FRST scan with Addition scan below it. Thanks. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-08-2014 03 Ran by Windows7 (administrator) on WINDOWS7-PC0451 on 25-08-2014 17:41:03 Running from C:\Users\Windows7\Downloads Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Comodo Security Solutions Inc.) C:\Program Files\Common Files\Comodo\launcher_service.exe (COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files\Comodo\Dragon\dragon_updater.exe (Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe (COMODO) C:\Program Files\Comodo\COMODO Internet Security\cistray.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (COMODO) C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe (COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1225944 2014-03-26] (COMODO) HKLM\...\Run: [tvncontrol] => "C:\Program Files\Common Files\Comodo\tvnserver.exe" -controlservice -slave HKLM\...\Run: [GfxServiceInstall] => C:\Windows\system32\GfxCUIServiceInstall.vbs [131 2011-12-13] () HKU\S-1-5-21-1019755614-1115449502-2846687370-1000\...\Run: [Google Update] => C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-26] (Google Inc.) HKU\S-1-5-21-1019755614-1115449502-2846687370-1000\...\MountPoints2: {254a8ba5-6d27-11e1-88a1-806e6f6e6963} - E:\DistinguishOS.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.msn.iplay.com/?o=shp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3ACF29619115CD01 BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 172.16.251.77 Tcpip\..\Interfaces\{069CFF82-4582-4A00-8B4B-8B1A96EEC289}: [NameServer] 156.154.70.22,156.154.71.22 Tcpip\..\Interfaces\{20E49E18-726A-45BB-ADC3-0B0F9817C16A}: [NameServer] 156.154.70.22,156.154.71.22 FireFox: ======== FF ProfilePath: C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\myvh82o2.default-1354460765415 FF Homepage: https://encrypted.google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: PrivDog - C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\myvh82o2.default-1354460765415\Extensions\PrivDog@AdTrustMedia.com [2014-06-20] Chrome: ======= CHR HomePage: https://encrypted.google.com/ CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26] CHR Extension: (Google Wallet) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-29] CHR StartMenuInternet: Google Chrome - C:\Users\Windows7\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed] R2 CLPSLauncher; C:\Program Files\Common Files\Comodo\launcher_service.exe [70352 2012-11-01] (Comodo Security Solutions Inc.) R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-17] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-26] (COMODO) R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] () S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-03-14] (Macrovision Europe Ltd.) [File not signed] S4 GeekBuddyRSP; C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe [1467088 2012-10-31] (Comodo Security Solutions, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BTOWSFF; C:\Windows\system32\Drivers\BTOWSFF.sys [26432 2012-12-18] (Toolwiz.com) R0 BTOWSVF; C:\Windows\System32\Drivers\BTOWSVF.sys [49856 2012-12-18] (Toolwiz.com) R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2012-12-04] (Windows ® Win 7 DDK provider) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2014-04-17] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [607168 2014-04-17] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2014-04-17] (COMODO) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [92656 2014-04-17] (COMODO) R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [254056 2011-05-30] (Realtek Semiconductor Corp.) S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-25 17:19 - 2014-08-25 17:19 - 00001641 _____ () C:\Users\Windows7\Desktop\JRT.txt 2014-08-25 16:50 - 2014-08-25 16:50 - 00000000 ____D () C:\Windows\ERUNT 2014-08-25 16:48 - 2014-08-25 16:48 - 01016261 _____ (Thisisu) C:\Users\Windows7\Downloads\JRT.exe 2014-08-25 15:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-08-25 15:34 - 2014-08-25 16:11 - 00000000 ____D () C:\AdwCleaner 2014-08-25 15:30 - 2014-08-25 15:31 - 01364531 _____ () C:\Users\Windows7\Downloads\AdwCleaner.exe 2014-08-25 14:54 - 2014-08-25 15:04 - 00033702 _____ () C:\Users\Windows7\Downloads\Addition.txt 2014-08-25 14:52 - 2014-08-25 17:41 - 00009242 _____ () C:\Users\Windows7\Downloads\FRST.txt 2014-08-25 14:50 - 2014-08-25 17:41 - 00000000 ____D () C:\FRST 2014-08-25 14:48 - 2014-08-25 14:48 - 01095168 _____ (Farbar) C:\Users\Windows7\Downloads\FRST.exe 