Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My computer is infected [Closed]

Started by alshinhap , Mar 22 2015 07:44 AM

  • This topic is locked This topic is locked

#1
alshinhap
Posted 22 March 2015 - 07:44 AM

alshinhap

    New Member

  • Member
  • Pip
  • 1 posts

Hello! My computer has been somehow infected, there are ads pooping and it is constantly running many strange processes.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Administrator (administrator) on MSHINHAP-LAP on 22-03-2015 16:31:59
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator & SQL Server Distributed Replay Controller & SQL Server Distributed Replay Client & MSSQLSERVER (Available profiles: hp & Administrator & SQL Server Distributed Replay Controller & MsDtsServer110 & MSSQLServerOLAPService & SQL Server Distributed Replay Client & MSSQLFDLauncher & SQLSERVERAGENT & MSSQLSERVER & Classic .NET AppPool & KPI Pool & DefaultAppPool & ASP.NET v4.0 Classic & ASP.NET v4.0)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(LG Electronics) C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\SU1M3ZmNlNGY0OQ\b786bdb3c67d.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Dropbox, Inc.) C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\Ssms.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett Packard) C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2011-10-09] (Hewlett-Packard Company)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [B2C_AGENT] => C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [404568 2012-03-28] (LG Electronics)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [f552dd4c52e3] => C:\Program Files (x86)\SU1M3ZmNlNGY0OQ\b786bdb3c67d.exe [2385408 2014-12-21] ()
HKLM\...\Policies\Explorer: [NoDrives] 33554432
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-1586293289-611458422-2201173600-500\...\Run: [GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-11-15] (Google Inc.)
HKU\S-1-5-21-1586293289-611458422-2201173600-500\...\Run: [Mobile Partner] => C:\Program Files (x86)\MobileWiFi\MobileWiFi
HKU\S-1-5-21-1586293289-611458422-2201173600-500\...\Policies\Explorer: [NoDrives] 33554432
HKU\S-1-5-21-1586293289-611458422-2201173600-500\...\MountPoints2: {51028fd0-5cd1-11e4-87c9-e02a82206dd2} - G:\AutoRun.exe /AUTORUN
HKU\S-1-5-21-1586293289-611458422-2201173600-500\...\MountPoints2: {a6bebe3b-c05c-11e4-aa2a-3c4a9202098b} - G:\AutoRun.exe
HKU\S-1-5-21-1586293289-611458422-2201173600-500\...\MountPoints2: {a6bebe4a-c05c-11e4-aa2a-3c4a9202098b} - G:\AutoRun.exe
HKU\S-1-5-21-1586293289-611458422-2201173600-500\...\MountPoints2: {a6bebe71-c05c-11e4-aa2a-3c4a9202098b} - G:\AutoRun.exe
HKU\S-1-5-21-1586293289-611458422-2201173600-500\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-80-1337333740-2787872843-2774717225-1767203911-559312492\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-80-3249811479-2167633679-2115734285-1138413726-166979568\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
AppInit_DLLs: C:\PROGRA~2\SW_X64~1.BOO => C:\Program Files (x86)\SW_x64.Booster [4210176 2014-04-01] ()
AppInit_DLLs-x32: c:\progra~2\sw30e4~1.boo => c:\Program Files (x86)\SW.Booster [4296192 2014-04-01] ()
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\M.Shinhap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-1586293289-611458422-2201173600-500] => 192.168.1.241:8080
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....google.com&OSP=
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....google.com&OSP=
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....google.com&OSP=
HKU\S-1-5-21-1586293289-611458422-2201173600-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1586293289-611458422-2201173600-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-1586293289-611458422-2201173600-500\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....Box&FORM=IESR02
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-80-1337333740-2787872843-2774717225-1767203911-559312492 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-80-3249811479-2167633679-2115734285-1138413726-166979568 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-16] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-16] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler-x32: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files (x86)\Microsoft\Outlook Web Access SMIME Client\mimectl.dll [2010-07-22] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 86.51.34.24 86.51.35.24
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\m0ua27vr.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Extension: Security Protection - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\m0ua27vr.default\Extensions\[email protected] [2014-12-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-18]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\m0ua27vr.default\extensions\[email protected]
 
