15:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-27 10:25 - 2009-07-13 21:45 - 00029776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-27 10:25 - 2009-07-13 21:45 - 00029776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-27 10:19 - 2014-10-23 16:18 - 01111064 _____ () C:\Windows\WindowsUpdate.log
2014-12-27 10:13 - 2014-11-13 16:10 - 00000000 ____D () C:\ProgramData\Embarcadero
2014-12-27 10:12 - 2014-10-12 12:27 - 00000000 ____D () C:\Temp
2014-12-27 10:10 - 2014-11-13 06:25 - 00000000 ____D () C:\Users\The WABBIT\AppData\Local\TSVNCache
2014-12-27 10:10 - 2014-10-25 10:29 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-12-27 10:08 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-27 09:25 - 2014-10-13 10:45 - 00000000 ____D () C:\Users\The WABBIT\AppData\Local\Adobe
2014-12-27 09:21 - 2014-10-11 12:52 - 00003974 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{940999AF-74B1-4518-8618-A7C21D8233BA}
2014-12-26 20:34 - 2014-10-13 16:59 - 00000000 ____D () C:\Users\The WABBIT\AppData\Roaming\vlc
2014-12-26 18:39 - 2014-10-23 16:25 - 116502528 _____ () C:\Users\The WABBIT\AppData\Local\SageThumbs.db3
2014-12-26 15:03 - 2014-10-13 10:57 - 00000000 ____D () C:\Program Files (x86)\JDownloader v2.0
2014-12-26 14:55 - 2014-11-20 06:24 - 00000000 ____D () C:\Users\The WABBIT\AppData\Roaming\tor
2014-12-26 13:55 - 2014-09-08 22:20 - 00000000 ____D () C:\finished torrents
2014-12-26 13:34 - 2014-09-08 22:19 - 00000000 ____D () C:\torrent files
2014-12-26 13:19 - 2014-10-24 10:52 - 00705798 _____ () C:\Windows\system32\perfh007.dat
2014-12-26 13:19 - 2014-10-24 10:52 - 00152816 _____ () C:\Windows\system32\perfc007.dat
2014-12-26 13:19 - 2014-10-24 10:00 - 00420430 _____ () C:\Windows\system32\perfh011.dat
2014-12-26 13:19 - 2014-10-24 10:00 - 00125296 _____ () C:\Windows\system32\perfc011.dat
2014-12-26 13:19 - 2009-07-13 22:13 - 02158300 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-26 12:55 - 2014-10-14 13:53 - 00000680 __RSH () C:\ProgramData\ntuser.pol
2014-12-26 01:21 - 2014-10-15 12:56 - 00000000 ____D () C:\Users\The WABBIT\AppData\Local\CrashDumps
2014-12-24 12:14 - 2014-10-16 11:06 - 00000000 ____D () C:\Users\The WABBIT\Downloads\Hentai Games
2014-12-24 06:15 - 2009-07-13 21:45 - 00317784 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-23 18:31 - 2014-10-30 16:30 - 00001473 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2014-12-23 18:22 - 2014-10-13 17:35 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-12-23 18:19 - 2014-10-23 16:24 - 00077264 _____ () C:\Users\The WABBIT\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-23 18:16 - 2014-10-13 10:42 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-23 18:15 - 2014-10-13 10:42 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-23 17:49 - 2014-10-12 12:40 - 00000000 ___DC () C:\illusion
2014-12-21 14:23 - 2010-11-20 20:24 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-12-21 14:23 - 2010-11-20 20:24 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-12-20 12:27 - 2014-10-11 12:44 - 00000000 ____D () C:\Program Files (x86)\MiniTool Partition Wizard Professional Edition 8.1.1
2014-12-18 06:18 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Resources
2014-12-15 21:56 - 2014-09-17 16:10 - 00001744 _____ () C:\Users\The WABBIT\Desktop\AA Illusion Wizzard v5.2.lnk
2014-12-15 21:41 - 2014-10-13 13:09 - 00000000 ____D () C:\Users\The WABBIT\AppData\Roaming\FileZilla
2014-12-15 10:54 - 2014-11-22 12:53 - 00000000 ____D () C:\Users\The WABBIT\Documents\RPG
2014-12-15 10:45 - 2014-10-15 11:20 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-14 17:53 - 2014-10-15 10:35 - 00000000 ____D () C:\ProgramData\Norton