2014-08-25 12:10 - 2014-05-14 23:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-25 12:10 - 2014-05-14 23:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-25 12:10 - 2014-05-14 23:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-25 12:10 - 2014-05-14 23:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-25 12:09 - 2014-05-14 23:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-25 12:09 - 2014-05-14 23:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-25 12:09 - 2014-05-14 23:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-25 12:09 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-25 12:09 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-24 15:32 - 2014-08-25 13:12 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-24 15:32 - 2014-08-24 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-24 15:31 - 2014-08-24 15:32 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-08-24 15:31 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-24 15:31 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-14 20:05 - 2014-07-01 05:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-14 20:05 - 2014-03-10 04:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-14 20:04 - 2014-06-06 13:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-14 20:04 - 2014-03-10 04:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-13 20:20 - 2014-07-14 08:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-13 20:20 - 2014-06-16 08:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-13 20:20 - 2014-06-16 08:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2014-08-13 20:20 - 2014-06-16 08:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-08-13 20:19 - 2014-08-01 06:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-13 20:19 - 2014-07-25 20:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-13 20:19 - 2014-07-25 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-13 20:19 - 2014-07-25 20:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-13 20:19 - 2014-07-25 19:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-13 20:19 - 2014-07-25 19:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-13 20:19 - 2014-07-25 19:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-13 20:19 - 2014-07-25 19:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-13 20:19 - 2014-07-25 19:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-13 20:19 - 2014-07-25 19:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-13 20:19 - 2014-07-25 19:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-13 20:19 - 2014-07-25 19:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-13 20:19 - 2014-07-25 19:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-13 20:19 - 2014-07-25 19:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-13 20:19 - 2014-07-25 19:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-13 20:19 - 2014-07-25 19:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-13 20:19 - 2014-07-25 18:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-13 20:19 - 2014-07-25 18:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-13 20:19 - 2014-07-25 18:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-13 20:19 - 2014-07-25 18:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-13 20:19 - 2014-07-25 18:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-13 20:19 - 2014-07-25 18:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-13 20:19 - 2014-07-25 18:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-13 20:19 - 2014-07-25 18:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-13 20:19 - 2014-07-25 18:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-13 20:19 - 2014-07-25 18:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-13 20:19 - 2014-07-25 18:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-13 20:19 - 2014-07-25 17:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-13 20:19 - 2014-07-25 17:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-13 20:19 - 2014-07-25 17:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-13 20:16 - 2014-07-16 09:47 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-13 20:16 - 2014-07-16 09:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-13 20:16 - 2014-07-16 08:47 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-13 20:16 - 2014-06-03 16:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-13 20:16 - 2014-06-03 16:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-13 20:16 - 2014-06-03 16:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-13 20:16 - 2014-06-03 16:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-13 20:14 - 2014-07-09 08:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-08-13 20:14 - 2014-07-09 08:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-08-13 20:14 - 2014-07-09 08:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-08-13 20:14 - 2014-07-09 08:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-08-13 20:14 - 2014-07-09 08:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-08-13 20:14 - 2014-07-09 05:30 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-08-13 20:14 - 2014-06-25 08:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-25 17:41 - 2014-08-25 14:52 - 00009242 _____ () C:\Users\Windows7\Downloads\FRST.txt 2014-08-25 17:41 - 2014-08-25 14:50 - 00000000 ____D () C:\FRST 2014-08-25 17:40 - 2009-07-14 11:34 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-25 17:40 - 2009-07-14 11:34 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-25 17:37 - 2012-04-09 14:56 - 01992579 _____ () C:\Windows\WindowsUpdate.log 2014-08-25 17:34 - 2012-04-26 13:04 - 00121903 _____ () C:\Windows\setupact.log 2014-08-25 17:34 - 2009-07-14 11:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-25 17:33 - 2012-12-19 21:11 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat 2014-08-25 17:26 - 2012-06-26 00:09 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000UA.job 2014-08-25 17:19 - 2014-08-25 17:19 - 00001641 _____ () C:\Users\Windows7\Desktop\JRT.txt 2014-08-25 16:50 - 2014-08-25 16:50 - 00000000 ____D () C:\Windows\ERUNT 2014-08-25 16:48 - 2014-08-25 16:48 - 01016261 _____ (Thisisu) C:\Users\Windows7\Downloads\JRT.exe 2014-08-25 16:14 - 2012-04-18 01:35 - 01753408 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-25 16:13 - 2012-06-05 19:12 - 00078440 _____ () C:\Windows\PFRO.log 2014-08-25 16:11 - 2014-08-25 15:34 - 00000000 ____D () C:\AdwCleaner 2014-08-25 15:31 - 2014-08-25 15:30 - 01364531 _____ () C:\Users\Windows7\Downloads\AdwCleaner.exe 2014-08-25 15:04 - 2014-08-25 14:54 - 00033702 _____ () C:\Users\Windows7\Downloads\Addition.txt 2014-08-25 14:48 - 2014-08-25 14:48 - 01095168 _____ (Farbar) C:\Users\Windows7\Downloads\FRST.exe 2014-08-25 13:26 - 2012-06-26 00:09 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000Core.job 2014-08-25 13:12 - 2014-08-24 15:32 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-24 16:39 - 2012-12-18 18:31 - 00000000 ___HD () C:\Toolwiz 2014-08-24 15:32 - 2014-08-24 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-24 15:32 - 2014-08-24 15:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-08-24 15:32 - 2012-05-06 23:53 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-24 15:32 - 2012-05-06 23:53 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Malwarebytes 2014-08-24 15:31 - 2012-05-06 23:53 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-24 15:31 - 2012-05-06 23:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-08-17 22:35 - 2012-06-26 00:16 - 00002390 _____ () C:\Users\Windows7\Desktop\Google Chrome.lnk 2014-08-17 22:06 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-08-14 20:20 - 2012-03-14 07:41 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-08-14 20:18 - 2013-08-23 10:49 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-14 20:11 - 2009-10-14 16:57 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-08-03 12:04 - 2012-03-14 07:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-08-01 06:16 - 2014-08-13 20:19 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-29 12:26 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-26 21:01 - 2012-11-29 22:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-26 16:06 - 2012-11-29 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight Some content of TEMP: ==================== C:\Users\Windows7\AppData\Local\Temp\GUR6F74.exe C:\Users\Windows7\AppData\Local\Temp\GUR7177.exe C:\Users\Windows7\AppData\Local\Temp\GUR7290.exe C:\Users\Windows7\AppData\Local\Temp\install_flashplayer14x32au_mssd_aaa_aih.exe C:\Users\Windows7\AppData\Local\Temp\install_flashplayer14x32_mssd_aaa_aih.exe C:\Users\Windows7\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-21 23:00 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version:24-08-2014 03 Ran by Windows7 at 2014-08-25 17:42:33 Running from C:\Users\Windows7\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: COMODO Antivirus (Enabled - Up to date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: COMODO Antivirus (Enabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275} FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS3 (HKLM\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated) Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated) Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden Belarc Advisor 8.3 (HKLM\...\Belarc Advisor) (Version: 8.3.0.0 - Belarc Inc.) CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform) Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO) COMODO Internet Security (HKLM\...\{0E9AFD45-C3BA-41D1-B54B-495A22CB3409}) (Version: 6.0.64131.2674 - COMODO Security Solutions Inc.) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version: - Microsoft) GeekBuddy (HKLM\...\{E21161DD-05A2-42ED-A0EC-9C1393F51A64}) (Version: 4.2.39 - Comodo Security Solutions Inc) Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.) IncredibleCharts Pro (HKLM\...\{134959C1-E63F-11D5-87EF-444553540000}_is1) (Version: - Vizhon Corporation) Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.14.8.1075 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation) Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - ) Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden K-Lite Codec Pack 8.1.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.1.0 - ) Launch Manager (HKLM\...\LManager) (Version: 5.1.7 - Acer Inc.) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6374 - Realtek Semiconductor Corp.) Skype™ 6.1 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.) System Requirements Lab for Intel (HKLM\...\{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}) (Version: 4.5.11.0 - Husdawg, LLC) Toolwiz TimeFreeze (HKLM\...\Toolwiz TimeFreeze) (Version: 1.9.5.0 - Toolwiz TimeFreeze Installer) Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Chrome\Application\36.0.1985.143\delegate_execute.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.129\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{7F902AD4-FC6A-4B2F-8B8D-B6DD4E329B76}\InprocServer32 -> C:\Users\Windows7\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~1.DLL No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{A0359AE6-F410-4425-A975-684AAB785ABD}\InprocServer32 -> C:\Users\Windows7\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAB~1.DLL No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 09:04 - 2009-06-11 04:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {00DC7E16-89B5-4245-9B3C-6C8BFD9704F0} - System32\Tasks\{FD68C697-2D0B-4B1B-B90C-57A604C43B3B} => C:\Program Files\IncredibleCharts\IncredibleCharts.exe [2013-02-12] (Vizhon Corporation) Task: {0387B9D1-4E60-4643-91BE-005386E45D04} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-17] (COMODO) Task: {095DE48F-38F7-434B-8BFB-AECF9580BB5A} - System32\Tasks\{BDDCD7BA-A5CE-4631-9CF1-5ABAAFE1EF0A} => Chrome.exe Task: {0976758C-BA74-4A39-8C94-43BDF43F78C9} - System32\Tasks\{196824D3-2774-489E-9CDA-A8776FED4F57} => C:\Users\Windows7\Downloads\chromeinstall-6u31.exe Task: {377BF363-EDEF-4F60-A1E5-418668CB39AE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000UA => C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-26] (Google Inc.) Task: {3AED34C0-BAA0-4756-B52F-1FDD8922BBEF} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-17] (COMODO) Task: {3D162033-352F-4F51-9629-946D9F6F2278} - System32\Tasks\{02564FEB-EF2F-4A1F-AC7B-1BE691A9D7BC} => C:\Program Files\Webcam Surveyor\WebcamSurveyor.exe Task: {48EAD3B8-50FA-495E-9686-486CBD891161} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1019755614-1115449502-2846687370-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {582D04C5-CDE0-4F59-B70B-4A30EF176035} - System32\Tasks\{7C8D1434-9E9D-49D5-A17B-8AB9CB2FAF24} => C:\Users\Windows7\Downloads\chromeinstall-6u31.exe Task: {7B8B5B16-772B-4B01-9C03-D8442BC2C828} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000Core => C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-26] (Google Inc.) Task: {7D5F454B-F1AA-41F4-850E-4F226CC03EC2} - System32\Tasks\{AAAF41DC-AB2B-4569-9118-08E94B73BD40} => C:\Users\Windows7\Downloads\chromeinstall-6u31.exe Task: {898EB11A-A09D-4F46-8C8F-C3DF97A7B81C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-19] (Adobe Systems Incorporated) Task: {95E4C016-0E35-450C-BBD2-0C7C32AE7AFF} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-17] (COMODO) Task: {9C0AF01A-7B65-44C0-9563-E45B5E5128CF} - System32\Tasks\{30069AE9-1E89-4A1F-93DA-0CE78FCB7233} => C:\Program Files\Comodo\COMODO Internet Security\virtkiosk.exe [2014-03-26] (COMODO) Task: {A8AADD31-41C7-47DA-B30A-1007826EBC64} - System32\Tasks\{0EA6EEA9-4464-4AB3-B4CD-4FAF9CC119E2} => C:\Program Files\Webcam Surveyor\WebcamSurveyor.exe Task: {B9BA3E9C-5954-46D8-A373-ED58D6E7BE8D} - System32\Tasks\{9F56BFF6-D0F1-459D-9779-C5058C852F94} => C:\Program Files\Webcam Surveyor\WebcamSurveyor.exe Task: {C09229A0-CFB6-4001-895B-421E86799355} - System32\Tasks\{83A23A5C-F9E5-41AF-A2C0-DCFA00FD1AC7} => Chrome.exe Task: {C5A8F035-1000-4879-8221-BA38667C7017} - System32\Tasks\{70EAC6C4-59D4-4F6D-8F4E-1DF4189D7A93} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-03-26] (COMODO) Task: {E74166DF-5B13-4C42-9E25-892765ED0361} - System32\Tasks\{F61B268C-4825-4742-A897-480626F3DE01} => C:\Program Files\Webcam Surveyor\WebcamSurveyor.exe Task: {F70655EE-809E-457E-B3C0-48E7434BFCCF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1019755614-1115449502-2846687370-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {F73A1D73-80E4-4F3D-99AD-489C12A21289} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-17] (COMODO) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AutoKMS.job => ? Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000Core.job => C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000UA.job => C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-05-21 17:22 - 2014-05-21 17:22 - 02135232 _____ () C:\Program Files\Comodo\Dragon\dragon_updater.exe 2012-12-14 20:46 - 2013-04-16 00:39 - 00070352 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2012-04-15 14:53 - 2014-08-03 12:04 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-08-17 21:34 - 2014-08-17 21:34 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\97d6b17ed342f72bdf559a51f37ca929\IsdiInterop.ni.dll 2012-03-13 08:25 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5547042D AlternateDataStreams: C:\ProgramData\TEMP:A1D3FEF0 AlternateDataStreams: C:\ProgramData\TEMP:ADE16379 AlternateDataStreams: C:\ProgramData\TEMP:B881EAB4 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: defragsvc => 3 MSCONFIG\Services: GeekBuddyRSP => 2 MSCONFIG\Services: Live Updater Service => 2 MSCONFIG\Services: MpsSvc => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: WinDefend => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: GfxServiceInstall => C:\Windows\system32\GfxCUIServiceInstall.vbs MSCONFIG\startupreg: Google Update => "C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: LManager => C:\Program Files\Launch Manager\LManager.exe MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: PrivDogService => "C:\Program Files\AdTrustMedia\PrivDog\1.7.0.12\trustedadssvc.exe" MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: Toolwiz TimeFreeze => "C:\Program Files\Toolwiz TimeFreeze\ToolwizTimeFreezeGUI.exe" -autorun ==================== Faulty Device Manager Devices ============= Name: SBRE Description: SBRE Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: SBRE Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (08/25/2014 05:40:33 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST.exe version 24.8.2014.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 5e4 Start Time: 01cfc050b6a7297a Termination Time: 15 Application Path: C:\Users\Windows7\Downloads\FRST.exe Report Id: 2c6a20d0-2c44-11e4-9c81-047d7b506afe System errors: ============= Error: (08/25/2014 05:34:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom SBRE Microsoft Office Sessions: ========================= Error: (08/25/2014 05:40:33 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: FRST.exe24.8.2014.35e401cfc050b6a7297a15C:\Users\Windows7\Downloads\FRST.exe2c6a20d0-2c44-11e4-9c81-047d7b506afe CodeIntegrity Errors: =================================== Date: 2013-05-10 11:51:26.256 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard32.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Atom CPU N2800 @ 1.86GHz Percentage of memory in use: 51% Total physical RAM: 2036.3 MB Available physical RAM: 983.45 MB Total Pagefile: 6108.9 MB Available Pagefile: 4892.77 MB Total Virtual: 2047.88 MB Available Virtual: 1930.98 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:100 GB) (Free:66.05 GB) NTFS Drive d: () (Fixed) (Total:197.99 GB) (Free:195.9 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 92128D69) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=198 GB) - (Type=07 NTFS) ==================== End Of Log ============================