Jump to content

mof

Honorary Members
 View Profile  See their activity

  • Posts

    24

  • Joined

  • Last visited

Reputation

0 Neutral
  1. mof
    Naathim, Thanks alot for that. My system is now clean, and it's also been an education !! I seriously hope i wont have to bother you again. I'll get reading those links. All the best.
  2. mof
    Nice tool. Log report ; # DelFix v10.8 - Logfile created 26/08/2014 at 19:44:27 # Updated 29/07/2014 by Xplode # Username : Windows7 - WINDOWS7-PC0451 # Operating System : Windows 7 Ultimate Service Pack 1 (32 bits) ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\Windows7\Desktop\aswMBR.txt Deleted : C:\Users\Windows7\Desktop\Fixlog.txt Deleted : C:\Users\Windows7\Desktop\FRST.exe Deleted : C:\Users\Windows7\Desktop\JRT.txt Deleted : C:\Users\Windows7\Desktop\MBR.dat Deleted : C:\Users\Windows7\Downloads\Addition.txt Deleted : C:\Users\Windows7\Downloads\AdwCleaner.exe Deleted : C:\Users\Windows7\Downloads\aswMBR.exe Deleted : C:\Users\Windows7\Downloads\esetsmartinstaller_enu(1).exe Deleted : C:\Users\Windows7\Downloads\esetsmartinstaller_enu.exe Deleted : C:\Users\Windows7\Downloads\FRST.txt Deleted : C:\Users\Windows7\Downloads\JRT.exe Deleted : C:\Users\Windows7\Downloads\JavaRa-2.0.zip Deleted : C:\Users\Windows7\Downloads\SecurityCheck.exe Deleted : HKLM\SOFTWARE\AdwCleaner Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR Deleted : HKLM\SYSTEM\CurrentControlSet\Services\aswMBR ~ Cleaning system restore ... New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
  3. mof
    Log result. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:24-08-2014 03 Ran by Windows7 at 2014-08-26 19:23:33 Run:2 Running from C:\Users\Windows7\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** start C:\Windows\AutoKMS\AutoKMS.exe end ***************** C:\Windows\AutoKMS\AutoKMS.exe => Moved successfully. ==== End of Fixlog ====
  4. mof
    Hello again Naathim, I did a threat scan of Malware Bytes and NO threats shown. Unfortunately i'm too dumb to know how to reduce the size of the scan results page - to click the export button - to give you a copy of the log (my screen is too small and i cannot drag the window to a smaller size). But zero detections so all clean on there by the looks of it!!! The ESET scan (below) has just finished, and to me looks all clean as well. I can delete that one ''threat'' if needed, but i think that's not any adware. I got alot of extra stuff already on this machine when i bought this laptop and deleted the program Web Cam Surveyor as my AV picked it up and i wasnt entirely sure that it could possibly be used for spyware. I'm surprised this adware got through my Comodo CIS and Toolwiz Time Freeze as i thought, or rather assumed, i'd be near bullet proof with both. I think it might have got on my machine before i installed Toolwiz though, and possibly been installed when my girlfriend downloaded an online game as i vaguely remember Oberon media. Could have been me with Java though. So the nasties have been removed? Sorry to have bothered you. ESET scan log ; ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=6534992cc53cc64686a757c7cbf1ee58 # engine=19844 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-08-26 10:37:30 # local_time=2014-08-26 05:37:30 (+0700, SE Asia Standard Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='COMODO Antivirus' # compatibility_mode=3074 16777213 100 84 0 55520872 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 35508348 160680641 0 0 # scanned=120460 # found=1 # cleaned=0 # scan_time=8506 sh=13EE8C9FCE6F74512DCD188CCA0655C5EDE37612 ft=1 fh=756c61b76c471ca8 vn="MSIL/HackKMS.A potentially unsafe application" ac=I fn="C:\Windows\AutoKMS\AutoKMS.exe"
  5. mof
    The copy & paste of aswMBR. Cheers. aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software Run date: 2014-08-26 11:25:13 ----------------------------- 11:25:13.830 OS Version: Windows 6.1.7601 Service Pack 1 11:25:13.830 Number of processors: 4 586 0x3601 11:25:13.830 ComputerName: WINDOWS7-PC0451 UserName: Windows7 11:26:18.665 Initialize success 11:26:18.696 VM: initialized successfully 11:26:18.727 VM: Intel CPU virtualization not supported 11:26:18.837 write error "aswEngin.dll". The process cannot access the file because it is being used by another process. 11:28:05.443 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 11:28:05.458 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3 11:28:05.864 Disk 0 MBR read successfully 11:28:05.880 Disk 0 MBR scan 11:28:05.895 Disk 0 Windows 7 default MBR code 11:28:05.911 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 11:28:05.926 Disk 0 Boot: NTFS code=2 11:28:05.942 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 102400 MB offset 206848 11:28:05.973 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 202743 MB offset 209922048 11:28:05.989 Disk 0 scanning sectors +625139712 11:28:06.129 Disk 0 scanning C:\Windows\system32\drivers 11:28:15.895 Service scanning 11:28:38.203 Modules scanning 11:28:47.563 Disk 0 trace - called modules: 11:28:47.703 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 11:28:47.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862c1030] 11:28:47.766 3 CLASSPNP.SYS[8878159e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84b37028] 11:28:47.797 Scan finished successfully 11:30:56.903 Disk 0 MBR has been saved successfully to "C:\Users\Windows7\Desktop\MBR.dat" 11:30:56.934 The log file has been saved successfully to "C:\Users\Windows7\Desktop\aswMBR.txt"
  6. mof
    PS, i'll update Java. I have the Java plugin disabled in Firefox, which is the browser i use most of the time. I also always use Toolwiz Time Freeze whenever i use Java. Tnx
  7. mof
    Here is the log file from Security Check below. Should i also double click on the saved askMBR log file and copy and paste aswell? Tnx Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` COMODO Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` CCleaner Java 7 Update 55 Java version out of Date! Adobe Flash Player 14.0.0.145 Adobe Reader XI Mozilla Firefox (31.0) Google Chrome 36.0.1985.125 Google Chrome 36.0.1985.143 ````````Process Check: objlist.exe by Laurent```````` Comodo Firewall cmdagent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````
  8. mof
    Good morning Naathim !!! I did the FRST instructions and here is a copy of the logfix (will now do the other scan) ; Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:24-08-2014 03 Ran by Windows7 at 2014-08-26 11:04:08 Run:1 Running from C:\Users\Windows7\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** start HKU\S-1-5-21-1019755614-1115449502-2846687370-1000\...\MountPoints2: {254a8ba5-6d27-11e1-88a1-806e6f6e6963} - E:\DistinguishOS.exe FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.129\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{7F902AD4-FC6A-4B2F-8B8D-B6DD4E329B76}\InprocServer32 -> C:\Users\Windows7\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~1.DLL No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{A0359AE6-F410-4425-A975-684AAB785ABD}\InprocServer32 -> C:\Users\Windows7\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAB~1.DLL No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File Hosts: Task: C:\Windows\Tasks\AutoKMS.job => ? AlternateDataStreams: C:\ProgramData\TEMP:5547042D AlternateDataStreams: C:\ProgramData\TEMP:A1D3FEF0 AlternateDataStreams: C:\ProgramData\TEMP:ADE16379 AlternateDataStreams: C:\ProgramData\TEMP:B881EAB4 EmptyTemp: end ***************** "HKU\S-1-5-21-1019755614-1115449502-2846687370-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{254a8ba5-6d27-11e1-88a1-806e6f6e6963}" => Key deleted successfully. "HKCR\CLSID\{254a8ba5-6d27-11e1-88a1-806e6f6e6963}" => Key not found. "HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter" => Key deleted successfully. "HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key deleted successfully. "HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully. "HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}" => Key deleted successfully. "HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => Key deleted successfully. "HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key deleted successfully. "HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key deleted successfully. "HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{7F902AD4-FC6A-4B2F-8B8D-B6DD4E329B76}" => Key deleted successfully. "HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{A0359AE6-F410-4425-A975-684AAB785ABD}" => Key deleted successfully. "HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => Key deleted successfully. "HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}" => Key deleted successfully. "HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => Key deleted successfully. "HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => Key deleted successfully. "HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. C:\Windows\Tasks\AutoKMS.job => Moved successfully. C:\ProgramData\TEMP => ":5547042D" ADS removed successfully. C:\ProgramData\TEMP => ":A1D3FEF0" ADS removed successfully. C:\ProgramData\TEMP => ":ADE16379" ADS removed successfully. C:\ProgramData\TEMP => ":B881EAB4" ADS removed successfully. EmptyTemp: => Removed 1.1 GB temporary data. The system needed a reboot. ==== End of Fixlog ====
  9. mof
    Thank you sir! I appreciate all your help, it's just to a dummy like me that code looks abit scary. As an example of that, i dont fully understand what i need to do for this bit ; Both files, FRST and fixlist.txt have to be in the same location or the fix will not work! Also ,I've closed the FRST software. Should i open it again and run the scan and then ''Fix it''? Sorry about the dumb questions.
  10. mof
    I've never used Office and doubt i ever will,but recently bought this laptop new in SE Asia so will removing those files alter my core system for the time being or just additional add on programs like Office? Thanks
  11. mof
    Naathim, With the FRST tool will it delete all those items in notepad including these ; Hosts: Task: C:\Windows\Tasks\AutoKMS.job => ? AlternateDataStreams: C:\ProgramData\TEMP:5547042D AlternateDataStreams: C:\ProgramData\TEMP:A1D3FEF0 AlternateDataStreams: C:\ProgramData\TEMP:ADE16379 AlternateDataStreams: C:\ProgramData\TEMP:B881EAB4 EmptyTemp: end
  12. mof
    No real user issues......as far as i know. I'm mostly concerned about my passwords and sensitive info on a couple of sites. Is it a serious infection or mild, or has it now been removed? Thanks for this.
  13. mof
    sfi.dat file might be related to my Comodo AV?? http://forums.mydigitallife.info/threads/17361-Beware-system-restore-issue-with-comodo-antivirus
  14. mof
    Here's the URL. thnx. https://www.virustotal.com/en/file/0b1159d6a9f41e3d85d2b9f36c8186106446a43bba7c26c4063748baf0029f04/analysis/1408966432/
  15. mof
    FRST scan with Addition scan below it. Thanks. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-08-2014 03 Ran by Windows7 (administrator) on WINDOWS7-PC0451 on 25-08-2014 17:41:03 Running from C:\Users\Windows7\Downloads Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Comodo Security Solutions Inc.) C:\Program Files\Common Files\Comodo\launcher_service.exe (COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files\Comodo\Dragon\dragon_updater.exe (Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe (COMODO) C:\Program Files\Comodo\COMODO Internet Security\cistray.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (COMODO) C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe (COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1225944 2014-03-26] (COMODO) HKLM\...\Run: [tvncontrol] => "C:\Program Files\Common Files\Comodo\tvnserver.exe" -controlservice -slave HKLM\...\Run: [GfxServiceInstall] => C:\Windows\system32\GfxCUIServiceInstall.vbs [131 2011-12-13] () HKU\S-1-5-21-1019755614-1115449502-2846687370-1000\...\Run: [Google Update] => C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-26] (Google Inc.) HKU\S-1-5-21-1019755614-1115449502-2846687370-1000\...\MountPoints2: {254a8ba5-6d27-11e1-88a1-806e6f6e6963} - E:\DistinguishOS.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.msn.iplay.com/?o=shp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3ACF29619115CD01 BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 172.16.251.77 Tcpip\..\Interfaces\{069CFF82-4582-4A00-8B4B-8B1A96EEC289}: [NameServer] 156.154.70.22,156.154.71.22 Tcpip\..\Interfaces\{20E49E18-726A-45BB-ADC3-0B0F9817C16A}: [NameServer] 156.154.70.22,156.154.71.22 FireFox: ======== FF ProfilePath: C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\myvh82o2.default-1354460765415 FF Homepage: https://encrypted.google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: PrivDog - C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\myvh82o2.default-1354460765415\Extensions\PrivDog@AdTrustMedia.com [2014-06-20] Chrome: ======= CHR HomePage: https://encrypted.google.com/ CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26] CHR Extension: (Google Wallet) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-29] CHR StartMenuInternet: Google Chrome - C:\Users\Windows7\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed] R2 CLPSLauncher; C:\Program Files\Common Files\Comodo\launcher_service.exe [70352 2012-11-01] (Comodo Security Solutions Inc.) R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-17] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-26] (COMODO) R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] () S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-03-14] (Macrovision Europe Ltd.) [File not signed] S4 GeekBuddyRSP; C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe [1467088 2012-10-31] (Comodo Security Solutions, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BTOWSFF; C:\Windows\system32\Drivers\BTOWSFF.sys [26432 2012-12-18] (Toolwiz.com) R0 BTOWSVF; C:\Windows\System32\Drivers\BTOWSVF.sys [49856 2012-12-18] (Toolwiz.com) R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2012-12-04] (Windows ® Win 7 DDK provider) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2014-04-17] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [607168 2014-04-17] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2014-04-17] (COMODO) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [92656 2014-04-17] (COMODO) R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [254056 2011-05-30] (Realtek Semiconductor Corp.) S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-25 17:19 - 2014-08-25 17:19 - 00001641 _____ () C:\Users\Windows7\Desktop\JRT.txt 2014-08-25 16:50 - 2014-08-25 16:50 - 00000000 ____D () C:\Windows\ERUNT 2014-08-25 16:48 - 2014-08-25 16:48 - 01016261 _____ (Thisisu) C:\Users\Windows7\Downloads\JRT.exe 2014-08-25 15:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-08-25 15:34 - 2014-08-25 16:11 - 00000000 ____D () C:\AdwCleaner 2014-08-25 15:30 - 2014-08-25 15:31 - 01364531 _____ () C:\Users\Windows7\Downloads\AdwCleaner.exe 2014-08-25 14:54 - 2014-08-25 15:04 - 00033702 _____ () C:\Users\Windows7\Downloads\Addition.txt 2014-08-25 14:52 - 2014-08-25 17:41 - 00009242 _____ () C:\Users\Windows7\Downloads\FRST.txt 2014-08-25 14:50 - 2014-08-25 17:41 - 00000000 ____D () C:\FRST 2014-08-25 14:48 - 2014-08-25 14:48 - 01095168 _____ (Farbar) C:\Users\Windows7\Downloads\FRST.exe 2014-08-25 12:10 - 2014-05-14 23:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-25 12:10 - 2014-05-14 23:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-25 12:10 - 2014-05-14 23:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-25 12:10 - 2014-05-14 23:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-25 12:09 - 2014-05-14 23:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-25 12:09 - 2014-05-14 23:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-25 12:09 - 2014-05-14 23:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-25 12:09 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-25 12:09 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-24 15:32 - 2014-08-25 13:12 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-24 15:32 - 2014-08-24 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-24 15:31 - 2014-08-24 15:32 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-08-24 15:31 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-24 15:31 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-14 20:05 - 2014-07-01 05:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-14 20:05 - 2014-03-10 04:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-14 20:04 - 2014-06-06 13:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-14 20:04 - 2014-03-10 04:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-13 20:20 - 2014-07-14 08:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-13 20:20 - 2014-06-16 08:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-13 20:20 - 2014-06-16 08:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2014-08-13 20:20 - 2014-06-16 08:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-08-13 20:19 - 2014-08-01 06:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-13 20:19 - 2014-07-25 20:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-13 20:19 - 2014-07-25 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-13 20:19 - 2014-07-25 20:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-13 20:19 - 2014-07-25 19:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-13 20:19 - 2014-07-25 19:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-13 20:19 - 2014-07-25 19:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-13 20:19 - 2014-07-25 19:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-13 20:19 - 2014-07-25 19:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-13 20:19 - 2014-07-25 19:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-13 20:19 - 2014-07-25 19:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-13 20:19 - 2014-07-25 19:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-13 20:19 - 2014-07-25 19:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-13 20:19 - 2014-07-25 19:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-13 20:19 - 2014-07-25 19:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-13 20:19 - 2014-07-25 19:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-13 20:19 - 2014-07-25 18:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-13 20:19 - 2014-07-25 18:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-13 20:19 - 2014-07-25 18:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-13 20:19 - 2014-07-25 18:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-13 20:19 - 2014-07-25 18:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-13 20:19 - 2014-07-25 18:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-13 20:19 - 2014-07-25 18:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-13 20:19 - 2014-07-25 18:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-13 20:19 - 2014-07-25 18:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-13 20:19 - 2014-07-25 18:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-13 20:19 - 2014-07-25 18:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-13 20:19 - 2014-07-25 17:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-13 20:19 - 2014-07-25 17:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-13 20:19 - 2014-07-25 17:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-13 20:16 - 2014-07-16 09:47 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-13 20:16 - 2014-07-16 09:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-13 20:16 - 2014-07-16 08:47 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-13 20:16 - 2014-06-03 16:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-13 20:16 - 2014-06-03 16:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-13 20:16 - 2014-06-03 16:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-13 20:16 - 2014-06-03 16:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-13 20:14 - 2014-07-09 08:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-08-13 20:14 - 2014-07-09 08:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-08-13 20:14 - 2014-07-09 08:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-08-13 20:14 - 2014-07-09 08:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-08-13 20:14 - 2014-07-09 08:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-08-13 20:14 - 2014-07-09 05:30 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-08-13 20:14 - 2014-06-25 08:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-25 17:41 - 2014-08-25 14:52 - 00009242 _____ () C:\Users\Windows7\Downloads\FRST.txt 2014-08-25 17:41 - 2014-08-25 14:50 - 00000000 ____D () C:\FRST 2014-08-25 17:40 - 2009-07-14 11:34 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-25 17:40 - 2009-07-14 11:34 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-25 17:37 - 2012-04-09 14:56 - 01992579 _____ () C:\Windows\WindowsUpdate.log 2014-08-25 17:34 - 2012-04-26 13:04 - 00121903 _____ () C:\Windows\setupact.log 2014-08-25 17:34 - 2009-07-14 11:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-25 17:33 - 2012-12-19 21:11 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat 2014-08-25 17:26 - 2012-06-26 00:09 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000UA.job 2014-08-25 17:19 - 2014-08-25 17:19 - 00001641 _____ () C:\Users\Windows7\Desktop\JRT.txt 2014-08-25 16:50 - 2014-08-25 16:50 - 00000000 ____D () C:\Windows\ERUNT 2014-08-25 16:48 - 2014-08-25 16:48 - 01016261 _____ (Thisisu) C:\Users\Windows7\Downloads\JRT.exe 2014-08-25 16:14 - 2012-04-18 01:35 - 01753408 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-25 16:13 - 2012-06-05 19:12 - 00078440 _____ () C:\Windows\PFRO.log 2014-08-25 16:11 - 2014-08-25 15:34 - 00000000 ____D () C:\AdwCleaner 2014-08-25 15:31 - 2014-08-25 15:30 - 01364531 _____ () C:\Users\Windows7\Downloads\AdwCleaner.exe 2014-08-25 15:04 - 2014-08-25 14:54 - 00033702 _____ () C:\Users\Windows7\Downloads\Addition.txt 2014-08-25 14:48 - 2014-08-25 14:48 - 01095168 _____ (Farbar) C:\Users\Windows7\Downloads\FRST.exe 2014-08-25 13:26 - 2012-06-26 00:09 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000Core.job 2014-08-25 13:12 - 2014-08-24 15:32 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-24 16:39 - 2012-12-18 18:31 - 00000000 ___HD () C:\Toolwiz 2014-08-24 15:32 - 2014-08-24 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-24 15:32 - 2014-08-24 15:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-08-24 15:32 - 2012-05-06 23:53 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-24 15:32 - 2012-05-06 23:53 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Malwarebytes 2014-08-24 15:31 - 2012-05-06 23:53 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-24 15:31 - 2012-05-06 23:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-08-17 22:35 - 2012-06-26 00:16 - 00002390 _____ () C:\Users\Windows7\Desktop\Google Chrome.lnk 2014-08-17 22:06 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-08-14 20:20 - 2012-03-14 07:41 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-08-14 20:18 - 2013-08-23 10:49 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-14 20:11 - 2009-10-14 16:57 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-08-03 12:04 - 2012-03-14 07:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-08-01 06:16 - 2014-08-13 20:19 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-29 12:26 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-26 21:01 - 2012-11-29 22:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-26 16:06 - 2012-11-29 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight Some content of TEMP: ==================== C:\Users\Windows7\AppData\Local\Temp\GUR6F74.exe C:\Users\Windows7\AppData\Local\Temp\GUR7177.exe C:\Users\Windows7\AppData\Local\Temp\GUR7290.exe C:\Users\Windows7\AppData\Local\Temp\install_flashplayer14x32au_mssd_aaa_aih.exe C:\Users\Windows7\AppData\Local\Temp\install_flashplayer14x32_mssd_aaa_aih.exe C:\Users\Windows7\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-21 23:00 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version:24-08-2014 03 Ran by Windows7 at 2014-08-25 17:42:33 Running from C:\Users\Windows7\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: COMODO Antivirus (Enabled - Up to date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: COMODO Antivirus (Enabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275} FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS3 (HKLM\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated) Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated) Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden Belarc Advisor 8.3 (HKLM\...\Belarc Advisor) (Version: 8.3.0.0 - Belarc Inc.) CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform) Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO) COMODO Internet Security (HKLM\...\{0E9AFD45-C3BA-41D1-B54B-495A22CB3409}) (Version: 6.0.64131.2674 - COMODO Security Solutions Inc.) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version: - Microsoft) GeekBuddy (HKLM\...\{E21161DD-05A2-42ED-A0EC-9C1393F51A64}) (Version: 4.2.39 - Comodo Security Solutions Inc) Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.) IncredibleCharts Pro (HKLM\...\{134959C1-E63F-11D5-87EF-444553540000}_is1) (Version: - Vizhon Corporation) Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.14.8.1075 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation) Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - ) Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden K-Lite Codec Pack 8.1.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.1.0 - ) Launch Manager (HKLM\...\LManager) (Version: 5.1.7 - Acer Inc.) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6374 - Realtek Semiconductor Corp.) Skype™ 6.1 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.) System Requirements Lab for Intel (HKLM\...\{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}) (Version: 4.5.11.0 - Husdawg, LLC) Toolwiz TimeFreeze (HKLM\...\Toolwiz TimeFreeze) (Version: 1.9.5.0 - Toolwiz TimeFreeze Installer) Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Chrome\Application\36.0.1985.143\delegate_execute.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.129\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{7F902AD4-FC6A-4B2F-8B8D-B6DD4E329B76}\InprocServer32 -> C:\Users\Windows7\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~1.DLL No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{A0359AE6-F410-4425-A975-684AAB785ABD}\InprocServer32 -> C:\Users\Windows7\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAB~1.DLL No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 09:04 - 2009-06-11 04:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {00DC7E16-89B5-4245-9B3C-6C8BFD9704F0} - System32\Tasks\{FD68C697-2D0B-4B1B-B90C-57A604C43B3B} => C:\Program Files\IncredibleCharts\IncredibleCharts.exe [2013-02-12] (Vizhon Corporation) Task: {0387B9D1-4E60-4643-91BE-005386E45D04} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-17] (COMODO) Task: {095DE48F-38F7-434B-8BFB-AECF9580BB5A} - System32\Tasks\{BDDCD7BA-A5CE-4631-9CF1-5ABAAFE1EF0A} => Chrome.exe Task: {0976758C-BA74-4A39-8C94-43BDF43F78C9} - System32\Tasks\{196824D3-2774-489E-9CDA-A8776FED4F57} => C:\Users\Windows7\Downloads\chromeinstall-6u31.exe Task: {377BF363-EDEF-4F60-A1E5-418668CB39AE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000UA => C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-26] (Google Inc.) Task: {3AED34C0-BAA0-4756-B52F-1FDD8922BBEF} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-17] (COMODO) Task: {3D162033-352F-4F51-9629-946D9F6F2278} - System32\Tasks\{02564FEB-EF2F-4A1F-AC7B-1BE691A9D7BC} => C:\Program Files\Webcam Surveyor\WebcamSurveyor.exe Task: {48EAD3B8-50FA-495E-9686-486CBD891161} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1019755614-1115449502-2846687370-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {582D04C5-CDE0-4F59-B70B-4A30EF176035} - System32\Tasks\{7C8D1434-9E9D-49D5-A17B-8AB9CB2FAF24} => C:\Users\Windows7\Downloads\chromeinstall-6u31.exe Task: {7B8B5B16-772B-4B01-9C03-D8442BC2C828} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000Core => C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-26] (Google Inc.) Task: {7D5F454B-F1AA-41F4-850E-4F226CC03EC2} - System32\Tasks\{AAAF41DC-AB2B-4569-9118-08E94B73BD40} => C:\Users\Windows7\Downloads\chromeinstall-6u31.exe Task: {898EB11A-A09D-4F46-8C8F-C3DF97A7B81C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-19] (Adobe Systems Incorporated) Task: {95E4C016-0E35-450C-BBD2-0C7C32AE7AFF} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-17] (COMODO) Task: {9C0AF01A-7B65-44C0-9563-E45B5E5128CF} - System32\Tasks\{30069AE9-1E89-4A1F-93DA-0CE78FCB7233} => C:\Program Files\Comodo\COMODO Internet Security\virtkiosk.exe [2014-03-26] (COMODO) Task: {A8AADD31-41C7-47DA-B30A-1007826EBC64} - System32\Tasks\{0EA6EEA9-4464-4AB3-B4CD-4FAF9CC119E2} => C:\Program Files\Webcam Surveyor\WebcamSurveyor.exe Task: {B9BA3E9C-5954-46D8-A373-ED58D6E7BE8D} - System32\Tasks\{9F56BFF6-D0F1-459D-9779-C5058C852F94} => C:\Program Files\Webcam Surveyor\WebcamSurveyor.exe Task: {C09229A0-CFB6-4001-895B-421E86799355} - System32\Tasks\{83A23A5C-F9E5-41AF-A2C0-DCFA00FD1AC7} => Chrome.exe Task: {C5A8F035-1000-4879-8221-BA38667C7017} - System32\Tasks\{70EAC6C4-59D4-4F6D-8F4E-1DF4189D7A93} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-03-26] (COMODO) Task: {E74166DF-5B13-4C42-9E25-892765ED0361} - System32\Tasks\{F61B268C-4825-4742-A897-480626F3DE01} => C:\Program Files\Webcam Surveyor\WebcamSurveyor.exe Task: {F70655EE-809E-457E-B3C0-48E7434BFCCF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1019755614-1115449502-2846687370-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {F73A1D73-80E4-4F3D-99AD-489C12A21289} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-17] (COMODO) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AutoKMS.job => ? Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000Core.job => C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000UA.job => C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-05-21 17:22 - 2014-05-21 17:22 - 02135232 _____ () C:\Program Files\Comodo\Dragon\dragon_updater.exe 2012-12-14 20:46 - 2013-04-16 00:39 - 00070352 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2012-04-15 14:53 - 2014-08-03 12:04 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-08-17 21:34 - 2014-08-17 21:34 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\97d6b17ed342f72bdf559a51f37ca929\IsdiInterop.ni.dll 2012-03-13 08:25 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5547042D AlternateDataStreams: C:\ProgramData\TEMP:A1D3FEF0 AlternateDataStreams: C:\ProgramData\TEMP:ADE16379 AlternateDataStreams: C:\ProgramData\TEMP:B881EAB4 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: defragsvc => 3 MSCONFIG\Services: GeekBuddyRSP => 2 MSCONFIG\Services: Live Updater Service => 2 MSCONFIG\Services: MpsSvc => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: WinDefend => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: GfxServiceInstall => C:\Windows\system32\GfxCUIServiceInstall.vbs MSCONFIG\startupreg: Google Update => "C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: LManager => C:\Program Files\Launch Manager\LManager.exe MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: PrivDogService => "C:\Program Files\AdTrustMedia\PrivDog\1.7.0.12\trustedadssvc.exe" MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: Toolwiz TimeFreeze => "C:\Program Files\Toolwiz TimeFreeze\ToolwizTimeFreezeGUI.exe" -autorun ==================== Faulty Device Manager Devices ============= Name: SBRE Description: SBRE Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: SBRE Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (08/25/2014 05:40:33 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST.exe version 24.8.2014.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 5e4 Start Time: 01cfc050b6a7297a Termination Time: 15 Application Path: C:\Users\Windows7\Downloads\FRST.exe Report Id: 2c6a20d0-2c44-11e4-9c81-047d7b506afe System errors: ============= Error: (08/25/2014 05:34:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom SBRE Microsoft Office Sessions: ========================= Error: (08/25/2014 05:40:33 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: FRST.exe24.8.2014.35e401cfc050b6a7297a15C:\Users\Windows7\Downloads\FRST.exe2c6a20d0-2c44-11e4-9c81-047d7b506afe CodeIntegrity Errors: =================================== Date: 2013-05-10 11:51:26.256 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard32.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Atom CPU N2800 @ 1.86GHz Percentage of memory in use: 51% Total physical RAM: 2036.3 MB Available physical RAM: 983.45 MB Total Pagefile: 6108.9 MB Available Pagefile: 4892.77 MB Total Virtual: 2047.88 MB Available Virtual: 1930.98 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:100 GB) (Free:66.05 GB) NTFS Drive d: () (Fixed) (Total:197.99 GB) (Free:195.9 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 92128D69) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=198 GB) - (Type=07 NTFS) ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.