2014-12-14 14:38 - 2014-10-12 12:25 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-12-14 14:37 - 2014-11-26 07:53 - 00001216 _____ () C:\Users\Public\Desktop\Media Player Classic.lnk
2014-12-14 14:37 - 2014-10-12 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-12-14 09:38 - 2014-11-23 14:12 - 00000000 ____D () C:\Users\The WABBIT\Desktop\LG Optimus S LS670
2014-12-14 07:05 - 2014-11-13 22:18 - 00062766 _____ () C:\Users\The WABBIT\sanct.log
2014-12-13 16:00 - 2014-11-01 22:30 - 00000000 ____D () C:\Users\The WABBIT\Downloads\Delphi Programming
2014-12-12 20:16 - 2014-10-17 13:56 - 00000000 ____D () C:\Users\The WABBIT\.android
2014-12-12 11:00 - 2014-10-12 12:25 - 00127488 _____ () C:\Windows\system32\ff_vfw.dll
2014-12-12 11:00 - 2014-10-12 12:25 - 00112640 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2014-12-11 10:25 - 2014-11-03 11:25 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-12-10 20:58 - 2014-11-22 12:58 - 00000000 ____D () C:\Users\The WABBIT\AppData\Local\QuickPar
2014-12-10 09:01 - 2014-10-12 15:46 - 00000000 ___DC () C:\Games
2014-12-10 06:26 - 2014-10-13 11:10 - 00000000 ____D () C:\Users\The WABBIT\AppData\Roaming\CyberLink
2014-12-10 06:26 - 2014-10-13 11:10 - 00000000 ____D () C:\Users\The WABBIT\AppData\Local\Cyberlink
2014-12-10 06:26 - 2014-10-13 10:47 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-09 17:07 - 2014-11-21 20:15 - 00000000 ____D () C:\Users\The WABBIT\Documents\Attachments
2014-12-07 22:54 - 2014-11-15 22:25 - 00000000 ____D () C:\Users\The WABBIT\AppData\Local\Game Dev Tycoon
2014-12-05 11:29 - 2014-10-13 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ILLUSION
2014-12-05 11:11 - 2014-11-14 22:27 - 00000000 ____D () C:\Windows\Minidump
2014-12-04 19:53 - 2014-10-12 15:23 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-04 19:53 - 2014-10-12 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-04 19:53 - 2014-10-12 15:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-04 15:56 - 2014-11-26 07:53 - 00729088 _____ () C:\Windows\system32\xvidcore.dll
2014-12-04 15:55 - 2014-11-26 07:53 - 00655872 _____ () C:\Windows\SysWOW64\xvidcore.dll
2014-12-04 10:11 - 2014-10-12 15:25 - 00000000 ____D () C:\Program Files (x86)\ibVPN
2014-12-03 23:11 - 2014-10-24 12:43 - 00925184 _____ () C:\Windows\expstart.exe
2014-12-03 15:33 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-03 06:59 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-12-02 11:42 - 2014-10-24 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-12-02 11:41 - 2014-10-24 16:25 - 00000923 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2014-12-02 07:10 - 2014-10-12 12:25 - 00260184 _____ () C:\Windows\system32\unrar64.dll
2014-12-02 07:10 - 2014-10-12 12:25 - 00218712 _____ () C:\Windows\SysWOW64\unrar.dll
2014-12-01 07:52 - 2014-10-13 11:41 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-12-01 07:52 - 2014-10-13 11:41 - 00001908 _____ () C:\Windows\diagerr.xml
2014-12-01 06:53 - 2014-11-01 15:06 - 00000000 ____D () C:\Users\The WABBIT\Documents\Delphi Programming
2014-11-30 19:12 - 2014-11-21 11:39 - 00000000 ____D () C:\ProgramData\r2 Studios
2014-11-29 12:56 - 2014-11-14 10:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-28 18:30 - 2014-11-05 17:18 - 00000000 ____D () C:\Users\The WABBIT\AppData\Roaming\tmssoftware
2014-11-28 17:01 - 2014-11-14 21:58 - 00000000 ____D () C:\Program Files (x86)\Raize
2014-11-28 12:53 - 2014-10-13 10:46 - 00000000 ____D () C:\Users\The WABBIT\AppData\Roaming\Adobe
2014-11-28 10:52 - 2014-09-30 18:27 - 00000000 ___RD () C:\Users\The WABBIT\Desktop\Utilities
2014-11-28 10:51 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-28 10:51 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

Files to move or delete:
====================
C:\Users\The WABBIT\IP_Log_Data.js


Some content of TEMP:
====================
C:\Users\The WABBIT\AppData\Local\Temp\bassmod.dll
C:\Users\The WABBIT\AppData\Local\Temp\proxy_vole6585885410329891226.dll
C:\Users\The WABBIT\AppData\Local\Temp\_is8FA1.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-30 21:51

==================== End Of Log ============================

 

 

Addition.txt is provided here:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2014
Ran by The WABBIT at 2014-12-27 12:31:52
Running from C:\Users\The WABBIT\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4shared Desktop (HKLM-x32\...\4shared Desktop) (Version: 4.0.13.26740 - 4shared)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Dreamweaver CC 2014 (HKLM-x32\...\{766255CE-D156-11E3-8DBC-A136EB52ACCF}) (Version: 14.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.64 - Hulubulu Software)
Akamai NetSession Interface (HKU\S-1-5-21-3004508294-471313756-1794315825-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Atari800Win PLus 4.1 (HKLM-x32\...\Atari800Win PLus) (Version: 4.1 - Marcin Lewandowski)
AutoHotkey 1.0.47.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.47.05 - Chris Mallett)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
Borland Delphi 7 (HKLM-x32\...\{72263053-50D1-4598-9502-51ED64E54C51}) (Version: 7.1.1 - Borland Software Corporation)
Borland Delphi for .NET Preview (HKLM-x32\...\{16813628-8432-4A95-A425-A11CA9134C82}) (Version: 1.00.0000 - Borland Software Corporation)
Borland Remote Debugger Server (HKU\S-1-5-21-3004508294-471313756-1794315825-1000\...\BorlandRemoteDebug) (Version:  - )
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
Castles and Castles 2 - Siege and Conquest (HKLM-x32\...\GOGPACKCASTLES12_is1) (Version: 2.0.0.5 - GOG.com)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Character and Starship Creator (HKLM-x32\...\InstallShield_{17FF7B21-A872-429C-9331-5883ACD12EE8}) (Version: 1.04.0000 - Westwood Studios)
Character and Starship Creator (x32 Version: 1.04.0000 - Westwood Studios) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
CodeSite Express 5 (HKLM-x32\...\CodeSite Express 5_is1) (Version: 5.1.6 - Raize Software, Inc.)
CollabNet Subversion Client 1.7.5 (HKLM-x32\...\CollabNet Subversion Client) (Version: 1.7.5 - CollabNet)
Consumer Input Update Helper (x32 Version: 1.3.25.149 - Compete Inc.) Hidden
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4305 - CyberLink Corp.)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.5.0.0388 - Disc Soft Ltd)
Earth & Beyond (HKLM-x32\...\InstallShield_{F788D81C-F5EC-4CBE-B1D6-C98E2B8EC7E9}) (Version: 1.00.0000 - Westwood Studios)
Earth & Beyond (x32 Version: 1.00.0000 - Westwood Studios) Hidden
Earth & Beyond Emulator (HKLM-x32\...\EnBEMU) (Version: 1.0 - Net-7 Entertainment)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
Embarcadero Delphi and C++Builder XE7 Help System (HKLM-x32\...\Embarcadero Delphi and C++Builder XE7 Help System) (Version: 15.0 - Embarcadero Technologies, Inc.)
Embarcadero Delphi and C++Builder XE7 Help System (x32 Version: 15.0 - Embarcadero Technologies, Inc.) Hidden
Embarcadero InterBase XE3  [instance = gds_db] (HKLM-x32\...\Embarcadero InterBase XE3  [instance = gds_db]) (Version: Embarcadero InterBase XE3 - Embarcadero Technologies, Inc.)
Embarcadero RAD Studio XE7 (HKLM-x32\...\Embarcadero RAD Studio XE7) (Version: 15.0 - Embarcadero Technologies, Inc.)
Embarcadero RAD Studio XE7 (x32 Version: 15.0 - Embarcadero Technologies, Inc.) Hidden
Eroge! Sex and Games Make Sexy Games version 1.0 (HKLM-x32\...\{3773B78E-D59E-4346-BEFF-3B136665631D}_is1) (Version: 1.0 - MangaGamer)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
FairStars CD Ripper 1.80 (HKLM-x32\...\FairStars CD Ripper_is1) (Version:  - FairStars Soft)
FastReport 5 Embarcadero edition (HKLM-x32\...\{95C1A9DC-EA30-498e-9531-C7C0F889FB92}) (Version: Embarcadero Edition - FastReports)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Forté Agent (HKLM-x32\...\Forte Agent) (Version: 5.00 - Forté Internet Software, Inc.)
Game Dev Tycoon version 1.5.11 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.5.11 - Greenheart Games Pty. Ltd.)
Gasper Vladi HsDxD By Irsyada (HKLM-x32\...\{d93fc7b1-6736-4f1b-a8a9-1b4ef3b47cf8}_is1) (Version:  - k-rlitos.com)
Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A01B06 - )
HelpNDoc 4.6.2.573 Personal Edition (HKLM-x32\...\HelpNDoc_is1) (Version: 4.6.2.573 Personal Edition - IBE Software)
HF pAppLoc version 1.1.1 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.1.1 - Inquisitor)
HighSchool DxD By Bazzh (HKLM-x32\...\{aab73e8a-492a-4931-bfc0-51a672118489}_is1) (Version:  - k-rlitos.com)
HP Documentation (HKLM-x32\...\{69ABD67D-5C2E-4724-B519-695DEF3EC23B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{00A42832-B21A-4296-B5F4-D296D0BC4A3E}) (Version: 2.6.3 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}) (Version: 5.0.14.2 - Hewlett-Packard Company)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
HTML Help Workshop (HKLM-x32\...\HTML Help Workshop) (Version:  - )
ibVPN (HKLM-x32\...\ibVPN) (Version: 1.7.0.0 - ibVPN) <==== ATTENTION!
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Independence War Deluxe (HKLM-x32\...\Independence War Deluxe_is1) (Version:  - GOG.com)