Chrome: 
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Yahoo Web) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2014-12-28]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-09]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-05]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-09]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-09]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2015-01-13] (Macrovision Europe Ltd.) [File not signed]
R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2015-01-13] (Macrovision Europe Ltd.) [File not signed]
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-15] ()
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-21] (Microsoft Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S2 Medica Service; C:\Program Files (x86)\MedicaPlus\KPI Service\KPIService.exe [40448 2014-11-10] () [File not signed]
S4 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218200 2012-02-11] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S4 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
S4 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe [61538904 2012-02-11] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-03-19] (Enigma Software Group USA, LLC.)
R2 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [137304 2012-02-11] (Microsoft Corporation)
R2 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [342104 2012-02-11] (Microsoft Corporation)
S2 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)
S2 DCE; C:\Program Files\DCE\dce.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R1 b786bdb3c67d; C:\Windows\System32\drivers\b786bdb3c67d.sys [50504 2014-12-21] (Windows ® Win 7 DDK provider)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [43008 2010-10-14] (Motorola, Inc.)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-03-19] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-03-19] ()
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2009-02-10] (EZB Systems, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-22 16:32 - 2015-03-22 16:33 - 00026698 _____ () C:\Users\Administrator\Desktop\FRST.txt
2015-03-22 16:31 - 2015-03-22 16:32 - 00000000 ____D () C:\FRST
2015-03-22 16:27 - 2015-03-22 16:28 - 02095616 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-03-22 11:26 - 2015-03-22 11:27 - 00000000 ____D () C:\Users\Administrator\Desktop\444
2015-03-22 11:26 - 2015-03-22 11:26 - 44464139 _____ () C:\Users\Administrator\Downloads\Spyhunter version 4 cracked.zip
2015-03-22 10:57 - 2015-03-22 10:57 - 00000000 ____D () C:\Users\Administrator\Desktop\SpyHunter 4.14.5.4268 (FULL + Patch)
2015-03-22 10:57 - 2015-03-22 10:50 - 43796875 _____ () C:\Users\Administrator\Desktop\SpyHunter 4.14.5.4268 (FULL + Patch).zip
2015-03-22 10:56 - 2015-03-22 10:57 - 43796875 _____ () C:\Users\Administrator\Downloads\SpyHunter 4.14.5.4268 (FULL + Patch) (1).zip
2015-03-22 10:54 - 2015-03-22 10:54 - 00486400 _____ () C:\Users\Administrator\Downloads\Spy Hunter.exe
2015-03-22 10:49 - 2015-03-22 10:50 - 43796875 _____ () C:\Users\Administrator\Downloads\SpyHunter 4.14.5.4268 (FULL + Patch).zip
2015-03-19 16:35 - 2015-03-19 16:35 - 44409924 _____ () C:\Users\Administrator\Downloads\SpyHunter 4.17.6.4336 (FULL + Patch).zip
2015-03-19 14:24 - 2015-03-19 14:24 - 00000000 _____ () C:\autoexec.bat
2015-03-19 14:22 - 2015-03-19 14:22 - 00001087 _____ () C:\Users\Administrator\Desktop\SpyHunter.lnk
2015-03-19 14:22 - 2015-03-19 14:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-03-19 14:22 - 2015-03-19 14:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Enigma Software Group
2015-03-19 14:22 - 2015-03-19 14:22 - 00000000 ____D () C:\sh4ldr
2015-03-19 14:21 - 2015-03-19 14:21 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-03-19 14:21 - 2015-03-19 14:21 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-03-19 14:20 - 2015-03-19 14:20 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Administrator\Downloads\SpyHunter-Installer.exe
2015-03-19 14:12 - 2015-03-19 14:13 - 00002762 _____ () C:\Users\Administrator\Downloads\FSS.txt
2015-03-19 14:11 - 2015-03-19 14:11 - 00415232 _____ (Farbar) C:\Users\Administrator\Downloads\FSS.exe
2015-03-03 01:01 - 2015-03-03 01:01 - 00000038 _____ () C:\Users\Administrator\Desktop\رواتر موبيلي الشبح.txt
2015-03-02 02:04 - 2015-03-02 02:04 - 00000028 _____ () C:\Users\Administrator\Desktop\zain.txt
2015-03-02 01:17 - 2015-03-02 01:17 - 00001168 _____ () C:\Users\Public\Desktop\MobileWiFi.lnk
2015-03-02 01:17 - 2015-03-02 01:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2015-03-02 01:17 - 2015-03-02 01:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf
2015-03-02 01:17 - 2015-03-02 01:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2015-03-02 01:16 - 2015-03-02 01:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2015-03-02 01:16 - 2014-05-16 08:49 - 00124800 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_cdcacm.sys
2015-03-02 01:16 - 2014-05-04 11:26 - 00379392 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_wwanecm.sys
2015-03-02 01:16 - 2014-03-27 03:19 - 00457728 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2015-03-02 01:16 - 2013-11-30 12:11 - 00246272 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2015-03-02 01:16 - 2013-11-30 12:10 - 00110592 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2015-03-02 01:16 - 2013-11-30 12:10 - 00091648 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2015-03-02 01:16 - 2013-11-30 12:10 - 00077312 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2015-03-02 01:16 - 2013-11-30 12:10 - 00030720 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2015-03-02 01:16 - 2013-11-30 11:55 - 00226176 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2015-03-02 01:16 - 2013-01-25 04:16 - 00109568 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2015-03-02 01:16 - 2012-12-22 04:46 - 00014976 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2015-03-02 01:16 - 2012-08-20 03:37 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2015-03-02 01:16 - 2012-08-20 03:37 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2015-03-02 01:16 - 2010-10-08 11:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2015-03-02 01:16 - 2010-09-26 13:09 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2015-03-02 01:15 - 2015-03-02 01:17 - 00000000 ____D () C:\ProgramData\DatacardService
2015-03-02 01:15 - 2015-03-02 01:16 - 00000000 ____D () C:\Program Files (x86)\MobileWiFi
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-22 16:17 - 2012-04-14 18:36 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-22 16:11 - 2013-12-04 15:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype
2015-03-22 10:53 - 2014-06-23 13:16 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-03-22 10:44 - 2012-03-22 09:29 - 01478906 _____ () C:\Windows\WindowsUpdate.log
2015-03-22 10:14 - 2012-04-14 18:36 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-18 15:59 - 2013-12-04 12:42 - 00000000 ____D () C:\Users\Administrator\Documents\SQL Server Management Studio
2015-03-18 15:15 - 2015-01-01 17:41 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-03-18 15:15 - 2015-01-01 17:41 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-03-17 14:53 - 2013-12-05 13:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Dropbox
2015-03-17 14:52 - 2013-12-05 13:56 - 00001045 _____ () C:\Users\Administrator\Desktop\Dropbox.lnk
2015-03-17 14:52 - 2013-12-05 13:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-17 14:47 - 2009-07-14 07:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-17 14:47 - 2009-07-14 07:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-17 14:41 - 2009-07-14 08:13 - 01218704 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-17 14:36 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-03-17 14:35 - 2012-06-30 01:57 - 00002397 _____ () C:\Windows\SysWOW64\lgAxconfig.ini
2015-03-17 14:34 - 2015-02-10 01:59 - 00011592 _____ () C:\Windows\setupact.log
2015-03-17 14:34 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-17 13:51 - 2014-11-19 13:44 - 00023941 _____ () C:\Windows\MedicaData.xml
2015-03-16 16:15 - 2013-11-21 11:39 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-16 16:15 - 2013-11-21 11:39 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-16 16:11 - 2014-06-29 10:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-03 16:17 - 2010-11-21 06:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2014-04-01 11:56 - 2014-04-01 11:56 - 4296192 _____ () C:\Program Files (x86)\SW.Booster
2014-04-01 11:56 - 2014-04-01 11:56 - 0174928 _____ () C:\Program Files (x86)\SWSvc.dll
2014-04-01 11:56 - 2014-04-01 11:56 - 4210176 _____ () C:\Program Files (x86)\SW_x64.Booster
2013-12-23 13:44 - 2013-12-23 13:44 - 0000101 _____ () C:\Users\Administrator\AppData\Local\fusioncache.dat
2015-01-13 09:52 - 2015-01-21 19:36 - 0003850 _____ () C:\Users\Administrator\AppData\Local\mbt-actwiz.log
2014-11-10 15:22 - 2014-11-11 08:47 - 0007631 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdidvq6.dll
C:\Users\Administrator\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-17 15:55
 

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Administrator at 2015-03-22 16:34:09
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
ActiveGanttVB Scheduler Component V2.6.4 Release (HKLM-x32\...\{5EF99E18-14F2-4E85-A125-1ECBDC62F043}) (Version: 2.6.4 - The Source Code Store LLC)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Advanced Archive Password Recovery (HKU\S-1-5-21-1586293289-611458422-2201173600-500\...\Advanced Archive Password Recovery) (Version: 4.53 - ElcomSoft Co. Ltd.)
AxCrypt 1.7.2931.0 (HKLM\...\{E191812E-F3A0-4F87-98D9-DCD03321278D}) (Version: 1.7.2931.0 - Axantum Software AB)
Beyond Compare Version 3.3.4 (HKLM-x32\...\BeyondCompare3_is1) (Version:  - Scooter Software)
Calder (HKLM-x32\...\{CCC0DA0F-4CAF-4F9D-842F-794C0DA47382}) (Version: 2.4.4 - Microsoft)
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Crystal Reports (HKLM-x32\...\{7699B723-9718-41DE-8C18-549F341C02CE}) (Version: 8.5.0.2176 - Seagate Software, Inc.)
Crystal Reports 2008 SP3 (HKLM-x32\...\{068857D8-FDD1-4F29-8F74-E9DE91E8A587}) (Version: 12.3.0.601 - SAP AG)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Distributed Computing Experiment (HKLM\...\Distributed Computing Experiment) (Version:  - )
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
Dropbox (HKU\S-1-5-21-1586293289-611458422-2201173600-500\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 5.0.12201.1116 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM276DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 3.0.26.8 - HP) Hidden
HPLaserJet200color-MFPM276_HelpLearnCenter_SI (HKLM-x32\...\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden
HPLJUTM276 (x32 Version: 3.00.0003 - HP) Hidden
hppFaxDrvM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
hppSendFaxM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM276 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.7.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.7.0 - )
KPI Service (HKLM-x32\...\{8569633F-CA9D-4427-8980-CD487B571611}) (Version: 1.0.0 - MedicaPlus)
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Outlook Web Access S/MIME (2007) (HKLM-x32\...\{CF1A6387-88F6-4BD9-B0BE-EA1AF7024C7C}) (Version: 8.3.105.0 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{A007BD05-ECFD-4F64-89F6-7E95F91F0DFB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Policies  (HKLM-x32\...\{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{5DDC2234-4B37-45BC-AD33-41F1469B4D83}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{CC8B009A-98C9-497F-99AF-CEBE35D8C0CF}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools – Database Projects – Web installer entry point (HKLM-x32\...\{F3BBC56F-2282-4464-952F-A89772181F30}) (Version: 10.3.20116.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (HKLM-x32\...\{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{88BAE373-00F4-3E33-828F-96E89E5E0CB9}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 6.0 Enterprise Edition (HKLM-x32\...\Visual Studio 6.0 Enterprise Edition) (Version:  - )
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications Design-Time 3.0 (HKLM-x32\...\{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x64 Runtime 3.0 (HKLM\...\{F14401A9-F0A0-33CC-8444-F60823A60DEB}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 (HKLM-x32\...\{191A6F65-6878-398D-A272-EF011B80F371}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft VM for Java (HKLM-x32\...\MsJavaVM) (Version:  - )
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version:  - )
MobileWiFi (HKLM-x32\...\MobileWiFi) (Version: TOOL-ConnLaucher_WIN1.12.10.00 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 13.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 13.0.1 (x86 en-US)) (Version: 13.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 13.0.1 - Mozilla)
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Ralink Motorola BC4 Bluetooth 3.0+HS Adapter (HKLM\...\1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1) (Version: 3.0.42.280 - Motorola, Inc.)
RAR Password Unlocker 4.2.0.0 (HKLM-x32\...\{B789FA51-6A71-408F-92DE-EDE4A517B8F9}_is1) (Version:  - Password Unlocker Studio)
Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
SAP Crystal Reports runtime engine for .NET Framework (32-bit) (HKLM-x32\...\{4A10D640-13F1-4A13-BAD1-3E3790511B17}) (Version: 13.0.10.1385 - SAP)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
SQL Server 2008 R2 Common Files (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2012 Analysis Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 BI Development Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Client Tools (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality client (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality service (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Distributed Replay (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Documentation Components (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Full text search (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Integration Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Master Data Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 SQL Data Quality Common (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
T2MP3 Setup (HKLM-x32\...\{EB16F226-A0D6-4C34-859D-49EDC1499D21}) (Version: 1.0.0 - speechworkers)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)
UltraISO Premium V9.35 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Uninstall AdeptSQL Diff (HKLM-x32\...\{BAA4F196-E731-415B-A330-A046A8339C72}_is1) (Version: 1.98 [Build 104] - Adept SQL Tools)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{6A1F4E2C-D10A-411B-A95C-EC6D38066DA7}) (Version: 4.1.60909.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinRAR 5.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1586293289-611458422-2201173600-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586293289-611458422-2201173600-500_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586293289-611458422-2201173600-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586293289-611458422-2201173600-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586293289-611458422-2201173600-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586293289-611458422-2201173600-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586293289-611458422-2201173600-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586293289-611458422-2201173600-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586293289-611458422-2201173600-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586293289-611458422-2201173600-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
20-02-2015 09:59:17 Windows Update
25-02-2015 13:58:34 Windows Update
02-03-2015 01:00:06 Windows Update
07-03-2015 15:42:36 Windows Update
16-03-2015 13:15:42 Windows Update
22-03-2015 10:24:47 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 05:34 - 2015-02-18 14:48 - 00000887 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1349E49D-FBFA-4839-9D4D-60974F4981E9} - System32\Tasks\SPMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SYSPLA~2.DLL ,Command701 update1 <==== ATTENTION
Task: {45ACB199-D79F-4D1F-A2AA-3F74B062851F} - System32\Tasks\{D5ADDFFE-0E98-4999-97E3-9F554314ACC3} => C:\speechworkers\T2MP3 Setup\T2M.exe
Task: {5A3DC48A-1B98-43E0-8640-5F67589C4C4A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-14] (Google Inc.)
Task: {7EEB9197-9CF8-4E2D-85F1-ED750E13CF08} - System32\Tasks\{BA56761A-0D40-482B-ADA9-5525ECF1F94C} => pcalua.exe -a C:\Users\Administrator\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=sky
Task: {8428DD6B-1E8E-455E-B27A-8C84FF7C0B60} - System32\Tasks\{562152E9-B1F6-4FAD-B405-6204A51273A1} => pcalua.exe -a C:\Users\M.Shinhap\Downloads\B2CAppSetup.exe -d C:\Users\M.Shinhap\Downloads
Task: {92F38E6A-C46E-4662-8DBE-E70C9E0E53FD} - System32\Tasks\{A38D143B-8229-4AD1-B2C3-90F7D1E9F9FC} => C:\speechworkers\T2MP3 Setup\T2M.exe
Task: {CB5D2E12-27E2-46AE-BBEB-AEBCD6CC8885} - System32\Tasks\SysPlayerUpd => C:\Program Files (x86)\SysPlayer\updater.exe [2013-12-18] (Goobzo)
Task: {D0207692-8FB3-435E-A3B0-247A3C299525} - System32\Tasks\{52C06D99-D940-4415-8D94-D74A3F9452D9} => C:\speechworkers\T2MP3 Setup\T2M.exe
Task: {D1784709-DA8C-4C04-8F22-AD84A677CECC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-14] (Google Inc.)
Task: {E1DF2AE8-530D-42E0-BDED-FF1C5D345DF7} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard)
Task: {EA7E5804-538E-44DA-B844-7F29C616EC5A} - System32\Tasks\{51B75F8A-3939-471D-9310-82B876DC03F4} => C:\speechworkers\T2MP3 Setup\T2M.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-01-15 06:42 - 2014-01-15 06:42 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2015-01-13 09:36 - 2010-10-25 16:44 - 21705296 _____ () C:\Program Files\Motorola\Bluetooth\btmshell.dll
2014-12-21 04:27 - 2014-12-21 04:27 - 02385408 _____ () C:\Program Files (x86)\SU1M3ZmNlNGY0OQ\b786bdb3c67d.exe
2015-03-05 01:08 - 2015-03-05 01:08 - 00750080 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-17 14:53 - 2015-03-17 14:53 - 00043008 _____ () c:\Users\Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdidvq6.dll
2015-03-05 01:08 - 2015-03-05 01:08 - 00047616 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-05 01:08 - 2015-03-05 01:08 - 00865280 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-05 01:07 - 2015-03-05 01:07 - 00200704 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2011-10-05 04:52 - 2011-10-05 04:52 - 00756048 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2008-10-26 06:42 - 2008-10-26 06:42 - 00065376 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2006-10-27 16:35 - 2006-10-27 16:35 - 00436512 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2014-04-01 11:56 - 2014-04-01 11:56 - 04296192 _____ () c:\Program Files (x86)\SW.Booster
2014-11-20 10:26 - 2014-11-15 00:15 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libglesv2.dll
2014-11-20 10:26 - 2014-11-15 00:15 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libegl.dll
2014-11-20 10:26 - 2014-11-15 00:15 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\pdf.dll
2014-11-20 10:26 - 2014-11-15 00:15 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:B3DC73B7
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1586293289-611458422-2201173600-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 86.51.34.24 - 86.51.35.24
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1586293289-611458422-2201173600-500 - Administrator - Enabled) => C:\Users\Administrator
ASPNET (S-1-5-21-1586293289-611458422-2201173600-1015 - Limited - Enabled)
Guest (S-1-5-21-1586293289-611458422-2201173600-501 - Limited - Disabled)
hp (S-1-5-21-1586293289-611458422-2201173600-1000 - Limited - Enabled) => C:\Users\hp
m.shinhap (S-1-5-21-1586293289-611458422-2201173600-1023 - Administrator - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: iphttpsinterface
Description: Microsoft IP-HTTPS Platform Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft Loopback Adapter
Description: Microsoft Loopback Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: msloop
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/22/2015 02:34:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.0.0.102 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1424
 
Start Time: 01d061687aaa46e1
 
Termination Time: 759
 
Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe
 
Report Id: 7029855f-d087-11e4-9635-3c4a9202098b
 
Error: (03/22/2015 00:01:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x546fdf97
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000005339d
Faulting process id: 0x2c74
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (03/22/2015 11:32:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x546fdf97
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000005339d
Faulting process id: 0x2e9c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (03/22/2015 11:16:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x546fdf97
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000005339d
Faulting process id: 0x2bc0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (03/22/2015 11:16:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x546fdf97
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000005339d
Faulting process id: 0x1194
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (03/22/2015 11:15:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x546fdf97
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000005339d
Faulting process id: 0x2c28
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (03/22/2015 11:08:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x546fdf97
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000005339d
Faulting process id: 0x2308
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (03/22/2015 11:03:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x546fdf97
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000005339d
Faulting process id: 0x24bc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (03/22/2015 10:15:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x546fdf97
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000005339d
Faulting process id: 0x2eb4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (03/19/2015 04:35:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x546fdf97
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000005339d
Faulting process id: 0x11bc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
 
System errors:
=============
Error: (03/22/2015 04:35:35 PM) (Source: DCOM) (EventID: 10016) (User: NT SERVICE)
Description: application-specificLocalActivation{6DF8CB71-153B-4C66-8FC4-E59301B8011B}{961AD749-64E9-4BD5-BCC8-ECE8BA0E241F}NT SERVICESQL Server Distributed Replay ClientS-1-5-80-3249811479-2167633679-2115734285-1138413726-166979568LocalHost (Using LRPC)
 
Error: (03/22/2015 04:35:32 PM) (Source: DCOM) (EventID: 10016) (User: NT SERVICE)
Description: application-specificLocalActivation{6DF8CB71-153B-4C66-8FC4-E59301B8011B}{961AD749-64E9-4BD5-BCC8-ECE8BA0E241F}NT SERVICESQL Server Distributed Replay ClientS-1-5-80-3249811479-2167633679-2115734285-1138413726-166979568LocalHost (Using LRPC)
 
Error: (03/22/2015 04:35:29 PM) (Source: DCOM) (EventID: 10016) (User: NT SERVICE)
Description: application-specificLocalActivation{6DF8CB71-153B-4C66-8FC4-E59301B8011B}{961AD749-64E9-4BD5-BCC8-ECE8BA0E241F}NT SERVICESQL Server Distributed Replay ClientS-1-5-80-3249811479-2167633679-2115734285-1138413726-166979568LocalHost (Using LRPC)
 
Error: (03/22/2015 04:35:26 PM) (Source: DCOM) (EventID: 10016) (User: NT SERVICE)
Description: application-specificLocalActivation{6DF8CB71-153B-4C66-8FC4-E59301B8011B}{961AD749-64E9-4BD5-BCC8-ECE8BA0E241F}NT SERVICESQL Server Distributed Replay ClientS-1-5-80-3249811479-2167633679-2115734285-1138413726-166979568LocalHost (Using LRPC)
 
Error: (03/22/2015 04:35:23 PM) (Source: DCOM) (EventID: 10016) (User: NT SERVICE)
Description: application-specificLocalActivation{6DF8CB71-153B-4C66-8FC4-E59301B8011B}{961AD749-64E9-4BD5-BCC8-ECE8BA0E241F}NT SERVICESQL Server Distributed Replay ClientS-1-5-80-3249811479-2167633679-2115734285-1138413726-166979568LocalHost (Using LRPC)
 
Error: (03/22/2015 04:35:20 PM) (Source: DCOM) (EventID: 10016) (User: NT SERVICE)
Description: application-specificLocalActivation{6DF8CB71-153B-4C66-8FC4-E59301B8011B}{961AD749-64E9-4BD5-BCC8-ECE8BA0E241F}NT SERVICESQL Server Distributed Replay ClientS-1-5-80-3249811479-2167633679-2115734285-1138413726-166979568LocalHost (Using LRPC)
 
Error: (03/22/2015 04:35:17 PM) (Source: DCOM) (EventID: 10016) (User: NT SERVICE)
Description: application-specificLocalActivation{6DF8CB71-153B-4C66-8FC4-E59301B8011B}{961AD749-64E9-4BD5-BCC8-ECE8BA0E241F}NT SERVICESQL Server Distributed Replay ClientS-1-5-80-3249811479-2167633679-2115734285-1138413726-166979568LocalHost (Using LRPC)
 
Error: (03/22/2015 04:35:14 PM) (Source: DCOM) (EventID: 10016) (User: NT SERVICE)
Description: application-specificLocalActivation{6DF8CB71-153B-4C66-8FC4-E59301B8011B}{961AD749-64E9-4BD5-BCC8-ECE8BA0E241F}NT SERVICESQL Server Distributed Replay ClientS-1-5-80-3249811479-2167633679-2115734285-1138413726-166979568LocalHost (Using LRPC)
 
Error: (03/22/2015 04:35:11 PM) (Source: DCOM) (EventID: 10016) (User: NT SERVICE)
Description: application-specificLocalActivation{6DF8CB71-153B-4C66-8FC4-E59301B8011B}{961AD749-64E9-4BD5-BCC8-ECE8BA0E241F}NT SERVICESQL Server Distributed Replay ClientS-1-5-80-3249811479-2167633679-2115734285-1138413726-166979568LocalHost (Using LRPC)
 
Error: (03/22/2015 04:35:08 PM) (Source: DCOM) (EventID: 10016) (User: NT SERVICE)
Description: application-specificLocalActivation{6DF8CB71-153B-4C66-8FC4-E59301B8011B}{961AD749-64E9-4BD5-BCC8-ECE8BA0E241F}NT SERVICESQL Server Distributed Replay ClientS-1-5-80-3249811479-2167633679-2115734285-1138413726-166979568LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 75%
Total physical RAM: 2997.86 MB
Available physical RAM: 723.32 MB
Total Pagefile: 6821.53 MB
Available Pagefile: 756.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:102.68 GB) (Free:5.83 GB) NTFS
Drive d: () (Fixed) (Total:195.31 GB) (Free:1.28 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================

 

 


  • 0

Advertisements

#2
Essexboy
Posted 22 March 2015 - 11:22 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, first a word of warning.. Downloading a cracked antimalware programme may well mean that you end up with more than you started with

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [f552dd4c52e3] => C:\Program Files (x86)\SU1M3ZmNlNGY0OQ\b786bdb3c67d.exe [2385408 2014-12-21] ()
AppInit_DLLs: C:\PROGRA~2\SW_X64~1.BOO => C:\Program Files (x86)\SW_x64.Booster [4210176 2014-04-01] ()
AppInit_DLLs-x32: c:\progra~2\sw30e4~1.boo => c:\Program Files (x86)\SW.Booster [4296192 2014-04-01] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1586293289-611458422-2201173600-500] => 192.168.1.241:8080
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
FF Extension: Security Protection - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\m0ua27vr.default\Extensions\[email protected] [2014-12-23]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\m0ua27vr.default\extensions\[email protected]
S2 DCE; C:\Program Files\DCE\dce.exe [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-03-19] (Enigma Software Group USA, LLC.)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-03-19] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-03-19] ()
2015-03-22 11:26 - 2015-03-22 11:26 - 44464139 _____ () C:\Users\Administrator\Downloads\Spyhunter version 4 cracked.zip
2015-03-22 10:57 - 2015-03-22 10:57 - 00000000 ____D () C:\Users\Administrator\Desktop\SpyHunter 4.14.5.4268 (FULL + Patch)
2015-03-22 10:57 - 2015-03-22 10:50 - 43796875 _____ () C:\Users\Administrator\Desktop\SpyHunter 4.14.5.4268 (FULL + Patch).zip
2015-03-22 10:56 - 2015-03-22 10:57 - 43796875 _____ () C:\Users\Administrator\Downloads\SpyHunter 4.14.5.4268 (FULL + Patch) (1).zip
2015-03-22 10:54 - 2015-03-22 10:54 - 00486400 _____ () C:\Users\Administrator\Downloads\Spy Hunter.exe
2015-03-22 10:49 - 2015-03-22 10:50 - 43796875 _____ () C:\Users\Administrator\Downloads\SpyHunter 4.14.5.4268 (FULL + Patch).zip
2015-03-19 16:35 - 2015-03-19 16:35 - 44409924 _____ () C:\Users\Administrator\Downloads\SpyHunter 4.17.6.4336 (FULL + Patch).zip
2015-03-19 14:22 - 2015-03-19 14:22 - 00001087 _____ () C:\Users\Administrator\Desktop\SpyHunter.lnk
2015-03-19 14:22 - 2015-03-19 14:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-03-19 14:22 - 2015-03-19 14:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Enigma Software Group
2015-03-19 14:21 - 2015-03-19 14:21 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-03-19 14:20 - 2015-03-19 14:20 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Administrator\Downloads\SpyHunter-Installer.exe
2015-03-19 14:21 - 2015-03-19 14:21 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-04-01 11:56 - 2014-04-01 11:56 - 4296192 _____ () C:\Program Files (x86)\SW.Booster
2014-04-01 11:56 - 2014-04-01 11:56 - 0174928 _____ () C:\Program Files (x86)\SWSvc.dll
2014-04-01 11:56 - 2014-04-01 11:56 - 4210176 _____ () C:\Program Files (x86)\SW_x64.Booster
Task: {1349E49D-FBFA-4839-9D4D-60974F4981E9} - System32\Tasks\SPMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SYSPLA~2.DLL ,Command701 update1 <==== ATTENTION
Task: {7EEB9197-9CF8-4E2D-85F1-ED750E13CF08} - System32\Tasks\{BA56761A-0D40-482B-ADA9-5525ECF1F94C} => pcalua.exe -a C:\Users\Administrator\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=sky
Task: {8428DD6B-1E8E-455E-B27A-8C84FF7C0B60} - System32\Tasks\{562152E9-B1F6-4FAD-B405-6204A51273A1} => pcalua.exe -a C:\Users\M.Shinhap\Downloads\B2CAppSetup.exe -d C:\Users\M.Shinhap\Downloads
Task: {92F38E6A-C46E-4662-8DBE-E70C9E0E53FD} - System32\Tasks\{A38D143B-8229-4AD1-B2C3-90F7D1E9F9FC} => C:\speechworkers\T2MP3 Setup\T2M.exe
Task: {CB5D2E12-27E2-46AE-BBEB-AEBCD6CC8885} - System32\Tasks\SysPlayerUpd => C:\Program Files (x86)\SysPlayer\updater.exe [2013-12-18] (Goobzo)
C:\Program Files\DCE
C:\Program Files (x86)\SU1M3ZmNlNGY0OQ
C:\PROGRA~1\COMMON~1\System\SYSPLA~2.DLL
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.
FINALLY

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
Essexboy
Posted 27 March 2015 - 12:56 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP