Jump to content

jjoyner1985

Honorary Members
  • Posts

    31
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Sorry about the delay on replying. I'm in the process of leaving my current job and starting a new one. So, it's become very busy around here lately. Anyhow, I have pointed this thread out to the owner of the PC and emphasized the importance of your last post and the links therein. Also, I just completed the donation process. Thank you for your help. Mods, you have the greenlight from me to close this thread.
  2. Here you are. Deleted : C:\Users\savas.kyriakidis\Desktop\JRT.txtDeleted : C:\Users\savas.kyriakidis\Downloads\ComboFix.exeDeleted : C:\Windows\grep.exeDeleted : C:\Windows\PEV.exeDeleted : C:\Windows\NIRCMD.exeDeleted : C:\Windows\MBR.exeDeleted : C:\Windows\SED.exeDeleted : C:\Windows\SWREG.exeDeleted : C:\Windows\SWSC.exeDeleted : C:\Windows\SWXCACLS.exeDeleted : C:\Windows\Zip.exeDeleted : HKLM\SOFTWARE\AdwCleanerDeleted : HKLM\SOFTWARE\SwearwareDeleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe ~ Cleaning system restore ... Deleted : RP #2081 [scheduled Checkpoint | 08/11/2014 02:11:41]Deleted : RP #2082 [scheduled Checkpoint | 08/11/2014 15:01:42]Deleted : RP #2083 [scheduled Checkpoint | 08/12/2014 10:45:08]Deleted : RP #2084 [scheduled Checkpoint | 08/14/2014 02:36:25]Deleted : RP #2086 [Tuneup Pro Thu, Aug 14, 14 17:59 | 08/14/2014 21:59:38]Deleted : RP #2088 [Advanced-System Protector | 08/14/2014 23:31:34]Deleted : RP #2089 [Removed SofTest | 08/15/2014 23:47:04]Deleted : RP #2090 [Removed DriverUpdate | 08/16/2014 13:18:06]Deleted : RP #2091 [Removed HTC Sync. | 08/16/2014 13:29:10]Deleted : RP #2092 [Removed HTC Sync. | 08/16/2014 13:44:46]Deleted : RP #2093 [Removed HTC BMP USB Driver. | 08/16/2014 14:02:17]Deleted : RP #2095 [Advanced-System Protector | 08/16/2014 16:47:50]Deleted : RP #2096 [installed AVG 2014 | 08/16/2014 21:58:06]Deleted : RP #2097 [Removed SlimCleaner Plus | 08/16/2014 22:11:41]Deleted : RP #2098 [Removed HTC Driver Installer. | 08/16/2014 22:14:50]Deleted : RP #2099 [installed AVG 2014 | 08/17/2014 19:56:09]Deleted : RP #2100 [installed AVG 2014 | 08/17/2014 19:59:04]Deleted : RP #2101 [Removed AVG 2014 | 08/17/2014 20:03:04]Deleted : RP #2102 [installed AVG 2011 | 08/17/2014 20:04:51]Deleted : RP #2103 [installed AVG 2014 | 08/17/2014 21:08:16]Deleted : RP #2104 [installed AVG 2014 | 08/17/2014 21:16:20]Deleted : RP #2105 [Removed AVG 2014 | 08/17/2014 21:24:43]Deleted : RP #2106 [installed AVG 2011 | 08/17/2014 21:26:10]Deleted : RP #2108 [Advanced-System Protector | 08/19/2014 21:04:48]Deleted : RP #2110 [Advanced-System Protector | 08/21/2014 01:40:12]Deleted : RP #2111 [Checkpoint by HitmanPro | 08/23/2014 20:47:11]Deleted : RP #2112 [Removed AVG 2011 | 08/26/2014 12:19:57]Deleted : RP #2113 [Removed AVG 2011 | 08/26/2014 12:22:43]Deleted : RP #2114 [scheduled Checkpoint | 08/27/2014 04:00:00]Deleted : RP #2115 [Removed AVG 2011 | 08/27/2014 13:28:23]Deleted : RP #2117 [avast! antivirus system restore point | 08/27/2014 14:51:04]Deleted : RP #2118 [Removed Dell Dock | 08/27/2014 20:12:59]Deleted : RP #2119 [Removed Java 6 Update 5 | 08/27/2014 20:28:20] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ########## Thank you for all of your help. I will be donating.
  3. So, just an update from me? No scan? The system appears to be working much better now. The safer/codeidentifiers/0 section of the registry has not added back any restrictions on what applications can be run. No more Chrome auto-generating windows are appearing, pointed to an IP address. Everything looks good now, in my opinion.
  4. I'm afraid I'm not really sure what you are wanting, as your last post did not specify how you wanted me to update you about any remaining issues. I assume, because your last message consisted on a quote to your last reply yesterday concerning the Security Check log, that you want me to run that scan again. Here are the results. Results of screen317's Security Check version 0.99.87 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Adobe Reader 10.1.11 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0 % ````````````````````End of Log`````````````````````` As you can see, they are the same as my reply yesterday.
  5. Okay. From playing around with Adobe's site, apparently Reader XI isn't available for Vista. So, that explains that.
  6. Here you go: Results of screen317's Security Check version 0.99.87 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Adobe Reader 10.1.11 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0 % ````````````````````End of Log`````````````````````` About the line stating that Reader is out of date, I checked for updates from the program, and it claims that this version is the most up-to-date. I know Reader XI is out there, but Adobe doesn't seem to want to let me download it. If this isn't a serious concern, then just ignore this last part of my post.
  7. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:23-08-2014 Ran by savas.kyriakidis at 2014-08-27 14:33:58 Run:2 Running from F:\ Boot Mode: Normal ============================================== Content of fixlist: ***************** start HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/w...C05RDIwQy0zN1RT"&"inst=NzctMTIyNzA3NzAwOS1GSSsxLUZMMTArMS1ERFQrMC1UVUcrMy1MU0QrM (the data entry has 100 more characters). Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Metacafe.lnk ShortcutTarget: Metacafe.lnk -> C:\$RECYCLE.BIN\S-1-5-21-3726736968-409882640-1958551794-1000\MetacafeAgent.exe (No File) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] 2014-08-22 14:00 - 2014-08-23 16:48 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-08-20 18:46 - 2014-08-20 18:46 - 00000666 _____ () C:\Toolbars.dat 2014-08-19 23:07 - 2014-08-27 09:44 - 00000000 ____D () C:\ProgramData\GlarySoft 2014-08-17 16:29 - 2014-08-17 16:29 - 04763288 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4745.exe 2014-08-17 15:54 - 2014-08-17 15:54 - 04462440 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe 2014-08-16 17:04 - 2014-08-16 17:05 - 04755832 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_free_stb_all_2014_4744_cnet.exe 2014-08-15 13:32 - 2014-08-15 13:32 - 06534584 _____ (Systweak Software ) C:\Users\savas.kyriakidis\Downloads\PCDiagnosisProTPSSetup.exe 2014-08-14 18:19 - 2014-08-27 09:44 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\GlarySoft 2014-08-14 18:19 - 2014-08-23 11:16 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\DiskDefrag 2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (5).exe 2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (4).exe 2014-08-14 18:15 - 2014-08-14 18:16 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (3).exe 2014-08-14 18:15 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (2).exe 2014-08-14 18:14 - 2014-08-14 18:14 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (1).exe 2014-08-14 18:13 - 2014-08-14 18:13 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup.exe 2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803173445318587.exe 2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803172000784607.exe 2014-08-14 17:37 - 2014-08-14 17:40 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809374825884190.exe 2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809372042763201.exe 2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809371092783465.exe 2014-08-27 10:44 - 2011-07-10 19:25 - 00000000 ____D () C:\Program Files\AVG 2014-08-27 10:41 - 2014-08-27 10:41 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\savas.kyriakidis\Downloads\avg_remover_stf_x86_2014_4116.exe 2014-08-27 09:44 - 2014-08-19 23:07 - 00000000 ____D () C:\ProgramData\GlarySoft 2014-08-27 09:44 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\GlarySoft 2014-08-22 14:32 - 2014-08-22 14:32 - 00000000 ____D () C:\Users\savas.kyriakidis\Documents\ProcAlyzer Dumps 2014-08-16 12:05 - 2014-08-16 12:05 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc 2014-08-16 12:05 - 2014-08-15 20:57 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc 2014-08-16 12:04 - 2014-08-16 12:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Downloaded Installers 2014-08-16 09:22 - 2014-08-15 20:56 - 00000000 ____D () C:\Program Files\DriverUpdate AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 Task: {FCAFF07B-D3AC-4A0C-A6E2-6C23DFC270C9} - \{B7983C11-5FD9-12B1-4EAA-DE223F2AD5D5} No Task File <==== ATTENTION Task: {C22BB22A-70B9-4AEA-B6E6-2234A457F078} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - savas.kyriakidis) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe C:\Program Files\SlimCleaner Plus Task: {C22BB22A-70B9-4AEA-B6E6-2234A457F078} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - savas.kyriakidis) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe Task: {788B04FA-AA4F-4BCC-9AAE-A2881E7E64E6} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION Task: {510F6543-BD19-48A5-9E5E-D5E371879760} - System32\Tasks\AVG\PC Tuneup 2011\Integrator\Start On Rita Logon => C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe C:\Program Files\AVG Task: {510F6543-BD19-48A5-9E5E-D5E371879760} - System32\Tasks\AVG\PC Tuneup 2011\Integrator\Start On Rita Logon => C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe Task: {30B9F70E-3CAE-49C3-9D96-BE89B7AA59AB} - \Time Trigger Test Task No Task File <==== ATTENTION Task: {2343967C-C69F-44DE-8AA3-E9113A3466E5} - \Security Center Update - 754758581 No Task File <==== ATTENTION Task: {1D455FF0-01E6-438C-A9D6-27C72AC03552} - \PC Performer No Task File <==== ATTENTION CMD: netsh winsock reset EmptyTemp: end ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL => value deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Metacafe.lnk => Moved successfully. C:\$RECYCLE.BIN\S-1-5-21-3726736968-409882640-1958551794-1000\MetacafeAgent.exe not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. "HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found. Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007" => Key deleted successfully. catchme => Service deleted successfully. C:\ProgramData\HitmanPro => Moved successfully. C:\Toolbars.dat => Moved successfully. C:\ProgramData\GlarySoft => Moved successfully. C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4745.exe => Moved successfully. C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe => Moved successfully. C:\Users\savas.kyriakidis\Downloads\avg_free_stb_all_2014_4744_cnet.exe => Moved successfully. C:\Users\savas.kyriakidis\Downloads\PCDiagnosisProTPSSetup.exe => Moved successfully. C:\Users\savas.kyriakidis\AppData\Roaming\GlarySoft => Moved successfully. C:\Users\savas.kyriakidis\AppData\Roaming\DiskDefrag => Moved successfully. C:\Users\savas.kyriakidis\Downloads\gu5setup (5).exe => Moved successfully. C:\Users\savas.kyriakidis\Downloads\gu5setup (4).exe => Moved successfully. C:\Users\savas.kyriakidis\Downloads\gu5setup (3).exe => Moved successfully. C:\Users\savas.kyriakidis\Downloads\gu5setup (2).exe => Moved successfully. C:\Users\savas.kyriakidis\Downloads\gu5setup (1).exe => Moved successfully. C:\Users\savas.kyriakidis\Downloads\gu5setup.exe => Moved successfully. C:\Users\savas.kyriakidis\Downloads\tall_150803173445318587.exe => Moved successfully. C:\Users\savas.kyriakidis\Downloads\tall_150803172000784607.exe => Moved successfully. C:\Users\savas.kyriakidis\Downloads\tall_140809374825884190.exe => Moved successfully. C:\Users\savas.kyriakidis\Downloads\tall_140809372042763201.exe => Moved successfully. C:\Users\savas.kyriakidis\Downloads\tall_140809371092783465.exe => Moved successfully. C:\Program Files\AVG => Moved successfully. C:\Users\savas.kyriakidis\Downloads\avg_remover_stf_x86_2014_4116.exe => Moved successfully. "C:\ProgramData\GlarySoft" => File/Directory not found. "C:\Users\savas.kyriakidis\AppData\Roaming\GlarySoft" => File/Directory not found. C:\Users\savas.kyriakidis\Documents\ProcAlyzer Dumps => Moved successfully. C:\ProgramData\SlimWare Utilities Inc => Moved successfully. C:\Users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc => Moved successfully. C:\Users\savas.kyriakidis\AppData\Local\Downloaded Installers => Moved successfully. C:\Program Files\DriverUpdate => Moved successfully. C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully. C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FCAFF07B-D3AC-4A0C-A6E2-6C23DFC270C9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCAFF07B-D3AC-4A0C-A6E2-6C23DFC270C9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B7983C11-5FD9-12B1-4EAA-DE223F2AD5D5}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C22BB22A-70B9-4AEA-B6E6-2234A457F078}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C22BB22A-70B9-4AEA-B6E6-2234A457F078}" => Key deleted successfully. C:\Windows\System32\Tasks\SlimCleaner Plus (Scheduled Scan - savas.kyriakidis) => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SlimCleaner Plus (Scheduled Scan - savas.kyriakidis)" => Key deleted successfully. "C:\Program Files\SlimCleaner Plus" => File/Directory not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C22BB22A-70B9-4AEA-B6E6-2234A457F078}" => Key not found. C:\Windows\System32\Tasks\SlimCleaner Plus (Scheduled Scan - savas.kyriakidis) not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SlimCleaner Plus (Scheduled Scan - savas.kyriakidis)" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{788B04FA-AA4F-4BCC-9AAE-A2881E7E64E6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{788B04FA-AA4F-4BCC-9AAE-A2881E7E64E6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{510F6543-BD19-48A5-9E5E-D5E371879760}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{510F6543-BD19-48A5-9E5E-D5E371879760}" => Key deleted successfully. C:\Windows\System32\Tasks\AVG\PC Tuneup 2011\Integrator\Start On Rita Logon => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG\PC Tuneup 2011\Integrator\Start On Rita Logon" => Key deleted successfully. "C:\Program Files\AVG" => File/Directory not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{510F6543-BD19-48A5-9E5E-D5E371879760}" => Key not found. C:\Windows\System32\Tasks\AVG\PC Tuneup 2011\Integrator\Start On Rita Logon not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG\PC Tuneup 2011\Integrator\Start On Rita Logon" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30B9F70E-3CAE-49C3-9D96-BE89B7AA59AB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30B9F70E-3CAE-49C3-9D96-BE89B7AA59AB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Time Trigger Test Task" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2343967C-C69F-44DE-8AA3-E9113A3466E5}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2343967C-C69F-44DE-8AA3-E9113A3466E5}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 754758581" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1D455FF0-01E6-438C-A9D6-27C72AC03552}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D455FF0-01E6-438C-A9D6-27C72AC03552}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer" => Key deleted successfully. ========= netsh winsock reset ========= Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003 Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= EmptyTemp: => Removed 200 MB temporary data. The system needed a reboot. ==== End of Fixlog ====
  8. Addition Additional scan result of Farbar Recovery Scan Tool (x86) Version:23-08-2014Ran by savas.kyriakidis at 2014-08-27 10:58:04Running from F:\Boot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)32 Bit HP CIO Components Installer (Version: 3.1.1 - Hewlett-Packard) Hidden6500_E709_eDocs (Version: 1.00.0000 - Hewlett-Packard) Hidden6500_E709_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden6500_E709a (Version: 50.0.165.000 - Hewlett-Packard) HiddenAcrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) HiddenActivClient CAC x86 (HKLM\...\{1BE8806A-84F8-4655-A381-0D5524430944}) (Version: 6.2 - ActivIdentity)Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated) HiddenAdobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)Adobe Reader X (10.1.2) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)Any Video Converter 3.0.1 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.007.0731.2233 - )avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)bpd_scan (Version: 3.00.0000 - Hewlett-Packard) HiddenBPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) HiddenBPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) HiddenBrowser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)BufferChm (Version: 120.0.194.000 - Hewlett-Packard) HiddenCatalyst Control Center Core Implementation (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Full Existing (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Full New (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Light (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Previews Common (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Previews Vista (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Chinese Standard (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Chinese Traditional (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization French (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization German (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Hungarian (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Italian (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Japanese (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Korean (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Polish (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Portuguese (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Spanish (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Thai (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Turkish (Version: 2007.0731.2234.38497 - ATI) HiddenCCC Help Chinese Standard (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Chinese Traditional (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help English (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help French (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help German (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Hungarian (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Italian (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Japanese (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Korean (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Polish (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Portuguese (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Spanish (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Thai (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Turkish (Version: 2007.0731.2233.38497 - ATI) Hiddenccc-core-static (Version: 2007.0731.2234.38497 - ATI) Hiddenccc-utility (Version: 2007.0731.2234.38497 - ATI) HiddenCCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)Dell Best of Web (HKLM\...\{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}) (Version: 1.00.0000 - Dell)Dell DataSafe Online (HKLM\...\{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}) (Version: 1.0.21 - Dell, Inc.)Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)Destination Component (Version: 110.0.0.0 - Hewlett-Packard) HiddenDeviceDiscovery (Version: 120.0.194.000 - Hewlett-Packard) HiddenDocMgr (Version: 120.0.000.000 - Hewlett-Packard) HiddenDocProc (Version: 12.0.0.0 - Hewlett-Packard) HiddenEDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )Fax (Version: 120.0.194.000 - Hewlett-Packard) HiddenFeedback Tool (HKLM\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)GPBaseService2 (Version: 120.0.194.000 - Hewlett-Packard) HiddenHP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)HP Officejet 6500 E709 Series (HKLM\...\{FA0F0A01-4631-4161-A6C2-948BF694382E}) (Version: 12.0 - HP)HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)HPProductAssistant (Version: 120.0.194.000 - Hewlett-Packard) HiddenHPSSupply (Version: 120.0.194.000 - Hewlett-Packard) HiddenHTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)iLumina Gold Starter Edition (HKLM\...\iLuminaStarter) (Version: 2.1 - Tyndale House Publishers, Inc)iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)Java 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)join.me (HKCU\...\JoinMe) (Version: 1.15.0.136 - LogMeIn, Inc.)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)MarketResearch (Version: 120.0.226.000 - Hewlett-Packard) HiddenMediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 2 (SP2) (Version: - Microsoft) HiddenMicrosoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 2 (SP2) (Version: - Microsoft) HiddenMicrosoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)Network (Version: 120.0.194.000 - Hewlett-Packard) HiddenOCR Software by I.R.I.S. 12.0 (HKLM\...\HPOCR) (Version: 12.0 - HP)PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.2.00.03250 - Sony Corporation)ProductContext (Version: 50.0.165.000 - Hewlett-Packard) HiddenQuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )Roxio Creator Audio (Version: 3.7.0 - Roxio) HiddenRoxio Creator Copy (Version: 3.7.0 - Roxio) HiddenRoxio Creator Data (Version: 3.7.0 - Roxio) HiddenRoxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)Roxio Creator DE (Version: 3.7.0 - Roxio) HiddenRoxio Creator Tools (Version: 3.7.0 - Roxio) HiddenRoxio Express Labeler 3 (Version: 3.2.1 - Roxio) HiddenRoxio Update Manager (Version: 6.0.0 - Roxio) HiddenSAMSUNG USB Driver for Mobile Phones V5.16.0.0 (HKLM\...\{C0C1D2BC-72FE-4F77-A2F9-CD10D5AA8F93}) (Version: 1.2.2200.0 - SAMSUNG Electronics CO., LTD.)SamsungSimpleDL_lite (HKLM\...\InstallShield_{B8421085-B02A-4A50-9FAE-D7DF1593E1AD}) (Version: 1.0.025 - Your Company Name)SamsungSimpleDL_lite (Version: 1.0.025 - Your Company Name) HiddenScan (Version: 12.0.0.0 - Hewlett-Packard) HiddenShop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)Skins (Version: 2007.0731.2234.38497 - ATI) HiddenSmartWebPrinting (Version: 120.0.194.000 - Hewlett-Packard) HiddenSolutionCenter (Version: 120.0.194.000 - Hewlett-Packard) HiddenSpelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)Status (Version: 120.0.194.000 - Hewlett-Packard) HiddenTeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)Toolbox (Version: 120.0.194.000 - Hewlett-Packard) HiddenTransporter (HKLM\...\{A38A6AFE-38BA-4448-B489-6045E0796503}) (Version: 3.1.1 - Winkflash)TrayApp (Version: 120.0.194.000 - Hewlett-Packard) HiddenUnloadSupport (Version: 11.0.0 - Hewlett-Packard) HiddenUpdate for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B7873DF5-9E1C-45EE-8895-D29C6AE01202}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C20964A7-5181-45E5-9E82-72F5D400DEBF}) (Version: - Microsoft)Update for Microsoft Office 2007 System (KB2539530) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version: - Microsoft)Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{567103D1-96CD-4B76-93B9-2681A187DEFF}) (Version: - Microsoft)Update for Microsoft Office OneNote 2007 (KB980729) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}) (Version: - Microsoft)Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)Walmart MP3 Music Downloads (HKLM\...\Walmart MP3 Music Downloads) (Version: 1.5.0.7 - Walmart.com)WebReg (Version: 120.0.194.000 - Hewlett-Packard) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 04-08-2014 04:00:03 Scheduled Checkpoint07-08-2014 22:48:19 Scheduled Checkpoint11-08-2014 02:11:41 Scheduled Checkpoint11-08-2014 15:01:42 Scheduled Checkpoint12-08-2014 10:45:08 Scheduled Checkpoint14-08-2014 02:36:25 Scheduled Checkpoint14-08-2014 21:59:38 Tuneup Pro Thu, Aug 14, 14 17:5914-08-2014 23:31:34 Advanced-System Protector15-08-2014 23:47:04 Removed SofTest16-08-2014 13:18:06 Removed DriverUpdate16-08-2014 13:29:10 Removed HTC Sync.16-08-2014 13:44:46 Removed HTC Sync.16-08-2014 14:02:17 Removed HTC BMP USB Driver.16-08-2014 16:47:50 Advanced-System Protector16-08-2014 21:58:06 Installed AVG 201416-08-2014 22:11:41 Removed SlimCleaner Plus16-08-2014 22:14:50 Removed HTC Driver Installer.17-08-2014 19:56:09 Installed AVG 201417-08-2014 19:59:04 Installed AVG 201417-08-2014 20:03:04 Removed AVG 201417-08-2014 20:04:51 Installed AVG 201117-08-2014 21:08:16 Installed AVG 201417-08-2014 21:16:20 Installed AVG 201417-08-2014 21:24:43 Removed AVG 201417-08-2014 21:26:10 Installed AVG 201119-08-2014 21:04:48 Advanced-System Protector21-08-2014 01:40:12 Advanced-System Protector23-08-2014 20:47:11 Checkpoint by HitmanPro26-08-2014 12:19:57 Removed AVG 201126-08-2014 12:22:43 Removed AVG 201127-08-2014 04:00:00 Scheduled Checkpoint27-08-2014 13:28:23 Removed AVG 201127-08-2014 14:51:04 avast! antivirus system restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-08-23 14:19 - 2014-08-26 09:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0821BB22-0238-4066-B790-B68CCD3016F9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-27] (AVAST Software)Task: {1899DF80-FF95-4C6F-B87A-DB0FDFCF4313} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - savas.kyriakidis => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {1D455FF0-01E6-438C-A9D6-27C72AC03552} - \PC Performer No Task File <==== ATTENTIONTask: {219889BA-90E3-4298-B815-4C452D260575} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exeTask: {2343967C-C69F-44DE-8AA3-E9113A3466E5} - \Security Center Update - 754758581 No Task File <==== ATTENTIONTask: {239D58F4-E8C7-48B2-A92C-0C20674542F1} - System32\Tasks\The Bluetooth service discovery => C:\Windows\system32\Drivers\blds.exeTask: {29F51FCF-C86F-4A73-A53D-79BCBC7A3C26} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)Task: {2BA5B600-850D-4223-A601-8879523AF452} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)Task: {30B9F70E-3CAE-49C3-9D96-BE89B7AA59AB} - \Time Trigger Test Task No Task File <==== ATTENTIONTask: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {3844EB23-D7D9-42B5-8061-C5A6B5F42FE0} - System32\Tasks\DriverUpdate Daily Scan => C:\Program Files\DriverUpdate\DriverUpdate.exeTask: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)Task: {44E2A9D0-91BC-474D-8776-1068F7A8A6C6} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exeTask: {4512337B-4691-4F43-9FBB-0095C346DDE6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {510F6543-BD19-48A5-9E5E-D5E371879760} - System32\Tasks\AVG\PC Tuneup 2011\Integrator\Start On Rita Logon => C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exeTask: {788B04FA-AA4F-4BCC-9AAE-A2881E7E64E6} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTIONTask: {C22BB22A-70B9-4AEA-B6E6-2234A457F078} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - savas.kyriakidis) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exeTask: {DD48E073-3A6C-4D31-8602-D1B57F4180B5} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe [2008-03-06] (Realtek)Task: {E14F36AE-800F-4A81-94F3-BFD7740E1952} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()Task: {FCAFF07B-D3AC-4A0C-A6E2-6C23DFC270C9} - \{B7983C11-5FD9-12B1-4EAA-DE223F2AD5D5} No Task File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe ==================== Loaded Modules (whitelisted) ============= 2008-08-06 15:17 - 2007-08-20 01:08 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll2011-10-13 03:28 - 2011-10-13 03:28 - 00223744 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\5d71f5ae06ea0338fa4e266ac77cf988\VistaBridgeLibrary.ni.dll2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll2012-05-16 21:52 - 2011-01-04 15:34 - 04545024 _____ () C:\Program Files\NETGEAR\WNA1100\WNA1100.exe2012-05-16 21:52 - 2009-08-28 16:50 - 00282624 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll2014-08-27 10:53 - 2014-08-27 10:53 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-08-27 10:53 - 2014-08-27 10:53 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Microsoft 6to4 Adapter #2Description: Microsoft 6to4 AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet 1022nDescription: HP LaserJet 1022nClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Deskjet 6940 seriesDescription: Deskjet 6940 seriesClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: hp LaserJet 2420Description: hp LaserJet 2420Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Deskjet 6980 seriesDescription: Deskjet 6980 seriesClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Deskjet 6980 seriesDescription: Deskjet 6980 seriesClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet P2035nDescription: HP LaserJet P2035nClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet CP1025nwDescription: HP LaserJet CP1025nwClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP Color LaserJet CP2025dnDescription: HP Color LaserJet CP2025dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet P2035nDescription: HP LaserJet P2035nClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet 200 color M251nwDescription: HP LaserJet 200 color M251nwClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP Color LaserJet CP2025dnDescription: HP Color LaserJet CP2025dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: hp LaserJet 1300Description: hp LaserJet 1300Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: hp LaserJet 1300Description: hp LaserJet 1300Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet CP1525nwDescription: HP LaserJet CP1525nwClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: hp LaserJet 1300Description: hp LaserJet 1300Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet M1536dnf MFPDescription: HP LaserJet M1536dnf MFPClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet P2055dnDescription: HP LaserJet P2055dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet P2035nDescription: HP LaserJet P2035nClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: hp color LaserJet 4650Description: hp color LaserJet 4650Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet 400 M401dneDescription: HP LaserJet 400 M401dneClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet P2055dnDescription: HP LaserJet P2055dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Deskjet 6980 seriesDescription: Deskjet 6980 seriesClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (08/27/2014 10:50:59 AM) (Source: VSS) (EventID: 8194) (User: )Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {3f5e2f72-1c1d-4100-813d-a6324b86f683} Error: (08/27/2014 10:47:29 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/27/2014 10:39:15 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/27/2014 09:32:53 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/26/2014 02:05:12 PM) (Source: Perflib) (EventID: 1010) (User: )Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (08/26/2014 09:27:53 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/26/2014 08:25:49 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application iexplore.exe, version 0.0.0.0, time stamp 0x4e06cfe8, faulting module iexplore.exe, version 0.0.0.0, time stamp 0x4e06cfe8, exception code 0x40000015, fault offset 0x0008d1c0,process id 0x17d4, application start time 0xiexplore.exe0. Error: (08/26/2014 08:02:57 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\TEMP\SCOPED_DIR_2584_29457\CRX_INSTALL\_LOCALES\ES_419\MESSAGES.JSON> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/26/2014 08:02:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\WEB DATA> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/26/2014 08:02:26 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\INDEX> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) System errors:=============Error: (08/27/2014 10:48:29 AM) (Source: Service Control Manager) (EventID: 7024) (User: )Description: KtmRm for Distributed Transaction Coordinator2147942438 (0x80070026) Error: (08/27/2014 10:40:41 AM) (Source: Service Control Manager) (EventID: 7024) (User: )Description: KtmRm for Distributed Transaction Coordinator2147942438 (0x80070026) Error: (08/27/2014 10:39:16 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: AVGIDSDriverAVGIDSShim Error: (08/27/2014 10:39:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: AVGIDSAgentAVGIDSDriver%%31 Error: (08/27/2014 10:38:09 AM) (Source: Dhcp) (EventID: 1002) (User: )Description: The IP address lease 192.168.2.168 for the Network Card with network address 00219B005B31 has been denied by the DHCP server 192.168.37.10 (The DHCP Server sent a DHCPNACK message). Error: (08/27/2014 09:33:44 AM) (Source: Service Control Manager) (EventID: 7024) (User: )Description: KtmRm for Distributed Transaction Coordinator2147942438 (0x80070026) Error: (08/27/2014 09:32:53 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: AVGIDSDriverAVGIDSShim Error: (08/27/2014 09:32:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: AVGIDSAgentAVGIDSDriver%%31 Error: (08/26/2014 09:30:24 AM) (Source: Service Control Manager) (EventID: 7024) (User: )Description: KtmRm for Distributed Transaction Coordinator2147942438 (0x80070026) Error: (08/26/2014 09:27:53 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: AVGIDSDriverAVGIDSShim Microsoft Office Sessions:=========================Error: (08/14/2012 04:50:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 228 seconds with 60 seconds of active time. This session ended with a crash. Error: (12/21/2010 06:24:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 61 seconds with 60 seconds of active time. This session ended with a crash. Error: (10/09/2010 05:15:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/25/2010 00:21:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 60 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors:=================================== Date: 2014-08-27 10:57:56.553 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-27 10:57:56.407 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-27 10:57:56.265 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-27 10:57:56.111 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-27 10:57:55.823 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-27 10:57:55.690 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-27 10:57:55.553 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-27 10:57:55.408 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-26 14:19:44.053 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-26 14:19:43.932 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E4600 @ 2.40GHzPercentage of memory in use: 38%Total physical RAM: 3069.46 MBAvailable physical RAM: 1893.25 MBTotal Pagefile: 6373.2 MBAvailable Pagefile: 5221.76 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1902.3 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:450.71 GB) (Free:221.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:10.55 GB) NTFSDrive f: (CC) (Removable) (Total:1.92 GB) (Free:1.87 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 10000000)Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)Partition 3: (Active) - (Size=450.7 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 1.9 GB) (Disk ID: E79A82AA)Partition 1: (Active) - (Size=1.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  9. FRST Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-08-2014Ran by savas.kyriakidis (administrator) on SAVASKYRIAKI-PC on 27-08-2014 10:57:35Running from F:\Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SolarWinds) C:\Windows\dwrcs\DWRCST.EXE(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Microsoft Corporation) C:\Windows\ehome\ehtray.exe(Akamai Technologies, Inc.) C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe() C:\Program Files\NETGEAR\WNA1100\WNA1100.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe(Akamai Technologies, Inc.) C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-29] ( )HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4706304 2008-03-06] (Realtek Semiconductor)HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [132392 2008-01-14] (CyberLink Corp.)HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [599328 2010-03-24] (Sony Corporation)HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-03] (ActivIdentity)HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-03] (ActivIdentity)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)HKLM\...\Run: [DameWare MRC Agent] => C:\Windows\dwrcs\DWRCST.exe [379752 2012-11-02] (SolarWinds)HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-08-27] (AVAST Software)HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctMTIyNzA3NzAwOS1GSSsxLUZMMTArMS1ERFQrMC1UVUcrMy1MU0QrM (the data entry has 100 more characters). HKLM\...\Policies\Explorer: [useDefaultTile] 0HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [Akamai NetSession Interface] => C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-10-02] (Apple Inc.)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnkShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Metacafe.lnkShortcutTarget: Metacafe.lnk -> C:\$RECYCLE.BIN\S-1-5-21-3726736968-409882640-1958551794-1000\MetacafeAgent.exe (No File)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnkShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)Startup: C:\Users\savas.kyriakidis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\savas.kyriakidis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: 192.168.0.101:3128HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA02BBBD1D537CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usSearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.winkflash.com/photo/loaders/ImageUploader5.cabDPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabWinsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.0.10 192.168.0.9 FireFox:========FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-06]FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010-09-02]FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-27]FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 Chrome: =======CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-27] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-27] (AVAST Software)R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation)R2 dwmrcs; C:\Windows\dwrcs\DWRCS.EXE [705384 2012-11-02] (SolarWinds)R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [634880 2008-10-16] (Hewlett-Packard Co.) [File not signed]S3 jswpsapi; C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe [960992 2010-03-22] (Atheros Communications, Inc.)R2 lxbl_device; C:\Windows\system32\lxblcoms.exe [537520 2007-04-20] ( )R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]R2 WSWNA1100; C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-27] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-27] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-27] (AVAST Software)S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-27] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-27] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-27] (AVAST Software)R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-27] (AVAST Software)R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-27] ()S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1439744 2010-10-10] (Atheros Communications, Inc.)S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-03-06] (Windows ® Codename Longhorn DDK provider)R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-08-02] (Apple, Inc.) [File not signed]U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S1 MpKslb9ee2848; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFB5F758-88DD-40A2-8570-9299F94880E8}\MpKslb9ee2848.sys [X]S1 MpKslbb89cfa8; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A306A4ED-0116-4B29-AE29-DC65EC41A044}\MpKslbb89cfa8.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-27 10:55 - 2014-08-27 10:55 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\AVAST Software2014-08-27 10:54 - 2014-08-27 10:54 - 00001875 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk2014-08-27 10:54 - 2014-08-27 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast2014-08-27 10:53 - 2014-08-27 10:54 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys2014-08-27 10:53 - 2014-08-27 10:53 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys2014-08-27 10:53 - 2014-08-27 10:53 - 00414392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.14091512502602014-08-27 10:53 - 2014-08-27 10:53 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-08-27 10:53 - 2014-08-27 10:53 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-08-27 10:53 - 2014-08-27 10:53 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-08-27 10:53 - 2014-08-27 10:53 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys2014-08-27 10:53 - 2014-08-27 10:53 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys2014-08-27 10:53 - 2014-08-27 10:53 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-08-27 10:53 - 2014-08-27 10:53 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-08-27 10:53 - 2014-08-27 10:53 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys2014-08-27 10:51 - 2014-08-27 10:51 - 00000000 ____D () C:\Program Files\AVAST Software2014-08-27 10:41 - 2014-08-27 10:46 - 00599660 _____ () C:\Users\savas.kyriakidis\Downloads\avgremover.log2014-08-27 10:41 - 2014-08-27 10:41 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\savas.kyriakidis\Downloads\avg_remover_stf_x86_2014_4116.exe2014-08-27 10:14 - 2014-08-27 10:14 - 00000916 _____ () C:\Users\savas.kyriakidis\Desktop\join.me.lnk2014-08-27 10:14 - 2014-08-27 10:14 - 00000916 _____ () C:\Users\savas.kyriakidis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk2014-08-27 10:14 - 2014-08-27 10:14 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\LogMeIn2014-08-27 10:14 - 2014-08-27 10:14 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\join.me2014-08-27 10:14 - 2014-08-27 10:14 - 00000000 ____D () C:\ProgramData\LogMeIn2014-08-27 10:03 - 2014-08-27 10:03 - 00000969 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk2014-08-27 10:03 - 2014-08-27 10:03 - 00000000 ____D () C:\Program Files\TeamViewer2014-08-26 09:34 - 2014-08-26 09:34 - 00025347 _____ () C:\ComboFix.txt2014-08-26 09:26 - 2014-08-27 09:30 - 00008108 _____ () C:\Windows\system32\commonpub.log2014-08-26 09:26 - 2014-08-27 09:30 - 00006006 _____ () C:\Windows\system32\commonpriv.log2014-08-26 09:26 - 2014-08-27 09:29 - 01024722 _____ () C:\Windows\system32\commonpriv.log.12014-08-26 09:26 - 2014-08-26 09:26 - 00000000 _____ () C:\Windows\system32\commonpub.log.lock2014-08-26 09:26 - 2014-08-26 09:26 - 00000000 _____ () C:\Windows\system32\commonpriv.log.lock2014-08-25 16:22 - 2014-08-25 16:21 - 00001052 _____ () C:\Users\savas.kyriakidis\Desktop\JRT.txt2014-08-23 16:54 - 2014-08-27 10:57 - 00000000 ____D () C:\FRST2014-08-23 16:30 - 2014-08-25 09:35 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-23 16:30 - 2014-08-25 08:26 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-08-23 16:30 - 2014-08-25 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-08-23 16:30 - 2014-08-25 08:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-08-23 16:30 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-08-23 16:30 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-08-23 16:30 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-08-23 12:25 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe2014-08-23 12:25 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe2014-08-23 12:25 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe2014-08-23 12:12 - 2014-08-23 12:12 - 00007836 _____ () C:\Users\savas.kyriakidis\Desktop\reg.txt2014-08-23 12:03 - 2014-08-23 12:03 - 00009362 _____ () C:\Users\savas.kyriakidis\Desktop\safer.txt2014-08-23 11:51 - 2014-08-25 17:03 - 00000000 ____D () C:\AdwCleaner2014-08-23 11:42 - 2014-08-23 11:42 - 00000000 ____D () C:\Windows\ERUNT2014-08-22 17:06 - 2013-09-04 14:57 - 00024040 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys2014-08-22 17:06 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys2014-08-22 17:05 - 2014-08-22 21:40 - 00000000 ____D () C:\VIPRERESCUE2014-08-22 17:05 - 2014-08-22 17:05 - 00000000 ____D () C:\EEK2014-08-22 16:12 - 2014-08-27 10:46 - 00046834 _____ () C:\Windows\PFRO.log2014-08-22 15:52 - 2014-08-26 09:34 - 00000000 ____D () C:\Qoobox2014-08-22 14:32 - 2014-08-22 14:32 - 00000000 ____D () C:\Users\savas.kyriakidis\Documents\ProcAlyzer Dumps2014-08-22 14:00 - 2014-08-23 16:48 - 00000000 ____D () C:\ProgramData\HitmanPro2014-08-22 13:41 - 2014-08-22 13:54 - 00000000 ____D () C:\Windows\dwrcs2014-08-22 13:41 - 2014-08-22 13:41 - 00000000 ____D () C:\ProgramData\DameWare Development2014-08-22 13:25 - 2014-08-27 10:38 - 00001598 _____ () C:\Windows\setupact.log2014-08-22 13:25 - 2014-08-22 13:25 - 00000000 _____ () C:\Windows\setuperr.log2014-08-20 19:17 - 2014-08-20 19:17 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll2014-08-20 18:46 - 2014-08-20 18:46 - 00000666 _____ () C:\Toolbars.dat2014-08-20 18:12 - 2014-08-19 18:12 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys2014-08-19 23:07 - 2014-08-27 09:44 - 00000000 ____D () C:\ProgramData\GlarySoft2014-08-17 16:29 - 2014-08-17 16:29 - 04763288 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4745.exe2014-08-17 15:54 - 2014-08-17 15:54 - 04462440 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe2014-08-16 17:04 - 2014-08-16 17:05 - 04755832 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_free_stb_all_2014_4744_cnet.exe2014-08-16 12:05 - 2014-08-16 12:05 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc2014-08-16 12:04 - 2014-08-16 12:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Downloaded Installers2014-08-15 20:57 - 2014-08-16 12:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc2014-08-15 20:56 - 2014-08-16 09:22 - 00000000 ____D () C:\Program Files\DriverUpdate2014-08-15 20:56 - 2014-08-15 20:56 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers2014-08-15 13:32 - 2014-08-15 13:32 - 06534584 _____ (Systweak Software ) C:\Users\savas.kyriakidis\Downloads\PCDiagnosisProTPSSetup.exe2014-08-15 13:23 - 2014-08-15 13:23 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (3).exe2014-08-15 13:12 - 2014-08-15 13:13 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (2).exe2014-08-15 13:11 - 2014-08-15 13:11 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (1).exe2014-08-15 13:04 - 2014-08-15 13:21 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\TeamViewer2014-08-15 13:02 - 2014-08-15 13:02 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en.exe2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803173445318587.exe2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803172000784607.exe2014-08-15 11:12 - 2014-08-15 11:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-08-15 11:11 - 2014-08-15 11:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012.exe2014-08-14 19:24 - 2014-08-14 19:24 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled2014-08-14 18:19 - 2014-08-27 09:44 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\GlarySoft2014-08-14 18:19 - 2014-08-23 11:16 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\DiskDefrag2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (5).exe2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (4).exe2014-08-14 18:15 - 2014-08-14 18:16 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (3).exe2014-08-14 18:15 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (2).exe2014-08-14 18:14 - 2014-08-14 18:14 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (1).exe2014-08-14 18:13 - 2014-08-14 18:13 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup.exe2014-08-14 17:37 - 2014-08-14 17:40 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809374825884190.exe2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809372042763201.exe2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809371092783465.exe2014-08-13 21:31 - 2014-08-13 21:31 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-08-13 21:31 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-08-13 21:28 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-08-13 21:28 - 2014-08-13 21:28 - 00000000 ____D () C:\Program Files\iPod2014-08-13 20:51 - 2014-08-13 20:52 - 00000000 ____D () C:\Program Files\QuickTime2014-08-13 20:51 - 2014-08-13 20:51 - 00001728 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-08-13 20:51 - 2014-08-13 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-08-12 21:20 - 2014-08-12 21:20 - 00000000 ____D () C:\ProgramData\WindowsSearch ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-27 10:57 - 2014-08-23 16:54 - 00000000 ____D () C:\FRST2014-08-27 10:55 - 2014-08-27 10:55 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\AVAST Software2014-08-27 10:54 - 2014-08-27 10:54 - 00001875 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk2014-08-27 10:54 - 2014-08-27 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast2014-08-27 10:54 - 2014-08-27 10:53 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys2014-08-27 10:53 - 2014-08-27 10:53 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys2014-08-27 10:53 - 2014-08-27 10:53 - 00414392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.14091512502602014-08-27 10:53 - 2014-08-27 10:53 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-08-27 10:53 - 2014-08-27 10:53 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-08-27 10:53 - 2014-08-27 10:53 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-08-27 10:53 - 2014-08-27 10:53 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys2014-08-27 10:53 - 2014-08-27 10:53 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys2014-08-27 10:53 - 2014-08-27 10:53 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-08-27 10:53 - 2014-08-27 10:53 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-08-27 10:53 - 2014-08-27 10:53 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys2014-08-27 10:51 - 2014-08-27 10:51 - 00000000 ____D () C:\Program Files\AVAST Software2014-08-27 10:49 - 2014-07-18 00:39 - 02083143 _____ () C:\Windows\WindowsUpdate.log2014-08-27 10:46 - 2014-08-27 10:41 - 00599660 _____ () C:\Users\savas.kyriakidis\Downloads\avgremover.log2014-08-27 10:46 - 2014-08-22 16:12 - 00046834 _____ () C:\Windows\PFRO.log2014-08-27 10:46 - 2008-08-06 12:35 - 00000276 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job2014-08-27 10:46 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-27 10:46 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-08-27 10:46 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-08-27 10:44 - 2011-07-10 19:25 - 00000000 ____D () C:\Program Files\AVG2014-08-27 10:44 - 2006-11-02 09:01 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-08-27 10:42 - 2006-11-02 06:33 - 00690960 _____ () C:\Windows\system32\PerfStringBackup.INI2014-08-27 10:41 - 2014-08-27 10:41 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\savas.kyriakidis\Downloads\avg_remover_stf_x86_2014_4116.exe2014-08-27 10:38 - 2014-08-22 13:25 - 00001598 _____ () C:\Windows\setupact.log2014-08-27 10:17 - 2011-12-22 18:52 - 00001356 _____ () C:\Users\savas.kyriakidis\AppData\Local\d3d9caps.dat2014-08-27 10:14 - 2014-08-27 10:14 - 00000916 _____ () C:\Users\savas.kyriakidis\Desktop\join.me.lnk2014-08-27 10:14 - 2014-08-27 10:14 - 00000916 _____ () C:\Users\savas.kyriakidis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk2014-08-27 10:14 - 2014-08-27 10:14 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\LogMeIn2014-08-27 10:14 - 2014-08-27 10:14 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\join.me2014-08-27 10:14 - 2014-08-27 10:14 - 00000000 ____D () C:\ProgramData\LogMeIn2014-08-27 10:11 - 2011-03-06 00:06 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Deployment2014-08-27 10:09 - 2011-03-06 00:06 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Apps\2.02014-08-27 10:03 - 2014-08-27 10:03 - 00000969 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk2014-08-27 10:03 - 2014-08-27 10:03 - 00000000 ____D () C:\Program Files\TeamViewer2014-08-27 09:44 - 2014-08-19 23:07 - 00000000 ____D () C:\ProgramData\GlarySoft2014-08-27 09:44 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\GlarySoft2014-08-27 09:30 - 2014-08-26 09:26 - 00008108 _____ () C:\Windows\system32\commonpub.log2014-08-27 09:30 - 2014-08-26 09:26 - 00006006 _____ () C:\Windows\system32\commonpriv.log2014-08-27 09:29 - 2014-08-26 09:26 - 01024722 _____ () C:\Windows\system32\commonpriv.log.12014-08-26 09:34 - 2014-08-26 09:34 - 00025347 _____ () C:\ComboFix.txt2014-08-26 09:34 - 2014-08-22 15:52 - 00000000 ____D () C:\Qoobox2014-08-26 09:29 - 2006-11-02 06:23 - 00000215 _____ () C:\Windows\system.ini2014-08-26 09:26 - 2014-08-26 09:26 - 00000000 _____ () C:\Windows\system32\commonpub.log.lock2014-08-26 09:26 - 2014-08-26 09:26 - 00000000 _____ () C:\Windows\system32\commonpriv.log.lock2014-08-26 08:38 - 2006-11-02 06:22 - 43515904 _____ () C:\Windows\system32\config\software.bak2014-08-26 08:38 - 2006-11-02 06:22 - 35389440 _____ () C:\Windows\system32\config\COMPON~3.bak2014-08-26 08:38 - 2006-11-02 06:22 - 21757952 _____ () C:\Windows\system32\config\system.bak2014-08-26 08:38 - 2006-11-02 06:22 - 01048576 _____ () C:\Windows\system32\config\default.bak2014-08-26 08:38 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\security.bak2014-08-26 08:38 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak2014-08-26 08:37 - 2011-12-29 11:34 - 00000000 ____D () C:\Windows\ERDNT2014-08-26 08:25 - 2011-02-13 09:42 - 00001945 _____ () C:\Windows\epplauncher.mif2014-08-26 08:23 - 2006-11-02 07:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy2014-08-25 17:03 - 2014-08-23 11:51 - 00000000 ____D () C:\AdwCleaner2014-08-25 16:21 - 2014-08-25 16:22 - 00001052 _____ () C:\Users\savas.kyriakidis\Desktop\JRT.txt2014-08-25 09:54 - 2011-03-06 00:06 - 00047104 _____ () C:\Users\savas.kyriakidis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-08-25 09:35 - 2014-08-23 16:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-25 09:16 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system2014-08-25 08:26 - 2014-08-23 16:30 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-08-25 08:26 - 2014-08-23 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-08-25 08:26 - 2014-08-23 16:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-08-23 16:48 - 2014-08-22 14:00 - 00000000 ____D () C:\ProgramData\HitmanPro2014-08-23 16:30 - 2011-03-14 18:46 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-08-23 14:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\schemas2014-08-23 14:32 - 2011-03-14 18:43 - 00000000 ____D () C:\Windows\pss2014-08-23 14:22 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public2014-08-23 14:09 - 2011-03-06 00:06 - 00000000 ____D () C:\Users\savas.kyriakidis2014-08-23 14:09 - 2011-02-10 21:08 - 00000000 ____D () C:\Users\Rita2014-08-23 12:12 - 2014-08-23 12:12 - 00007836 _____ () C:\Users\savas.kyriakidis\Desktop\reg.txt2014-08-23 12:03 - 2014-08-23 12:03 - 00009362 _____ () C:\Users\savas.kyriakidis\Desktop\safer.txt2014-08-23 11:42 - 2014-08-23 11:42 - 00000000 ____D () C:\Windows\ERUNT2014-08-23 11:16 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\DiskDefrag2014-08-22 21:40 - 2014-08-22 17:05 - 00000000 ____D () C:\VIPRERESCUE2014-08-22 17:13 - 2012-05-16 21:52 - 00000000 ____D () C:\temp2014-08-22 17:05 - 2014-08-22 17:05 - 00000000 ____D () C:\EEK2014-08-22 14:32 - 2014-08-22 14:32 - 00000000 ____D () C:\Users\savas.kyriakidis\Documents\ProcAlyzer Dumps2014-08-22 14:15 - 2011-12-22 20:05 - 00000000 ____D () C:\ProgramData\AVAST Software2014-08-22 13:54 - 2014-08-22 13:41 - 00000000 ____D () C:\Windows\dwrcs2014-08-22 13:41 - 2014-08-22 13:41 - 00000000 ____D () C:\ProgramData\DameWare Development2014-08-22 13:25 - 2014-08-22 13:25 - 00000000 _____ () C:\Windows\setuperr.log2014-08-21 00:06 - 2011-03-06 00:06 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Google2014-08-20 23:39 - 2008-08-06 12:41 - 00000000 ____D () C:\Program Files\Google2014-08-20 20:00 - 2009-06-10 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark Z700-P700 Series2014-08-20 19:17 - 2014-08-20 19:17 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll2014-08-20 18:46 - 2014-08-20 18:46 - 00000666 _____ () C:\Toolbars.dat2014-08-19 18:12 - 2014-08-20 18:12 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys2014-08-17 16:29 - 2014-08-17 16:29 - 04763288 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4745.exe2014-08-17 15:54 - 2014-08-17 15:54 - 04462440 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe2014-08-16 17:05 - 2014-08-16 17:04 - 04755832 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_free_stb_all_2014_4744_cnet.exe2014-08-16 12:05 - 2014-08-16 12:05 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc2014-08-16 12:05 - 2014-08-15 20:57 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc2014-08-16 12:04 - 2014-08-16 12:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Downloaded Installers2014-08-16 10:06 - 2012-10-02 18:32 - 00000000 ____D () C:\Program Files\HTC2014-08-16 09:27 - 2008-08-06 12:49 - 00000000 ____D () C:\Program Files\Citrix2014-08-16 09:22 - 2014-08-15 20:56 - 00000000 ____D () C:\Program Files\DriverUpdate2014-08-15 20:56 - 2014-08-15 20:56 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers2014-08-15 20:41 - 2012-10-02 18:45 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Htc2014-08-15 19:55 - 2008-08-06 12:37 - 00000000 ____D () C:\Program Files\Microsoft Office2014-08-15 17:56 - 2006-11-02 08:47 - 00267048 _____ () C:\Windows\system32\FNTCACHE.DAT2014-08-15 13:32 - 2014-08-15 13:32 - 06534584 _____ (Systweak Software ) C:\Users\savas.kyriakidis\Downloads\PCDiagnosisProTPSSetup.exe2014-08-15 13:26 - 2011-06-17 17:39 - 00058896 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT2014-08-15 13:23 - 2014-08-15 13:23 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (3).exe2014-08-15 13:21 - 2014-08-15 13:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\TeamViewer2014-08-15 13:13 - 2014-08-15 13:12 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (2).exe2014-08-15 13:11 - 2014-08-15 13:11 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (1).exe2014-08-15 13:02 - 2014-08-15 13:02 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en.exe2014-08-15 13:01 - 2012-01-24 17:09 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\LogMeIn Rescue Applet2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803173445318587.exe2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803172000784607.exe2014-08-15 11:13 - 2014-08-15 11:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-08-15 11:12 - 2014-08-15 11:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012.exe2014-08-14 19:24 - 2014-08-14 19:24 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (5).exe2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (4).exe2014-08-14 18:16 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (3).exe2014-08-14 18:15 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (2).exe2014-08-14 18:14 - 2014-08-14 18:14 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (1).exe2014-08-14 18:13 - 2014-08-14 18:13 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup.exe2014-08-14 17:40 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809374825884190.exe2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809372042763201.exe2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809371092783465.exe2014-08-13 23:07 - 2013-06-10 19:17 - 00002463 _____ () C:\Users\Public\Desktop\Transporter.lnk2014-08-13 21:31 - 2014-08-13 21:31 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-08-13 21:31 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-08-13 21:31 - 2014-08-13 21:28 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-08-13 21:31 - 2011-12-24 11:26 - 00000000 ____D () C:\Program Files\iTunes2014-08-13 21:28 - 2014-08-13 21:28 - 00000000 ____D () C:\Program Files\iPod2014-08-13 21:28 - 2008-09-02 12:28 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-08-13 21:02 - 2008-09-02 12:28 - 00000000 ____D () C:\ProgramData\Apple2014-08-13 20:52 - 2014-08-13 20:51 - 00000000 ____D () C:\Program Files\QuickTime2014-08-13 20:51 - 2014-08-13 20:51 - 00001728 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-08-13 20:51 - 2014-08-13 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-08-13 20:41 - 2013-04-22 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud2014-08-13 20:18 - 2008-08-06 12:41 - 00000000 ____D () C:\ProgramData\Google2014-08-12 21:20 - 2014-08-12 21:20 - 00000000 ____D () C:\ProgramData\WindowsSearch2014-08-12 17:13 - 2011-08-28 07:57 - 00000000 ____D () C:\Users\savas.kyriakidis\Desktop\ALL Folders2014-08-12 17:09 - 2011-08-28 08:01 - 00000000 ____D () C:\Users\savas.kyriakidis\Desktop\Desk Top Stuff ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD, see Addition.txt for additional information. LastRegBack: 2014-08-27 10:57 ==================== End Of Log ============================
  10. AVG is out. Avast is in, and Glary is uninstalled. To be honest, I'm a little worried about the Glary thing. It is somehow getting installed on the computers at work, and I was a little suspicious of it when I first saw it on one of those PCs but guessed that one of my co-workers in IT decided to install it.
  11. Do you have a recommendation regarding the AV?
  12. Addition Additional scan result of Farbar Recovery Scan Tool (x86) Version:23-08-2014Ran by savas.kyriakidis at 2014-08-26 14:19:50Running from F:\Boot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG Internet Security 2011 (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}AS: AVG Internet Security 2011 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: AVG Firewall (Disabled) {621CC794-9486-F902-D092-0484E8EA828B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)32 Bit HP CIO Components Installer (Version: 3.1.1 - Hewlett-Packard) Hidden6500_E709_eDocs (Version: 1.00.0000 - Hewlett-Packard) Hidden6500_E709_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden6500_E709a (Version: 50.0.165.000 - Hewlett-Packard) HiddenAcrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) HiddenActivClient CAC x86 (HKLM\...\{1BE8806A-84F8-4655-A381-0D5524430944}) (Version: 6.2 - ActivIdentity)Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated) HiddenAdobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)Adobe Reader X (10.1.2) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)Any Video Converter 3.0.1 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.007.0731.2233 - )AVG 2011 (HKLM\...\AVG) (Version: 10.0.1416 - AVG Technologies)AVG 2011 (Version: 10.0.1388 - AVG Technologies) HiddenAVG 2011 (Version: 10.0.1390 - AVG Technologies) HiddenAVG 2011 (Version: 10.0.1391 - AVG Technologies) HiddenAVG 2011 (Version: 10.0.1392 - AVG Technologies) HiddenAVG 2011 (Version: 10.0.1410 - AVG Technologies) HiddenBonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)bpd_scan (Version: 3.00.0000 - Hewlett-Packard) HiddenBPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) HiddenBPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) HiddenBrowser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)BufferChm (Version: 120.0.194.000 - Hewlett-Packard) HiddenCatalyst Control Center Core Implementation (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Full Existing (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Full New (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Light (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Previews Common (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Previews Vista (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Chinese Standard (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Chinese Traditional (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization French (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization German (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Hungarian (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Italian (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Japanese (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Korean (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Polish (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Portuguese (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Spanish (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Thai (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Turkish (Version: 2007.0731.2234.38497 - ATI) HiddenCCC Help Chinese Standard (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Chinese Traditional (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help English (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help French (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help German (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Hungarian (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Italian (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Japanese (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Korean (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Polish (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Portuguese (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Spanish (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Thai (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Turkish (Version: 2007.0731.2233.38497 - ATI) Hiddenccc-core-static (Version: 2007.0731.2234.38497 - ATI) Hiddenccc-utility (Version: 2007.0731.2234.38497 - ATI) HiddenCCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)Dell Best of Web (HKLM\...\{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}) (Version: 1.00.0000 - Dell)Dell DataSafe Online (HKLM\...\{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}) (Version: 1.0.21 - Dell, Inc.)Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)Destination Component (Version: 110.0.0.0 - Hewlett-Packard) HiddenDeviceDiscovery (Version: 120.0.194.000 - Hewlett-Packard) HiddenDocMgr (Version: 120.0.000.000 - Hewlett-Packard) HiddenDocProc (Version: 12.0.0.0 - Hewlett-Packard) HiddenEDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )Fax (Version: 120.0.194.000 - Hewlett-Packard) HiddenFeedback Tool (HKLM\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)Glary Utilities 5.6 (HKLM\...\Glary Utilities 5) (Version: 5.6.0.13 - Glarysoft Ltd)GPBaseService2 (Version: 120.0.194.000 - Hewlett-Packard) HiddenHP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)HP Officejet 6500 E709 Series (HKLM\...\{FA0F0A01-4631-4161-A6C2-948BF694382E}) (Version: 12.0 - HP)HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)HPProductAssistant (Version: 120.0.194.000 - Hewlett-Packard) HiddenHPSSupply (Version: 120.0.194.000 - Hewlett-Packard) HiddenHTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)iLumina Gold Starter Edition (HKLM\...\iLuminaStarter) (Version: 2.1 - Tyndale House Publishers, Inc)iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)Java 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)MarketResearch (Version: 120.0.226.000 - Hewlett-Packard) HiddenMediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 2 (SP2) (Version: - Microsoft) HiddenMicrosoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 2 (SP2) (Version: - Microsoft) HiddenMicrosoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)Network (Version: 120.0.194.000 - Hewlett-Packard) HiddenOCR Software by I.R.I.S. 12.0 (HKLM\...\HPOCR) (Version: 12.0 - HP)PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.2.00.03250 - Sony Corporation)ProductContext (Version: 50.0.165.000 - Hewlett-Packard) HiddenQuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )Roxio Creator Audio (Version: 3.7.0 - Roxio) HiddenRoxio Creator Copy (Version: 3.7.0 - Roxio) HiddenRoxio Creator Data (Version: 3.7.0 - Roxio) HiddenRoxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)Roxio Creator DE (Version: 3.7.0 - Roxio) HiddenRoxio Creator Tools (Version: 3.7.0 - Roxio) HiddenRoxio Express Labeler 3 (Version: 3.2.1 - Roxio) HiddenRoxio Update Manager (Version: 6.0.0 - Roxio) HiddenSAMSUNG USB Driver for Mobile Phones V5.16.0.0 (HKLM\...\{C0C1D2BC-72FE-4F77-A2F9-CD10D5AA8F93}) (Version: 1.2.2200.0 - SAMSUNG Electronics CO., LTD.)SamsungSimpleDL_lite (HKLM\...\InstallShield_{B8421085-B02A-4A50-9FAE-D7DF1593E1AD}) (Version: 1.0.025 - Your Company Name)SamsungSimpleDL_lite (Version: 1.0.025 - Your Company Name) HiddenScan (Version: 12.0.0.0 - Hewlett-Packard) HiddenShop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)Skins (Version: 2007.0731.2234.38497 - ATI) HiddenSmartWebPrinting (Version: 120.0.194.000 - Hewlett-Packard) HiddenSolutionCenter (Version: 120.0.194.000 - Hewlett-Packard) HiddenSpelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)Status (Version: 120.0.194.000 - Hewlett-Packard) HiddenToolbox (Version: 120.0.194.000 - Hewlett-Packard) HiddenTransporter (HKLM\...\{A38A6AFE-38BA-4448-B489-6045E0796503}) (Version: 3.1.1 - Winkflash)TrayApp (Version: 120.0.194.000 - Hewlett-Packard) HiddenUnloadSupport (Version: 11.0.0 - Hewlett-Packard) HiddenUpdate for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B7873DF5-9E1C-45EE-8895-D29C6AE01202}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C20964A7-5181-45E5-9E82-72F5D400DEBF}) (Version: - Microsoft)Update for Microsoft Office 2007 System (KB2539530) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version: - Microsoft)Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{567103D1-96CD-4B76-93B9-2681A187DEFF}) (Version: - Microsoft)Update for Microsoft Office OneNote 2007 (KB980729) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}) (Version: - Microsoft)Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)Walmart MP3 Music Downloads (HKLM\...\Walmart MP3 Music Downloads) (Version: 1.5.0.7 - Walmart.com)WebReg (Version: 120.0.194.000 - Hewlett-Packard) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 29-07-2014 11:25:23 Scheduled Checkpoint30-07-2014 11:45:57 Scheduled Checkpoint01-08-2014 21:10:36 Scheduled Checkpoint02-08-2014 16:42:56 Scheduled Checkpoint04-08-2014 04:00:03 Scheduled Checkpoint07-08-2014 22:48:19 Scheduled Checkpoint11-08-2014 02:11:41 Scheduled Checkpoint11-08-2014 15:01:42 Scheduled Checkpoint12-08-2014 10:45:08 Scheduled Checkpoint14-08-2014 02:36:25 Scheduled Checkpoint14-08-2014 21:59:38 Tuneup Pro Thu, Aug 14, 14 17:5914-08-2014 23:31:34 Advanced-System Protector15-08-2014 23:47:04 Removed SofTest16-08-2014 13:18:06 Removed DriverUpdate16-08-2014 13:29:10 Removed HTC Sync.16-08-2014 13:44:46 Removed HTC Sync.16-08-2014 14:02:17 Removed HTC BMP USB Driver.16-08-2014 16:47:50 Advanced-System Protector16-08-2014 21:58:06 Installed AVG 201416-08-2014 22:11:41 Removed SlimCleaner Plus16-08-2014 22:14:50 Removed HTC Driver Installer.17-08-2014 19:56:09 Installed AVG 201417-08-2014 19:59:04 Installed AVG 201417-08-2014 20:03:04 Removed AVG 201417-08-2014 20:04:51 Installed AVG 201117-08-2014 21:08:16 Installed AVG 201417-08-2014 21:16:20 Installed AVG 201417-08-2014 21:24:43 Removed AVG 201417-08-2014 21:26:10 Installed AVG 201119-08-2014 21:04:48 Advanced-System Protector21-08-2014 01:40:12 Advanced-System Protector23-08-2014 20:47:11 Checkpoint by HitmanPro26-08-2014 12:19:57 Removed AVG 201126-08-2014 12:22:43 Removed AVG 2011 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-08-23 14:19 - 2014-08-26 09:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1899DF80-FF95-4C6F-B87A-DB0FDFCF4313} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - savas.kyriakidis => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {1D455FF0-01E6-438C-A9D6-27C72AC03552} - \PC Performer No Task File <==== ATTENTIONTask: {219889BA-90E3-4298-B815-4C452D260575} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exeTask: {2343967C-C69F-44DE-8AA3-E9113A3466E5} - \Security Center Update - 754758581 No Task File <==== ATTENTIONTask: {239D58F4-E8C7-48B2-A92C-0C20674542F1} - System32\Tasks\The Bluetooth service discovery => C:\Windows\system32\Drivers\blds.exeTask: {29F51FCF-C86F-4A73-A53D-79BCBC7A3C26} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)Task: {2BA5B600-850D-4223-A601-8879523AF452} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)Task: {30B9F70E-3CAE-49C3-9D96-BE89B7AA59AB} - \Time Trigger Test Task No Task File <==== ATTENTIONTask: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {3844EB23-D7D9-42B5-8061-C5A6B5F42FE0} - System32\Tasks\DriverUpdate Daily Scan => C:\Program Files\DriverUpdate\DriverUpdate.exeTask: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)Task: {44E2A9D0-91BC-474D-8776-1068F7A8A6C6} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exeTask: {4512337B-4691-4F43-9FBB-0095C346DDE6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {510F6543-BD19-48A5-9E5E-D5E371879760} - System32\Tasks\AVG\PC Tuneup 2011\Integrator\Start On Rita Logon => C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exeTask: {63809C38-FE18-4A88-92FF-44D0365CAFA2} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2014-08-17] (Glarysoft Ltd)Task: {788B04FA-AA4F-4BCC-9AAE-A2881E7E64E6} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTIONTask: {C22BB22A-70B9-4AEA-B6E6-2234A457F078} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - savas.kyriakidis) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exeTask: {DD48E073-3A6C-4D31-8602-D1B57F4180B5} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe [2008-03-06] (Realtek)Task: {E14F36AE-800F-4A81-94F3-BFD7740E1952} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()Task: {FCAFF07B-D3AC-4A0C-A6E2-6C23DFC270C9} - \{B7983C11-5FD9-12B1-4EAA-DE223F2AD5D5} No Task File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files\Glary Utilities 5\Initialize.exeTask: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe ==================== Loaded Modules (whitelisted) ============= 2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2012-03-23 14:25 - 2012-03-23 14:25 - 00087040 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe2012-05-16 21:52 - 2010-08-04 14:44 - 00266240 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe2012-05-16 21:52 - 2010-03-10 14:50 - 00360448 _____ () C:\Program Files\NETGEAR\WNA1100\WifiLib.dll2011-10-13 03:28 - 2011-10-13 03:28 - 00223744 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\5d71f5ae06ea0338fa4e266ac77cf988\VistaBridgeLibrary.ni.dll2014-08-17 21:06 - 2014-08-17 21:06 - 00080160 _____ () C:\Program Files\Glary Utilities 5\zlib1.dll2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll2012-05-16 21:52 - 2011-01-04 15:34 - 04545024 _____ () C:\Program Files\NETGEAR\WNA1100\WNA1100.exe2012-05-16 21:52 - 2009-08-28 16:50 - 00282624 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Microsoft 6to4 Adapter #2Description: Microsoft 6to4 AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver ==================== Event log errors: ========================= Application errors:==================Error: (08/26/2014 02:05:12 PM) (Source: Perflib) (EventID: 1010) (User: )Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (08/26/2014 09:27:53 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/26/2014 08:25:49 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application iexplore.exe, version 0.0.0.0, time stamp 0x4e06cfe8, faulting module iexplore.exe, version 0.0.0.0, time stamp 0x4e06cfe8, exception code 0x40000015, fault offset 0x0008d1c0,process id 0x17d4, application start time 0xiexplore.exe0. Error: (08/26/2014 08:02:57 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\TEMP\SCOPED_DIR_2584_29457\CRX_INSTALL\_LOCALES\ES_419\MESSAGES.JSON> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/26/2014 08:02:49 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\WEB DATA> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/26/2014 08:02:26 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\INDEX> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/26/2014 08:02:26 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_3> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/26/2014 08:02:26 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_2> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/26/2014 08:02:26 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_1> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/26/2014 08:02:26 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_0> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) System errors:=============Error: (08/26/2014 09:30:24 AM) (Source: Service Control Manager) (EventID: 7024) (User: )Description: KtmRm for Distributed Transaction Coordinator2147942438 (0x80070026) Error: (08/26/2014 09:27:53 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: AVGIDSDriverAVGIDSShim Error: (08/26/2014 09:27:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: AVGIDSAgentAVGIDSDriver%%31 Error: (08/26/2014 08:38:21 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)Description: C:\Windows\System32\bcmihvsrv.dll Error: (08/26/2014 08:38:21 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)Description: C:\Windows\System32\bcmihvsrv.dll Error: (08/26/2014 08:38:19 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)Description: C:\Windows\System32\bcmihvsrv.dll Error: (08/26/2014 08:38:07 AM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: PEVSystemStart Error: (08/26/2014 08:37:53 AM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: PEVSystemStart Error: (08/26/2014 08:31:40 AM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: PEVSystemStart Error: (08/26/2014 08:27:41 AM) (Source: Service Control Manager) (EventID: 7032) (User: )Description: 1Restart the serviceWindows Search%%1056 Microsoft Office Sessions:=========================Error: (08/14/2012 04:50:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 228 seconds with 60 seconds of active time. This session ended with a crash. Error: (12/21/2010 06:24:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 61 seconds with 60 seconds of active time. This session ended with a crash. Error: (10/09/2010 05:15:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/25/2010 00:21:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 60 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors:=================================== Date: 2014-08-26 14:19:44.053 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-26 14:19:43.932 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-26 14:19:43.818 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-26 14:19:43.702 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-26 14:19:43.480 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-26 14:19:43.364 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-26 14:19:43.231 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-26 14:19:43.107 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-26 14:19:30.293 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-26 14:19:30.170 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E4600 @ 2.40GHzPercentage of memory in use: 40%Total physical RAM: 3060.46 MBAvailable physical RAM: 1835.2 MBTotal Pagefile: 6351.2 MBAvailable Pagefile: 5287.46 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1907.12 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:450.71 GB) (Free:222.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:10.55 GB) NTFSDrive f: (CC) (Removable) (Total:1.92 GB) (Free:1.87 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 10000000)Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)Partition 3: (Active) - (Size=450.7 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 1.9 GB) (Disk ID: E79A82AA)Partition 1: (Active) - (Size=1.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ GMER GMER 2.1.19357 - http://www.gmer.netRootkit scan 2014-08-26 14:15:47Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500620AS rev.DE12 465.76GBRunning: b0x2w0jw.exe; Driver: C:\Users\SAVAS~1.KYR\AppData\Local\Temp\kxrdrkod.sys ---- Kernel code sections - GMER 2.1 ---- ? C:\ComboFix\catchme.sys The system cannot find the path specified. !? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. ! ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sysAttachedDevice \Driver\tdx \Device\Udp avgtdix.sysAttachedDevice \Driver\tdx \Device\RawIp avgtdix.sysAttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextDetectionTime 2014-08-26 17:34:02Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextSqmReportTime 2014-08-26 17:34:02 ---- EOF - GMER 2.1 ----
  13. FRST Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-08-2014Ran by savas.kyriakidis (administrator) on SAVASKYRIAKI-PC on 26-08-2014 14:19:28Running from F:\Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgfws.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(SolarWinds) C:\Windows\dwrcs\DWRCS.EXE( ) C:\Windows\System32\lxblcoms.exe() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe() C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgnsx.exe(SolarWinds) C:\Windows\dwrcs\DWRCST.EXE(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgtray.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Microsoft Corporation) C:\Windows\ehome\ehtray.exe(Akamai Technologies, Inc.) C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe() C:\Program Files\NETGEAR\WNA1100\WNA1100.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Akamai Technologies, Inc.) C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Microsoft Corporation) C:\Windows\System32\msiexec.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-29] ( )HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4706304 2008-03-06] (Realtek Semiconductor)HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [132392 2008-01-14] (CyberLink Corp.)HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [599328 2010-03-24] (Sony Corporation)HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG10\avgtray.exe [2338656 2011-09-10] (AVG Technologies CZ, s.r.o.)HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-03] (ActivIdentity)HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-03] (ActivIdentity)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)HKLM\...\Run: [DameWare MRC Agent] => C:\Windows\dwrcs\DWRCST.exe [379752 2012-11-02] (SolarWinds)HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctMTIyNzA3NzAwOS1GSSsxLUZMMTArMS1ERFQrMC1UVUcrMy1MU0QrM (the data entry has 100 more characters). HKLM\...\Policies\Explorer: [useDefaultTile] 0HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [Akamai NetSession Interface] => C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-10-02] (Apple Inc.)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [37152 2014-08-17] (Glarysoft Ltd)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnkShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Metacafe.lnkShortcutTarget: Metacafe.lnk -> C:\$RECYCLE.BIN\S-1-5-21-3726736968-409882640-1958551794-1000\MetacafeAgent.exe (No File)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnkShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)Startup: C:\Users\savas.kyriakidis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\savas.kyriakidis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)BootExecute: autocheck autochk * BootDefrag.exesasnative32 ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA02BBBD1D537CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usSearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.winkflash.com/photo/loaders/ImageUploader5.cabDPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 66.18.32.2 66.18.32.3 FireFox:========FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-06]FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010-09-02]FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox4 [2011-07-10]FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 Chrome: =======CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)R2 avgfws; C:\Program Files\AVG\AVG10\avgfws.exe [2708024 2011-03-09] (AVG Technologies CZ, s.r.o.)S2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7390560 2011-08-18] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation)R2 dwmrcs; C:\Windows\dwrcs\DWRCS.EXE [705384 2012-11-02] (SolarWinds)R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [634880 2008-10-16] (Hewlett-Packard Co.) [File not signed]S3 jswpsapi; C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe [960992 2010-03-22] (Atheros Communications, Inc.)R2 lxbl_device; C:\Windows\system32\lxblcoms.exe [537520 2007-04-20] ( )R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]R2 WSWNA1100; C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1439744 2010-10-10] (Atheros Communications, Inc.)R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [248656 2011-01-07] (AVG Technologies CZ, s.r.o.)R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-05] (AVG Technologies CZ, s.r.o.)R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [16064 2014-07-18] (Glarysoft Ltd)S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17216 2014-08-14] (Glarysoft Ltd)R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-03-06] (Windows ® Codename Longhorn DDK provider)R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-08-02] (Apple, Inc.) [File not signed]U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)S1 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [X]S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]R3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S1 MpKslb9ee2848; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFB5F758-88DD-40A2-8570-9299F94880E8}\MpKslb9ee2848.sys [X]S1 MpKslbb89cfa8; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A306A4ED-0116-4B29-AE29-DC65EC41A044}\MpKslbb89cfa8.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]U3 kxrdrkod; \??\C:\Users\SAVAS~1.KYR\AppData\Local\Temp\kxrdrkod.sys [X]U3 mbr; \??\C:\Users\SAVAS~1.KYR\AppData\Local\Temp\mbr.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-26 09:34 - 2014-08-26 09:34 - 00025347 _____ () C:\ComboFix.txt2014-08-26 09:30 - 2014-08-26 09:30 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\AVG102014-08-26 09:26 - 2014-08-26 09:26 - 00703392 _____ () C:\Windows\system32\commonpriv.log2014-08-26 09:26 - 2014-08-26 09:26 - 00006552 _____ () C:\Windows\system32\commonpub.log2014-08-26 09:26 - 2014-08-26 09:26 - 00000000 _____ () C:\Windows\system32\commonpub.log.lock2014-08-26 09:26 - 2014-08-26 09:26 - 00000000 _____ () C:\Windows\system32\commonpriv.log.lock2014-08-25 16:22 - 2014-08-25 16:21 - 00001052 _____ () C:\Users\savas.kyriakidis\Desktop\JRT.txt2014-08-23 16:54 - 2014-08-26 14:19 - 00000000 ____D () C:\FRST2014-08-23 16:30 - 2014-08-25 09:35 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-23 16:30 - 2014-08-25 08:26 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-08-23 16:30 - 2014-08-25 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-08-23 16:30 - 2014-08-25 08:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-08-23 16:30 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-08-23 16:30 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-08-23 16:30 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-08-23 12:25 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe2014-08-23 12:25 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe2014-08-23 12:25 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe2014-08-23 12:12 - 2014-08-23 12:12 - 00007836 _____ () C:\Users\savas.kyriakidis\Desktop\reg.txt2014-08-23 12:03 - 2014-08-23 12:03 - 00009362 _____ () C:\Users\savas.kyriakidis\Desktop\safer.txt2014-08-23 11:51 - 2014-08-25 17:03 - 00000000 ____D () C:\AdwCleaner2014-08-23 11:42 - 2014-08-23 11:42 - 00000000 ____D () C:\Windows\ERUNT2014-08-22 17:06 - 2013-09-04 14:57 - 00024040 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys2014-08-22 17:06 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys2014-08-22 17:05 - 2014-08-22 21:40 - 00000000 ____D () C:\VIPRERESCUE2014-08-22 17:05 - 2014-08-22 17:05 - 00000000 ____D () C:\EEK2014-08-22 16:12 - 2014-08-26 09:26 - 00044440 _____ () C:\Windows\PFRO.log2014-08-22 15:52 - 2014-08-26 09:34 - 00000000 ____D () C:\Qoobox2014-08-22 14:32 - 2014-08-22 14:32 - 00000000 ____D () C:\Users\savas.kyriakidis\Documents\ProcAlyzer Dumps2014-08-22 14:00 - 2014-08-23 16:48 - 00000000 ____D () C:\ProgramData\HitmanPro2014-08-22 13:41 - 2014-08-22 13:54 - 00000000 ____D () C:\Windows\dwrcs2014-08-22 13:41 - 2014-08-22 13:41 - 00000000 ____D () C:\ProgramData\DameWare Development2014-08-22 13:25 - 2014-08-25 13:39 - 00001564 _____ () C:\Windows\setupact.log2014-08-22 13:25 - 2014-08-22 13:25 - 00000000 _____ () C:\Windows\setuperr.log2014-08-20 19:17 - 2014-08-20 19:17 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll2014-08-20 18:46 - 2014-08-20 18:46 - 00000666 _____ () C:\Toolbars.dat2014-08-20 18:12 - 2014-08-19 18:12 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys2014-08-19 23:07 - 2014-08-19 23:07 - 00000000 ____D () C:\ProgramData\GlarySoft2014-08-17 16:29 - 2014-08-17 16:29 - 04763288 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4745.exe2014-08-17 15:54 - 2014-08-17 15:54 - 04462440 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe2014-08-16 17:57 - 2014-08-17 17:23 - 00000000 ____D () C:\ProgramData\AVG20142014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\MFAData2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Avg20142014-08-16 17:04 - 2014-08-16 17:05 - 04755832 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_free_stb_all_2014_4744_cnet.exe2014-08-16 12:05 - 2014-08-16 12:05 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc2014-08-16 12:04 - 2014-08-16 12:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Downloaded Installers2014-08-15 20:57 - 2014-08-16 12:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc2014-08-15 20:56 - 2014-08-16 09:22 - 00000000 ____D () C:\Program Files\DriverUpdate2014-08-15 20:56 - 2014-08-15 20:56 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers2014-08-15 13:32 - 2014-08-15 13:32 - 06534584 _____ (Systweak Software ) C:\Users\savas.kyriakidis\Downloads\PCDiagnosisProTPSSetup.exe2014-08-15 13:23 - 2014-08-15 13:23 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (3).exe2014-08-15 13:12 - 2014-08-15 13:13 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (2).exe2014-08-15 13:11 - 2014-08-15 13:11 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (1).exe2014-08-15 13:04 - 2014-08-15 13:21 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\TeamViewer2014-08-15 13:02 - 2014-08-15 13:02 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en.exe2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803173445318587.exe2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803172000784607.exe2014-08-15 11:12 - 2014-08-15 11:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-08-15 11:11 - 2014-08-15 11:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012.exe2014-08-14 19:24 - 2014-08-14 19:24 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled2014-08-14 18:20 - 2014-08-26 09:29 - 00000342 _____ () C:\Windows\Tasks\GlaryInitialize 5.job2014-08-14 18:20 - 2014-08-20 23:44 - 00000891 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk2014-08-14 18:20 - 2014-08-20 23:44 - 00000879 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk2014-08-14 18:20 - 2014-08-14 18:20 - 00017216 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys2014-08-14 18:20 - 2014-08-14 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 52014-08-14 18:19 - 2014-08-25 16:32 - 00000000 ____D () C:\Program Files\Glary Utilities 52014-08-14 18:19 - 2014-08-23 11:16 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\DiskDefrag2014-08-14 18:19 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\GlarySoft2014-08-14 18:19 - 2014-08-04 03:06 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe2014-08-14 18:19 - 2014-07-18 03:11 - 00016064 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (5).exe2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (4).exe2014-08-14 18:15 - 2014-08-14 18:16 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (3).exe2014-08-14 18:15 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (2).exe2014-08-14 18:14 - 2014-08-14 18:14 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (1).exe2014-08-14 18:13 - 2014-08-14 18:13 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup.exe2014-08-14 17:37 - 2014-08-14 17:40 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809374825884190.exe2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809372042763201.exe2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809371092783465.exe2014-08-13 21:31 - 2014-08-13 21:31 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-08-13 21:31 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-08-13 21:28 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-08-13 21:28 - 2014-08-13 21:28 - 00000000 ____D () C:\Program Files\iPod2014-08-13 20:51 - 2014-08-13 20:52 - 00000000 ____D () C:\Program Files\QuickTime2014-08-13 20:51 - 2014-08-13 20:51 - 00001728 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-08-13 20:51 - 2014-08-13 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-08-12 21:20 - 2014-08-12 21:20 - 00000000 ____D () C:\ProgramData\WindowsSearch ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-26 14:19 - 2014-08-23 16:54 - 00000000 ____D () C:\FRST2014-08-26 14:18 - 2011-07-10 19:21 - 00000000 ____D () C:\ProgramData\MFAData2014-08-26 14:04 - 2014-07-18 00:39 - 01701450 _____ () C:\Windows\WindowsUpdate.log2014-08-26 13:26 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-08-26 13:26 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-08-26 09:34 - 2014-08-26 09:34 - 00025347 _____ () C:\ComboFix.txt2014-08-26 09:34 - 2014-08-22 15:52 - 00000000 ____D () C:\Qoobox2014-08-26 09:32 - 2006-11-02 06:33 - 00690960 _____ () C:\Windows\system32\PerfStringBackup.INI2014-08-26 09:30 - 2014-08-26 09:30 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\AVG102014-08-26 09:30 - 2011-12-22 18:52 - 00001356 _____ () C:\Users\savas.kyriakidis\AppData\Local\d3d9caps.dat2014-08-26 09:29 - 2014-08-14 18:20 - 00000342 _____ () C:\Windows\Tasks\GlaryInitialize 5.job2014-08-26 09:29 - 2006-11-02 06:23 - 00000215 _____ () C:\Windows\system.ini2014-08-26 09:28 - 2008-08-06 12:35 - 00000276 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job2014-08-26 09:26 - 2014-08-26 09:26 - 00703392 _____ () C:\Windows\system32\commonpriv.log2014-08-26 09:26 - 2014-08-26 09:26 - 00006552 _____ () C:\Windows\system32\commonpub.log2014-08-26 09:26 - 2014-08-26 09:26 - 00000000 _____ () C:\Windows\system32\commonpub.log.lock2014-08-26 09:26 - 2014-08-26 09:26 - 00000000 _____ () C:\Windows\system32\commonpriv.log.lock2014-08-26 09:26 - 2014-08-22 16:12 - 00044440 _____ () C:\Windows\PFRO.log2014-08-26 09:26 - 2011-07-10 19:26 - 00000000 ____D () C:\ProgramData\AVG102014-08-26 09:26 - 2011-07-10 19:25 - 00000000 ____D () C:\Program Files\AVG2014-08-26 09:26 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-26 08:38 - 2006-11-02 09:01 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-08-26 08:38 - 2006-11-02 06:22 - 43515904 _____ () C:\Windows\system32\config\software.bak2014-08-26 08:38 - 2006-11-02 06:22 - 35389440 _____ () C:\Windows\system32\config\COMPON~3.bak2014-08-26 08:38 - 2006-11-02 06:22 - 21757952 _____ () C:\Windows\system32\config\system.bak2014-08-26 08:38 - 2006-11-02 06:22 - 01048576 _____ () C:\Windows\system32\config\default.bak2014-08-26 08:38 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\security.bak2014-08-26 08:38 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak2014-08-26 08:37 - 2011-12-29 11:34 - 00000000 ____D () C:\Windows\ERDNT2014-08-26 08:25 - 2011-02-13 09:42 - 00001945 _____ () C:\Windows\epplauncher.mif2014-08-26 08:23 - 2006-11-02 07:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy2014-08-25 17:03 - 2014-08-23 11:51 - 00000000 ____D () C:\AdwCleaner2014-08-25 16:32 - 2014-08-14 18:19 - 00000000 ____D () C:\Program Files\Glary Utilities 52014-08-25 16:21 - 2014-08-25 16:22 - 00001052 _____ () C:\Users\savas.kyriakidis\Desktop\JRT.txt2014-08-25 13:39 - 2014-08-22 13:25 - 00001564 _____ () C:\Windows\setupact.log2014-08-25 09:54 - 2011-03-06 00:06 - 00047104 _____ () C:\Users\savas.kyriakidis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-08-25 09:35 - 2014-08-23 16:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-25 09:16 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system2014-08-25 08:26 - 2014-08-23 16:30 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-08-25 08:26 - 2014-08-23 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-08-25 08:26 - 2014-08-23 16:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-08-23 16:48 - 2014-08-22 14:00 - 00000000 ____D () C:\ProgramData\HitmanPro2014-08-23 16:30 - 2011-03-14 18:46 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-08-23 14:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\schemas2014-08-23 14:32 - 2011-03-14 18:43 - 00000000 ____D () C:\Windows\pss2014-08-23 14:22 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public2014-08-23 14:09 - 2011-03-06 00:06 - 00000000 ____D () C:\Users\savas.kyriakidis2014-08-23 14:09 - 2011-02-10 21:08 - 00000000 ____D () C:\Users\Rita2014-08-23 12:12 - 2014-08-23 12:12 - 00007836 _____ () C:\Users\savas.kyriakidis\Desktop\reg.txt2014-08-23 12:03 - 2014-08-23 12:03 - 00009362 _____ () C:\Users\savas.kyriakidis\Desktop\safer.txt2014-08-23 11:42 - 2014-08-23 11:42 - 00000000 ____D () C:\Windows\ERUNT2014-08-23 11:16 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\DiskDefrag2014-08-22 21:40 - 2014-08-22 17:05 - 00000000 ____D () C:\VIPRERESCUE2014-08-22 17:13 - 2012-05-16 21:52 - 00000000 ____D () C:\temp2014-08-22 17:05 - 2014-08-22 17:05 - 00000000 ____D () C:\EEK2014-08-22 14:32 - 2014-08-22 14:32 - 00000000 ____D () C:\Users\savas.kyriakidis\Documents\ProcAlyzer Dumps2014-08-22 14:15 - 2011-12-22 20:05 - 00000000 ____D () C:\ProgramData\AVAST Software2014-08-22 13:54 - 2014-08-22 13:41 - 00000000 ____D () C:\Windows\dwrcs2014-08-22 13:41 - 2014-08-22 13:41 - 00000000 ____D () C:\ProgramData\DameWare Development2014-08-22 13:25 - 2014-08-22 13:25 - 00000000 _____ () C:\Windows\setuperr.log2014-08-21 00:06 - 2011-03-06 00:06 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Google2014-08-20 23:44 - 2014-08-14 18:20 - 00000891 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk2014-08-20 23:44 - 2014-08-14 18:20 - 00000879 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk2014-08-20 23:39 - 2008-08-06 12:41 - 00000000 ____D () C:\Program Files\Google2014-08-20 20:00 - 2009-06-10 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark Z700-P700 Series2014-08-20 19:17 - 2014-08-20 19:17 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll2014-08-20 18:46 - 2014-08-20 18:46 - 00000666 _____ () C:\Toolbars.dat2014-08-19 23:07 - 2014-08-19 23:07 - 00000000 ____D () C:\ProgramData\GlarySoft2014-08-19 18:12 - 2014-08-20 18:12 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys2014-08-17 17:23 - 2014-08-16 17:57 - 00000000 ____D () C:\ProgramData\AVG20142014-08-17 16:29 - 2014-08-17 16:29 - 04763288 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4745.exe2014-08-17 15:54 - 2014-08-17 15:54 - 04462440 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\MFAData2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Avg20142014-08-16 17:05 - 2014-08-16 17:04 - 04755832 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_free_stb_all_2014_4744_cnet.exe2014-08-16 12:05 - 2014-08-16 12:05 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc2014-08-16 12:05 - 2014-08-15 20:57 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc2014-08-16 12:04 - 2014-08-16 12:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Downloaded Installers2014-08-16 10:06 - 2012-10-02 18:32 - 00000000 ____D () C:\Program Files\HTC2014-08-16 09:27 - 2008-08-06 12:49 - 00000000 ____D () C:\Program Files\Citrix2014-08-16 09:22 - 2014-08-15 20:56 - 00000000 ____D () C:\Program Files\DriverUpdate2014-08-15 20:56 - 2014-08-15 20:56 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers2014-08-15 20:41 - 2012-10-02 18:45 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Htc2014-08-15 19:55 - 2008-08-06 12:37 - 00000000 ____D () C:\Program Files\Microsoft Office2014-08-15 17:56 - 2006-11-02 08:47 - 00267048 _____ () C:\Windows\system32\FNTCACHE.DAT2014-08-15 13:32 - 2014-08-15 13:32 - 06534584 _____ (Systweak Software ) C:\Users\savas.kyriakidis\Downloads\PCDiagnosisProTPSSetup.exe2014-08-15 13:26 - 2011-06-17 17:39 - 00058896 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT2014-08-15 13:23 - 2014-08-15 13:23 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (3).exe2014-08-15 13:21 - 2014-08-15 13:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\TeamViewer2014-08-15 13:13 - 2014-08-15 13:12 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (2).exe2014-08-15 13:11 - 2014-08-15 13:11 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (1).exe2014-08-15 13:02 - 2014-08-15 13:02 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en.exe2014-08-15 13:01 - 2012-01-24 17:09 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\LogMeIn Rescue Applet2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803173445318587.exe2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803172000784607.exe2014-08-15 11:13 - 2014-08-15 11:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-08-15 11:12 - 2014-08-15 11:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012.exe2014-08-14 19:24 - 2014-08-14 19:24 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled2014-08-14 18:20 - 2014-08-14 18:20 - 00017216 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys2014-08-14 18:20 - 2014-08-14 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 52014-08-14 18:19 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\GlarySoft2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (5).exe2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (4).exe2014-08-14 18:16 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (3).exe2014-08-14 18:15 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (2).exe2014-08-14 18:14 - 2014-08-14 18:14 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (1).exe2014-08-14 18:13 - 2014-08-14 18:13 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup.exe2014-08-14 17:40 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809374825884190.exe2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809372042763201.exe2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809371092783465.exe2014-08-13 23:07 - 2013-06-10 19:17 - 00002463 _____ () C:\Users\Public\Desktop\Transporter.lnk2014-08-13 21:31 - 2014-08-13 21:31 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-08-13 21:31 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-08-13 21:31 - 2014-08-13 21:28 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-08-13 21:31 - 2011-12-24 11:26 - 00000000 ____D () C:\Program Files\iTunes2014-08-13 21:28 - 2014-08-13 21:28 - 00000000 ____D () C:\Program Files\iPod2014-08-13 21:28 - 2008-09-02 12:28 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-08-13 21:02 - 2008-09-02 12:28 - 00000000 ____D () C:\ProgramData\Apple2014-08-13 20:52 - 2014-08-13 20:51 - 00000000 ____D () C:\Program Files\QuickTime2014-08-13 20:51 - 2014-08-13 20:51 - 00001728 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-08-13 20:51 - 2014-08-13 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-08-13 20:41 - 2013-04-22 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud2014-08-13 20:18 - 2008-08-06 12:41 - 00000000 ____D () C:\ProgramData\Google2014-08-12 21:20 - 2014-08-12 21:20 - 00000000 ____D () C:\ProgramData\WindowsSearch2014-08-12 17:13 - 2011-08-28 07:57 - 00000000 ____D () C:\Users\savas.kyriakidis\Desktop\ALL Folders2014-08-12 17:09 - 2011-08-28 08:01 - 00000000 ____D () C:\Users\savas.kyriakidis\Desktop\Desk Top Stuff2014-08-04 03:06 - 2014-08-14 18:19 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-26 09:39 ==================== End Of Log ============================
  14. Yes. I have no illusions that having an AV solution from 2011 will be effective in 2014, which is why I do not run AVG 2011 on my personal system. Also, I am fully aware of the issue of competing AV solutions, which is why I run a solitary program on my personal system. I will, however, pass along your recommendations to the owner of this infected PC. Here is the requested Combofix log. The automatically-generated Chrome windows appear to have stopped. ComboFix 14-08-24.01 - savas.kyriakidis 08/26/2014 8:27.6.2 - x86Running from: F:\ComboFix.exeCommand switches used :: F:\CFScript.txt.FILE ::"c:\users\SAVAS~1.KYR\AppData\Local\Temp\xujxyvl.dll""c:\windows\system32\jsllnzn.dll""c:\windows\System32\Tasks\{B7983C11-5FD9-12B1-4EAA-DE223F2AD5D5}""c:\windows\System32\Tasks\Security Center Update - 754758581""c:\windows\System32\Tasks\Time Trigger Test Task"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\IrfuqApivhc:\users\savas.kyriakidis\AppData\Local\42a495c:\users\savas.kyriakidis\AppData\Local\browser_dirc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\36.0.1985.125.manifestc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\chrome.dllc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\chrome_100_percent.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\chrome_200_percent.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\chrome_child.dllc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\chrome_elf.dllc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\d3dcompiler_43.dllc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\d3dcompiler_46.dllc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\default_apps\docs.crxc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\default_apps\drive.crxc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\default_apps\external_extensions.jsonc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\default_apps\gmail.crxc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\default_apps\search.crxc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\default_apps\youtube.crxc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\delegate_execute.exec:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Extensions\external_extensions.jsonc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\ffmpegsumo.dllc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\icudtl.datc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\libegl.dllc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\libexif.dllc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\libglesv2.dllc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\libpeerconnection.dllc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\am.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\ar.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\bg.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\bn.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\ca.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\cs.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\da.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\de.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\el.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\en-GB.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\en-US.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\es-419.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\es.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\et.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\fa.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\fi.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\fil.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\fr.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\gu.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\he.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\hi.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\hr.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\hu.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\id.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\it.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\ja.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\kn.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\ko.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\lt.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\lv.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\ml.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\mr.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\ms.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\nb.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\nl.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\pl.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\pt-BR.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\pt-PT.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\ro.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\ru.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\sk.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\sl.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\sr.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\sv.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\sw.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\ta.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\te.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\th.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\tr.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\uk.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\vi.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\zh-CN.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\Locales\zh-TW.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\metro_driver.dllc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\mksnapshot.ia32.exe.assert.manifestc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\nacl_irt_x86_32.nexec:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\nacl_irt_x86_64.nexec:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\nacl64.exec:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\pdf.dllc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\PepperFlash\manifest.jsonc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\PepperFlash\pepflashplayer.dllc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\ppgooglenaclpluginchrome.dllc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\resources.pakc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\secondarytile.pngc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\VisualElements\logo.pngc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\VisualElements\smalllogo.pngc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\VisualElements\splash-620x300.pngc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\widevinecdmadapter.dllc:\users\savas.kyriakidis\AppData\Local\browser_dir\36.0.1985.125\xinput1_3.dllc:\users\savas.kyriakidis\AppData\Local\browser_dir\browser.exec:\users\savas.kyriakidis\AppData\Local\browser_dir\debug.logc:\users\savas.kyriakidis\AppData\Local\browser_dir\Dictionaries\en-US-3-0.bdicc:\users\savas.kyriakidis\AppData\Local\browser_dir\wow_helper.exec:\users\savas.kyriakidis\AppData\Local\UINoteworthyc:\users\savas.kyriakidis\AppData\Local\UINoteworthy\UINoteworthy.dllc:\users\savas.kyriakidis\AppData\LocalLow\UIMobilec:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ec1ac8a1c:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\JawaVinyl.pacc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ToolHumble\manifest.jsonc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ToolHumble\NoteworthyModulator.jsc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\36.0.1985.143.manifestc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\chrome.dllc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\chrome_100_percent.pakc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\chrome_200_percent.pakc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\chrome_child.dllc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\chrome_elf.dllc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\d3dcompiler_43.dllc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\d3dcompiler_46.dllc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\default_apps\docs.crxc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\default_apps\drive.crxc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\default_apps\external_extensions.jsonc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\default_apps\gmail.crxc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\default_apps\search.crxc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\default_apps\youtube.crxc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\delegate_execute.exec:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\Extensions\external_extensions.jsonc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\ffmpegsumo.dllc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\icudtl.datc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\libegl.dllc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\libexif.dllc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\libglesv2.dllc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\libpeerconnection.dllc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\Locales\en-GB.pakc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\Locales\en-US.pakc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\metro_driver.dllc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\mksnapshot.ia32.exe.assert.manifestc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\nacl_irt_x86_32.nexec:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\nacl_irt_x86_64.nexec:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\nacl64.exec:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\pdf.dllc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\PepperFlash\manifest.jsonc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\PepperFlash\pepflashplayer.dllc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\ppgooglenaclpluginchrome.dllc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\resources.pakc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\secondarytile.pngc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\VisualElements\logo.pngc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\VisualElements\smalllogo.pngc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\VisualElements\splash-620x300.pngc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\widevinecdmadapter.dllc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\xinput1_3.dllc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exec:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\debug.logc:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\VisualElementsManifest.xmlc:\users\savas.kyriakidis\AppData\Roaming\42a495c:\users\savas.kyriakidis\AppData\Roaming\Puorfuc:\windows\System32\Tasks\{B7983C11-5FD9-12B1-4EAA-DE223F2AD5D5}c:\windows\System32\Tasks\Security Center Update - 754758581c:\windows\System32\Tasks\Time Trigger Test Task..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_AVG Security Toolbar Service-------\Service_vToolbarUpdater..((((((((((((((((((((((((( Files Created from 2014-07-26 to 2014-08-26 )))))))))))))))))))))))))))))))..2014-08-26 12:37 . 2014-08-26 13:29 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\temp2014-08-26 12:37 . 2014-08-26 12:37 -------- d-----w- c:\users\Rita\AppData\Local\temp2014-08-26 12:37 . 2014-08-26 12:37 -------- d-----w- c:\users\Guest\AppData\Local\temp2014-08-26 12:37 . 2014-08-26 12:37 -------- d-----w- c:\users\Default\AppData\Local\temp2014-08-23 20:54 . 2014-08-25 17:46 -------- d-----w- C:\FRST2014-08-23 20:30 . 2014-08-25 13:35 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-08-23 20:30 . 2014-08-25 12:26 -------- d-----w- c:\program files\Malwarebytes Anti-Malware2014-08-23 20:30 . 2014-05-12 11:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys2014-08-23 20:30 . 2014-05-12 11:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-08-23 20:30 . 2014-05-12 11:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys2014-08-23 15:51 . 2014-08-25 21:03 -------- d-----w- C:\AdwCleaner2014-08-23 15:42 . 2014-08-23 15:42 -------- d-----w- c:\windows\ERUNT2014-08-22 21:06 . 2013-09-04 18:57 24040 ----a-w- c:\windows\system32\drivers\gfiutil.sys2014-08-22 21:06 . 2013-05-23 12:39 43368 ----a-w- c:\windows\system32\drivers\gfiark.sys2014-08-22 21:05 . 2014-08-23 01:40 -------- d-----w- C:\VIPRERESCUE2014-08-22 21:05 . 2014-08-22 21:05 -------- d-----w- C:\EEK2014-08-22 18:00 . 2014-08-23 20:48 -------- d-----w- c:\programdata\HitmanPro2014-08-22 17:41 . 2014-08-22 17:41 -------- d-----w- c:\programdata\DameWare Development2014-08-22 17:41 . 2014-08-22 17:54 -------- d-----w- c:\windows\dwrcs2014-08-20 23:17 . 2014-08-20 23:17 319456 ----a-w- c:\windows\DIFxAPI.dll2014-08-20 22:12 . 2014-08-19 22:12 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys2014-08-20 03:07 . 2014-08-20 03:07 -------- d-----w- c:\programdata\GlarySoft2014-08-16 21:57 . 2014-08-17 21:23 -------- d-----w- c:\programdata\AVG20142014-08-16 21:05 . 2014-08-16 21:05 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\MFAData2014-08-16 21:05 . 2014-08-16 21:05 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\Avg20142014-08-16 16:05 . 2014-08-16 16:05 -------- d-----w- c:\programdata\SlimWare Utilities Inc2014-08-16 16:04 . 2014-08-16 16:04 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\Downloaded Installers2014-08-16 00:57 . 2014-08-16 16:05 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc2014-08-16 00:56 . 2014-08-16 13:22 -------- d-----w- c:\program files\DriverUpdate2014-08-15 17:04 . 2014-08-15 17:21 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\TeamViewer2014-08-14 22:20 . 2014-08-14 22:20 17216 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys2014-08-14 22:19 . 2014-08-04 07:06 101664 ----a-w- c:\windows\system32\BootDefrag.exe2014-08-14 22:19 . 2014-07-18 07:11 16064 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys2014-08-14 22:19 . 2014-08-23 15:16 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\DiskDefrag2014-08-14 22:19 . 2014-08-14 22:19 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\GlarySoft2014-08-14 22:19 . 2014-08-25 20:32 -------- d-----w- c:\program files\Glary Utilities 52014-08-14 01:28 . 2014-08-14 01:28 -------- d-----w- c:\program files\iPod2014-08-14 01:28 . 2014-08-14 01:31 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E12014-08-14 00:53 . 2014-08-14 00:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll2014-08-14 00:51 . 2014-08-14 00:52 -------- d-----w- c:\program files\QuickTime2014-08-13 01:20 . 2014-08-13 01:20 -------- d-----w- c:\programdata\WindowsSearch2014-08-12 20:33 . 2014-08-12 20:37 20480 ----a-w- c:\program files\Internet Explorer\version1.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-06-17 20:17 . 2014-06-17 20:17 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]"Akamai NetSession Interface"="c:\users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe" [2014-04-18 4672920]"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-10-31 59720]"com.apple.dav.bookmarks.daemon"="c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2013-10-02 59720]"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-10-31 59720]"GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2014-08-18 37152].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]"RtHDVCpl"="RtHDVCpl.exe" [2008-03-06 4706304]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-08-01 152392]"DameWare MRC Agent"="c:\windows\dwrcs\DWRCST.exe" [2012-11-02 379752].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=NzctMTIyNzA3NzAwOS1GSSsxLUZMMTArMS1ERFQrMC1UVUcrMy1MU0QrMi1TVDEwQVBQKzEtREQxMCsxLVNUMTBGQVBQKzEtRjEwVEIrMi1TVDEwVEJGKzEtQ0lBUzEwKzI∏=55&ver=10.0.1416" [?] .[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"HideFastUserSwitching"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"UseDefaultTile"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk * \0BootDefrag.exe\0sasnative32.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12HPService REG_MULTI_SZ HPSLPSVChpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvcLocalServiceAndNoImpersonation REG_MULTI_SZ FontCache.Contents of the 'Scheduled Tasks' folder.2014-08-26 c:\windows\Tasks\GlaryInitialize 5.job- c:\program files\Glary Utilities 5\Initialize.exe [2014-08-18 01:05].2014-08-26 c:\windows\Tasks\RtlNICDiagVistaStart.job- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2008-08-06 11:44]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/uInternet Settings,ProxyOverride = *.local;<local>TCP: DhcpNameServer = 192.168.2.1 66.18.32.2 66.18.32.3..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-08-26 09:29Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.------------------------ Other Running Processes ------------------------.c:\program files\Dell\DellDock\DockLogin.exec:\windows\system32\WLANExt.exec:\program files\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\AVG\AVG10\avgfws.exec:\program files\AVG\AVG10\avgwdsvc.exec:\program files\Bonjour\mDNSResponder.exec:\windows\dwrcs\DWRCS.EXEc:\windows\system32\lxblcoms.exec:\windows\system32\msiexec.exec:\program files\HTC\Internet Pass-Through\PassThruSvr.exec:\program files\Sony\PMB\PMBDeviceInfoProvider.exec:\program files\NETGEAR\WNA1100\WifiSvc.exec:\windows\system32\WUDFHost.exec:\program files\AVG\AVG10\avgnsx.exec:\program files\Dell\DellDock\DellDock.exec:\program files\Glary Utilities 5\Integrator.exec:\windows\RtHDVCpl.exec:\program files\ActivIdentity\ActivClient\acsagent.exec:\program files\HP\Digital Imaging\bin\hpqtra08.exec:\program files\NETGEAR\WNA1100\WNA1100.exec:\program files\Microsoft Office\Office12\ONENOTEM.EXEc:\windows\ehome\ehmsas.exec:\program files\iPod\bin\iPodService.exec:\program files\Windows Media Player\wmpnetwk.exec:\program files\HP\Digital Imaging\bin\hpqSTE08.exec:\program files\HP\Digital Imaging\bin\hpqbam08.exec:\program files\HP\Digital Imaging\bin\hpqgpc01.exec:\program files\Common Files\Apple\Internet Services\APSDaemon.exe.**************************************************************************.Completion time: 2014-08-26 09:34:08 - machine was rebootedComboFix-quarantined-files.txt 2014-08-26 13:34ComboFix2.txt 2014-08-25 18:24ComboFix3.txt 2014-08-25 15:10ComboFix4.txt 2014-08-24 19:45ComboFix5.txt 2014-08-26 12:26.Pre-Run: 238,265,204,736 bytes freePost-Run: 238,311,092,224 bytes free.- - End Of File - - 51838510CD7675792343D8F764ACFBD55C616939100B85E558DA92B899A0FC36
  15. JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.4 (04.06.2014:1)OS: Windows Vista Home Premium x86Ran by savas.kyriakidis on Mon 08/25/2014 at 16:18:32.89~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B? Value Name Type Value Data ======================================================================================== UINoteworthy REG_SZ C:\Windows\system32\rundll32.exe "C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy\UINoteworthy.dll",DllRegisterServer ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 08/25/2014 at 16:21:59.88End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner # AdwCleaner v3.308 - Report created 25/08/2014 at 17:03:28# Updated 20/08/2014 by Xplode# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)# Username : savas.kyriakidis - SAVASKYRIAKI-PC# Running from : F:\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16421 -\\ Google Chrome v [ File : C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [8912 octets] - [23/08/2014 11:51:26]AdwCleaner[R1].txt - [984 octets] - [25/08/2014 16:34:51]AdwCleaner[s0].txt - [8774 octets] - [23/08/2014 11:53:04]AdwCleaner[s1].txt - [832 octets] - [25/08/2014 17:03:28] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [891 octets] ##########
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.