InstallShield 2010 SP1 (HKLM-x32\...\{9CE57049-ECC4-4B93-9DCD-74B117592637}) (Version: 16.01.0000 - Acresso Software Inc.)
InstallShield CAB File Viewer 14.0 (HKLM-x32\...\InstallShield CAB File Viewer 14.0) (Version:  - )
InstallShield Express Borland Limited Edition (HKLM-x32\...\InstallShield_{D3F9677A-9505-4DFF-BC9F-03C81E698FCC}) (Version: 3.54.155 - InstallShield Software Corp.)
InstallShield Express Borland Limited Edition (x32 Version: 3.54.155 - InstallShield Software Corp.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 2 Runtime Environment Standard Edition v1.2.2 (HKLM-x32\...\JRE 1.2) (Version:  - )
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
Java™ 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Mega Codec Pack 10.9.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.0 - )
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51078 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
MiniTool Partition Wizard Professional Edition 8.1.1 (HKLM-x32\...\{2991A446-D356-44EC-930A-42E8B02A67C0}_is1) (Version:  - MiniTool Solution Ltd.)
ModelMaker 6.20 (HKLM-x32\...\ModelMaker 6.20) (Version:  - )
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
MOTOROLA MEDIA LINK (HKLM-x32\...\{378397D6-FD32-4092-A854-6A75CB7EDA46}) (Version: 1.5.4090.2 - Motorola)
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 32.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 en-US)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nakido (HKLM-x32\...\Nakido) (Version:  - Nakido.com)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
O&O DriveLED Professional (HKLM\...\{4788CFB6-7C58-49CC-AB1C-D0E4ACE8A03B}) (Version: 4.2.157 - O&O Software GmbH)
OpenVPN 2.3.6-I601  (HKLM\...\OpenVPN) (Version: 2.3.6-I601 - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)
Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf)
Overwolf.Setup.VC100CRTx86.Dist (x32 Version: 1.0.0 - Overwolf) Hidden
PDF Password Remover (HKLM-x32\...\{7F4CFF03-15E4-45BD-BFA3-5323A8EAE2F1}_is1) (Version:  - PDF Password Remover, Inc.)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Raize Components 5.5.1 (HKLM-x32\...\Raize Components 5.5.1) (Version: 5.0 - Raize Software, Inc.)
Raize Components 6.1.10  ** TRIAL EDITION ** (HKLM-x32\...\Raize Components 6.1.10  ** TRIAL EDITION **) (Version: 6.0 - Raize Software, Inc.)
RapidSVN-0.12.0 (HKLM-x32\...\RapidSVN-0.12.0_is1) (Version:  - )
RAR Password Unlocker 4.2.0.0 (HKLM-x32\...\{B789FA51-6A71-408F-92DE-EDE4A517B8F9}_is1) (Version:  - Password Unlocker Studio)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version:  - )
Rias Gremory by andrea_37 (HKLM-x32\...\{06a5cae8-2dcd-47ae-b231-dc8c471f7bfb}_is1) (Version:  - k-rlitos.com)
Rias Gremory By Ozzy (HKLM-x32\...\{f66a0713-3073-4813-804a-090be6b7fcec}_is1) (Version:  - k-rlitos.com)
RPG Maker VX (HKLM-x32\...\RPG Maker VX_is1) (Version: 1.02 - Enterbrain)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
RT 7 Lite (64-Bit) (HKU\S-1-5-21-3004508294-471313756-1794315825-1000\...\RT 7 Lite x64) (Version: 1.7.0 - Rockers Team)
RT 7 Lite x64 (Version: 1.7.0 - Rockers Team) Hidden
RtVOsd (HKLM\...\{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}) (Version: 1.0.3 - Realtek Semiconductor Corp.)
SageThumbs 2.0.0.20 (HKLM\...\SageThumbs) (Version: 2.0.0.20 - Cherubic Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
TMS Async 32 for RAD Studio XE7 v1.9.1.0 (HKLM-x32\...\TMS Async 32 for RAD Studio XE7_is1) (Version: 1.9.1.0 - tmssoftware.com)
TMS Component Pack 6.4.0.0 (HKLM-x32\...\TMS Component Pack for Delphi and C++ Builder_is1) (Version:  - )
TMS Instrumentation Workshop for RAD Studio XE7 v2.0.0.0 (HKLM-x32\...\TMS Instrumentation Workshop for RAD Studio XE7_is1) (Version: 2.0 - tmssoftware.com)
TMS Scripter Studio Pro v1.1 for Delphi 7 (HKLM-x32\...\TMS Scripter Studio Pro for Delphi 7_is1) (Version:  - )
TMS Scripter Studio Pro v2.2 for Rad Studio XE (HKLM-x32\...\TMS Scripter Studio Pro for Rad Studio XE_is1) (Version: 2.2.0.0 - tmssoftware.com)
TMS Scripter v6.4 for RAD Studio XE7 (HKLM-x32\...\TMS Scripter RAD Studio XE7_is1) (Version: 6.4.0.0 - tmssoftware.com)
TMS Smooth Controls Pack for RAD Studio XE7 Trial Version v5.0 (HKLM-x32\...\TMS Smooth Controls Pack for RAD Studio XE7 Trial Version_is1) (Version: 5.0 - tmssoftware.com)
TMS TAdvMemo for RAD Studio XE7 v3.1.10.1 (HKLM-x32\...\TMS TAdvMemo for RAD Studio XE7_is1) (Version: 3.1.10.1 - tmssoftware.com)
TMS Unicode Component Pack for RAD Studio XE7 v2.1.0.0 (HKLM-x32\...\TMS Unicode Component Pack for RAD Studio XE7_is1) (Version: 2.1.0.0 - tmssoftware.com)
TortoiseSVN 1.8.8.25755 (64 bit) (HKLM\...\{7DAA9D5A-ED99-40D2-AA9D-386722FE105A}) (Version: 1.8.25755 - TortoiseSVN)
Unity Web Player (HKU\S-1-5-21-3004508294-471313756-1794315825-1000\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Whirling Dervishes NameSpace Extension Library (HKLM-x32\...\Whirling Dervishes NameSpace Extension Library) (Version: 2.0 - Whirling Dervishes)
WinCHM Pro 4.41 (HKLM-x32\...\WinCHM Pro 4.41 - Help authoring software_is1) (Version:  - Softany Software, Inc.)
Windows 7 Boot Skin - Anime System (HKLM-x32\...\Windows 7 Boot Skin) (Version:  - Coder for Life - Skin Author: The WABBIT)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR) (Version: 4.20 - © 2013 Alexander Roshal)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3004508294-471313756-1794315825-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3004508294-471313756-1794315825-1000_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3004508294-471313756-1794315825-1000_Classes\CLSID\{89BB4535-5AE9-43a0-89C5-19B4697E5C5E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3004508294-471313756-1794315825-1000_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-12-11 10:24 - 00001128 ____A C:\Windows\system32\Drivers\etc\hosts
154.53.224.146        mega.co.nz
141.0.174.37        www.xvideos.com
141.0.172.252        static.xvideos.com
69.16.175.10        content.xvideos.com
208.111.157.136        porn.im.8e04ce00.1174844.x.xvideos.com
69.164.19.158        porn.im.8e04ce00.6169134.x.xvideos.com
208.111.170.225        porn.im.8e04ce00.8621524.x.xvideos.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {015A7A90-8222-4436-AF30-EE93B919B54E} - System32\Tasks\JFZSHPA => C:\Users\The WABBIT\AppData\Roaming\JFZSHPA.exe <==== ATTENTION
Task: {16C368BD-F00E-4BAD-BCBD-FCD5664EB22C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-07-06] (CyberLink)
Task: {1949EA8D-E1C7-4207-A565-1B37EA3FE8F2} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-12-12] ()
Task: {2EDC9A52-92AB-49B0-81E2-00D6DCAA290B} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {4F3279A0-67CD-42D2-B3F4-EA8ACEF269A3} - System32\Tasks\AdobeAAMUpdater-1.0-WABBITsComputer-The WABBIT => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {7F93A1E7-CD5E-498D-BC06-04638E54185B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {82E19A87-D94C-4DDA-9515-0C94E453B3FE} - System32\Tasks\ibVPN-Service => C:\Program Files (x86)\ibVPN\ibVPN.service.exe [2014-05-27] ()
Task: {89337621-85BA-4B0F-A953-AC5EF62D0147} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {8C3C604E-DB8A-45F5-A468-55CF86FE66F9} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {8E0AB98D-AE51-43E6-A55B-D006C45545C3} - System32\Tasks\OODriveLEDAutoStart => C:\Program Files\OO Software\DriveLED\DriveLED.exe [2011-03-02] (O&O Software GmbH)
Task: {8E785B96-0B89-4202-BF60-54F01F14C45C} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {9F0F8B33-8B2F-4F97-8098-415D473FB056} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-15] (Adobe Systems Incorporated)
Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe
Task: {F82F4DAA-4084-4BAE-8C35-469A77FB0F7F} - System32\Tasks\CIMT_S-1-5-21-3004508294-471313756-1794315825-1000 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CIMT_S-1-5-21-3004508294-471313756-1794315825-1000.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: C:\Windows\Tasks\JFZSHPA.job => C:\Users\The WABBIT\AppData\Roaming\JFZSHPA.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-05-27 03:22 - 2014-05-27 03:22 - 00030792 _____ () C:\Program Files (x86)\ibVPN\ibVPN.service.exe
2014-08-10 16:10 - 2014-08-10 16:10 - 00076032 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2014-08-10 16:10 - 2014-08-10 16:10 - 00088832 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2014-05-01 12:29 - 2014-05-01 12:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-07-14 21:44 - 2010-07-14 21:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2014-10-11 12:59 - 2012-01-20 13:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2014-05-12 02:49 - 2014-05-12 02:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-11-21 11:04 - 2014-11-21 11:04 - 00006144 _____ () C:\Users\The WABBIT\AppData\Local\Temp\rad1B8A5.tmp\bin\Gadget.Interop.dll
2014-12-27 10:09 - 2014-11-21 11:04 - 01351168 _____ () C:\Users\The WABBIT\AppData\Local\Temp\rad6B929.tmp\bin\x64\sharpwrapi_x64.dll
2014-11-14 12:41 - 2014-11-14 12:41 - 00012520 _____ () C:\Users\The WABBIT\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
2014-11-14 12:41 - 2014-11-14 12:41 - 00015080 _____ () C:\Users\The WABBIT\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
2014-11-14 12:41 - 2014-11-14 12:41 - 00014056 _____ () C:\Users\The WABBIT\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
2011-09-19 14:57 - 2011-09-19 14:57 - 00128336 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll
2011-09-19 14:57 - 2011-09-19 14:57 - 00023872 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
2011-09-19 14:59 - 2011-09-19 14:59 - 00465632 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
2011-09-19 14:57 - 2011-09-19 14:57 - 00045368 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
2011-09-19 14:57 - 2011-09-19 14:57 - 00034128 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2014-10-11 15:53 - 2014-10-11 15:53 - 00003132 _____ () C:\Program Files (x86)\DAEMON Tools Pro\MSIMG32.dll
2013-10-31 08:05 - 2013-10-31 08:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2014-08-10 15:40 - 2014-08-10 15:40 - 00065792 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2014-08-10 15:40 - 2014-08-10 15:40 - 00071936 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2014-11-03 13:31 - 2014-11-03 13:31 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\dbd5f674b0b90832ff18e72d00aa9980\IsdiInterop.ni.dll
2014-10-11 12:20 - 2010-04-13 08:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-10-11 12:33 - 2014-09-25 09:47 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-07-18 14:07 - 2011-07-18 14:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2014-01-06 16:42 - 2014-01-06 16:42 - 01611264 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\desktop.ini:d5f36fd32cd26dfb56e050c73be696f2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

========================= Accounts: ==========================

Administrator (S-1-5-21-3004508294-471313756-1794315825-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3004508294-471313756-1794315825-1002 - Limited - Enabled)
Guest (S-1-5-21-3004508294-471313756-1794315825-501 - Limited - Disabled)
The WABBIT (S-1-5-21-3004508294-471313756-1794315825-1000 - Administrator - Enabled) => C:\Users\The WABBIT

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2014 10:13:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 09:47:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 09:16:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 09:15:53 AM) (Source: IBG_gds_db) (EventID: 212) (User: )
Description: The registry information is missing.
Please run the InterBase Configuration Utilitsystemprofile

Error: (12/26/2014 06:38:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program utorrent.exe version 3.4.2.33023 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 978

Start Time: 01d02175283f2c3c

Termination Time: 0

Application Path: C:\uTorrent\utorrent.exe

Report Id:

Error: (12/26/2014 06:34:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/26/2014 01:52:09 PM) (Source: MsiInstaller) (EventID: 11601) (User: WABBITsComputer)
Description: Product: Earth & Beyond -- Disk full: Out of disk space -- Volume: 'C:'; required space: 1,457,833 KB; available space: 958,732 KB.  Free some disk space and retry.

Error: (12/26/2014 01:21:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Atari800Win.exe, version: 4.0.0.0, time stamp: 0x4312f0dd
Faulting module name: Atari800Win.exe, version: 4.0.0.0, time stamp: 0x4312f0dd
Exception code: 0xc0000005
Fault offset: 0x00079700
Faulting process id: 0xc20
Faulting application start time: 0xAtari800Win.exe0
Faulting application path: Atari800Win.exe1
Faulting module path: Atari800Win.exe2
Report Id: Atari800Win.exe3

Error: (12/26/2014 01:21:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Atari800Win.exe, version: 4.0.0.0, time stamp: 0x4312f0dd
Faulting module name: Atari800Win.exe, version: 4.0.0.0, time stamp: 0x4312f0dd
Exception code: 0xc0000005
Fault offset: 0x00079700
Faulting process id: 0x1064
Faulting application start time: 0xAtari800Win.exe0
Faulting application path: Atari800Win.exe1
Faulting module path: Atari800Win.exe2
Report Id: Atari800Win.exe3

Error: (12/26/2014 01:05:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Atari800Win.exe, version: 4.0.0.0, time stamp: 0x4312f0dd
Faulting module name: Atari800Win.exe, version: 4.0.0.0, time stamp: 0x4312f0dd
Exception code: 0xc0000005
Fault offset: 0x00079700
Faulting process id: 0x1228
Faulting application start time: 0xAtari800Win.exe0
Faulting application path: Atari800Win.exe1
Faulting module path: Atari800Win.exe2
Report Id: Atari800Win.exe3


System errors:
=============
Error: (12/27/2014 11:36:50 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (12/27/2014 10:28:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CinemaNow Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/27/2014 10:28:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueStacks Updater Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/27/2014 10:27:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueStacks Log Rotator Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/27/2014 10:13:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The InterBase XE3 Guardian gds_db service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/27/2014 10:13:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the InterBase XE3 Server gds_db service to connect.

Error: (12/27/2014 10:11:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%1053

Error: (12/27/2014 10:11:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (12/27/2014 10:10:06 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Error: (12/27/2014 09:49:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The InterBase XE3 Guardian gds_db service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (12/27/2014 10:13:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 09:47:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 09:16:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 09:15:53 AM) (Source: IBG_gds_db) (EventID: 212) (User: )
Description: The registry information is missing.
Please run the InterBase Configuration Utilitsystemprofile

Error: (12/26/2014 06:38:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: utorrent.exe3.4.2.3302397801d02175283f2c3c0C:\uTorrent\utorrent.exe

Error: (12/26/2014 06:34:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/26/2014 01:52:09 PM) (Source: MsiInstaller) (EventID: 11601) (User: WABBITsComputer)
Description: Product: Earth & Beyond -- Disk full: Out of disk space -- Volume: 'C:'; required space: 1,457,833 KB; available space: 958,732 KB.  Free some disk space and retry.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/26/2014 01:21:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Atari800Win.exe4.0.0.04312f0ddAtari800Win.exe4.0.0.04312f0ddc000000500079700c2001d020e4f76fe04cC:\Users\The WABBIT\Downloads\ATARI\Emulators\Atari800Win PLus 4.0\Atari800Win\Atari800Win.exeC:\Users\The WABBIT\Downloads\ATARI\Emulators\Atari800Win PLus 4.0\Atari800Win\Atari800Win.exe3e6c581d-8cd8-11e4-b16e-ad8d1226d3c0

Error: (12/26/2014 01:21:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Atari800Win.exe4.0.0.04312f0ddAtari800Win.exe4.0.0.04312f0ddc000000500079700106401d020e2fffc0252C:\Users\The WABBIT\Downloads\ATARI\Emulators\Atari800Win PLus 4.0\Atari800Win\Atari800Win.exeC:\Users\The WABBIT\Downloads\ATARI\Emulators\Atari800Win PLus 4.0\Atari800Win\Atari800Win.exe30ed1955-8cd8-11e4-b16e-ad8d1226d3c0

Error: (12/26/2014 01:05:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Atari800Win.exe4.0.0.04312f0ddAtari800Win.exe4.0.0.04312f0ddc000000500079700122801d020e2978cc6baC:\Users\The WABBIT\Downloads\ATARI\Emulators\Atari800Win PLus 4.0\Atari800Win\Atari800Win.exeC:\Users\The WABBIT\Downloads\ATARI\Emulators\Atari800Win PLus 4.0\Atari800Win\Atari800Win.exee79c11ee-8cd5-11e4-b16e-ad8d1226d3c0


CodeIntegrity Errors:
===================================
  Date: 2014-12-15 19:47:15.385
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\PROGRA~2\APEFOR~1\apexp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-15 19:47:15.363
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\PROGRA~2\APEFOR~1\apexp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-15 19:43:11.119
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\PROGRA~2\APEFOR~1\apexp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-15 19:43:11.094
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\PROGRA~2\APEFOR~1\apexp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 77%
Total physical RAM: 3893.86 MB
Available physical RAM: 858.25 MB
Total Pagefile: 7785.92 MB
Available Pagefile: 5225.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (My Anime System) (Fixed) (Total:248.63 GB) (Free:8.8 GB) NTFS
Drive d: (Windows 7) (Fixed) (Total:34.56 GB) (Free:2.85 GB) NTFS
Drive o: (MULTIBOOT) (Removable) (Total:14.9 GB) (Free:0.96 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1D505CB8)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=34.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=263.2 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=103 MB) - (Type=1C)

========================================================
Disk: 2 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 
I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.


- General Instructions -


  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-



All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-


 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

I'm reviewing your logs now.


  • 0

#3
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

I've reviewed the logs and wanted to provide a few warnings to you and have a few questions before I complete your fix.

 

Step#1 - Warnings

 

The Dangers of P2P Programs

IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

 

FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers

 

I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

 

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.

 

Please uninstall the following Peer-to-Peer program(s): Nakido

To uninstall on Windows 7, you can:

  • Click your Start Orb in the lower left corner of your computer and select Control Panel.
  • Select Uninstall a program from the Programs Category.
  • Locate the program(s) in the list and click Uninstall.

 

No Antivirus Detected
It's critical that you have a reputable antivirus software installed on your machine at all times. One AV is a must have! But never more than one, as this can and will cause conflicts and false readings. I have listed a couple recommended free AV's below which are as good as any paid subscription AV, as long as you allow them to update themselves. Let's not install an AV yet but you can at least decide on which one you will be installing. Also, please stay off the internet except to come here and get instructions until we have an AV installed.
 
Microsoft Security Essentials
Avast! (If you decide on this one, please ensure you uncheck the Google Toolbar and Google Chrome that is offered on the first screen of the install...unless you want them for some reason). In addition if you choose Avast!, please ensure that Windows Defender is disabled. Instructions for doing so are here.

 

CCleaner Warning
I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good.

 

Chrome Development Build

It appears that you have a Development build of Chrome installed. If there's not a specific reason you have this on your machine then it's extremely likely that malware is at fault. We'll deal with this after we clean up your machine so it doesn't leave you vulnerable.

 

Windows Sidebar/Gadgets
I see that you use the Windows Sidebar with Gadgets. Microsoft deems these as a security vulnerability and recommends that they are disabled. Please run the Microsoft Fix-It from here to disable it.

 

Hard-Drive Free Space Advice
The logs show that you only have 3.54% free disk space.

This is considered dangerously low. A Hard-Drive requires a bare minimum of 15% available free space to be able to function correctly, but at least 25% is better in my humble opinion. The lack of free space may prevent any fixes we run from completing. If you want to run the fixes I provide anyway you can do so but just be aware that you may end up having to clear the disk space in order to get them to run completely.

 

The lack of current Hard-Drive space will be impacting on overall system performance. Plus eventually any type of system maintenance will prove to be problematic.
I advise you to uninstall some software you do not need and / or move any documents/files/pictures/music/videos, etc. to a form of removable media.

 

Internet Explorer Outdated

IE needs to be updated...the current version is IE 11 and you have IE 8. We'll be updating this shortly.

 

 

Step#2 - Questions

 

1. It appears you have seven custom host file entries. Are these intentional? One example is below.

154.53.224.146        mega.co.nz

 

2. Did you happen to use the Start Orb Changer at some point to customize your start button experience?

 

3. Are you using uTorrent? I see it running in your logs but don't see it installed.

 

 

Please acknowledge you have read everything and answer my questions. Thank you.


  • 0

#4
The WABBIT

The WABBIT

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Step#1 - Warnings

 

P2P

 

I didn't know about the Nakido P2P being installed. Thanks for pointing it to me.  Have uninstalled it.

 

Anti-Virus

 

No 3rd-party Anti-virus is installed as I am unable to find any truely free anti-virus out there. So I am stuck with MicroBucks Defender.  But, I have just verified that it is turned on.

 

CCleaner

 

I do not use it for cleaning the registry.

 

Windows Sidebar/Gadgets

 

I would turn it off, but one off my apps requires the use of the gadget to diplay information. Untill I can find a replacement app, it will have to remain active. But, I will continue to watch out for any possible malicious use because of it.

 

Hard-Drive Free Space Advice

 

Understood, but as I had already mentioned I had already new of that fact. Will work on getting addition free space needed to get this issue taken care of.

 

Internet Explorer Outdated

 

I do not use IE because of the security, and compatibility, issues that it always has had and will always have.  If I could I would remove it completely from my system.

 

Chrome Development Build

 

I do not have Chrome installed at all. But I do know that to access to Mega.co.nz from Firefox required some Chrome libraries to be installed.  But, I do not know what ones was installed or have control over the installation of them.

 

 

Step#2 - Questions

 

1. Yes, I am aware of the custom host file entries. I have had to enter them to allow access to those specific sites when using one my VPN's.  The specific VPN is not routing all http traffic through if using DNS, so I have to use the host entry to make sure that I was able to access said site.  I have already confirmed that it is a issue with the VPN server itself, not anything on my end.

 

2. Yes, I have used a Start Orb changer to changed the start button. I did this after verifying that Start Orb changer through several online virus scanners.

 

3. Yes, I do have uTorrent running, at times. And no I do not have it installed, not really required as I have it as a portible version.  And yes, I have everything scanned before it is on my system more than 5 mins by 3 online virus scanners.

 

 

I hope this helps.


Edited by The WABBIT, 28 December 2014 - 03:14 PM.

  • 0

#5
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Windows Sidebar/Gadgets
 
I would turn it off, but one off my apps requires the use of the gadget to diplay information. Untill I can find a replacement app, it will have to remain active. But, I will continue to watch out for any possible malicious use because of it.

 

Your decision. I'm just making you aware of the known security hazards if you continue to run the SideBar .

Internet Explorer Outdated
 
I do not use IE because of the security, and compatibility, issues that it always has had and will always have.  If I could I would remove it completely from my system.

I certainly agree with you where IE 8 is concerned. Starting with IE 9 Microsoft began a concerted effort to close the security holes in their browser. Beginning with Vista and on through Windows 7 and 8, IE became a more integral part of the operating system. IE 10 and 11 are just as secure, or more secure, than most browsers out there. And because IE 8 represents such a vulnerability to the operating system, updating IE just as critical to the operating system as any other important Windows update. Even if you don't use IE. Ultimately, the decision is yours.

 

Anti-Virus
 
No 3rd-party Anti-virus is installed as I am unable to find any truely free anti-virus out there. So I am stuck with MicroBucks Defender.  But, I have just verified that it is turned on.

Windows Defender is not an Antivirus in Windows 7. It's an Antispyware program. I've provided two truly free Anti-Virus options above. Again, the decision to install an antivirus program is ultimately yours. But this is a point that we won't compromise on. We are required to install an antivirus program as soon as we think the system is clean enough to accept one.

If you can't agree with that, please let me know now.

 

Our mission here is 2-fold. First, we want to help our members clean their systems. Secondly, and just as important, is educating members about programs they should have and programs they should avoid as possible vehicles to reinfect the system.

The bottom line on all your concerns is that the computer is yours. It's your decision as to what advice you want to follow and what you don't. Except for the AV issue I noted above, I will be happy to help you clean the computer either way. But if you decide not to install or update the programs that will help keep your machine more secure in the future and ignore the known security issues I can all but guarantee that you will be back here or somewhere else.

 

Please let me know if you want to continue.


  • 0

#6
The WABBIT

The WABBIT

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Have installed avast! await your reply


  • 0

#7
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thank you. We didn't want you to install it yet as there could have been conflicts. Since it's installed, let's continue however. Also Happy New Year!

 

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.Attached File  fixlist.txt   3.35KB   110 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - Uninstalls
Please uninstall the following programs one at a time. Instructions for doing so are here.

If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.

 

Note: Unless you specifically need these versions of Java, let's uninstall. When the cleanup is done you will have the opportunity to install the newest version.
Java 7 Update 25 (64-bit)
Java SE Development Kit 7 Update 25 (64-bit)
Java™ 6 Update 20 (64-bit)
Java™ 6 Update 20

Java 2 Runtime Environment Standard Edition v1.2.2

Consumer Input Update Helper

 

Step#3 - FRST Registry Search
1. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
2. Copy and paste the word
Chrome into the Search box and click the Search Registry button.
    Search.JPG
3. When the scan is complete a notepad window will open with the results. Please copy and paste the contents in your next reply. If for some reason notepad doesn't open the file should be
    saved on your desktop named Search.txt.

 

 

Step#4 - File Identification
1. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
2. Copy the word Chrome and paste it into the Search box of the FRST window.
3. Click the Search Files button.
4. When the search is done it will open a notepad window with the results. Please copy/paste the contents of this window into your next post.

 

 

Step#5 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

   

 

Items for your next post

1. FRST Fix log

2. Registry Search log

3. File search log

4. Rootkit Scan log

 


  • 0

#8
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP