Jump to content

BSOD Stop 1E and Stop 0A after install 2.0.1.1004 Win7 x64


Recommended Posts

I ran the MBAM Clean rebooted and reinstalled 2.0.1.1004 Pro but disabled the auto load on Windows so that the app does not autimatically start due to the BSOD problem

 

Here is the FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)

Ran by admin (administrator) on ADMIN-PC on 08-04-2014 17:24:13

Running from C:\Users\admin\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe

(Hewlett-Packard) C:\Windows\system32\Hpservice.exe

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(CrashPlan) C:\Program Files (x86)\CrashPlan\CrashPlanService.exe

(Fork Ltd.) C:\Hawk\platform\windows\cronsvc.exe

() C:\Program Files (x86)\D-Link\DWA-160\ANIWConnService.exe

(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

() C:\Program Files\Ditto\Ditto.exe

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

(Akamai Technologies, Inc.) C:\Users\admin\AppData\Local\Akamai\netsession_win.exe

(Code 42 Software, Inc.) C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe

(Hyperionics Technology LLC) C:\Program Files\FileBX\FileBX.exe

(Akamai Technologies, Inc.) C:\Users\admin\AppData\Local\Akamai\netsession_win.exe

( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe

(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-160\AirNCFG.exe

(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

() C:\Program Files\FileBX\Fbx32helper.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

(mIRC Co. Ltd.) C:\Users\admin\Desktop\mirc\mirc.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1814312 2009-08-15] (Synaptics Incorporated)

HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-08-25] ()

HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2013-04-19] (IDT, Inc.)

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-20] (Logitech, Inc.)

HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [4144944 2013-02-14] (ESET)

HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [358200 2010-12-11] (Acronis)

HKLM-x32\...\Run: [HPCam_Menu] - c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)

HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)

HKLM-x32\...\Run: [] - [X]

HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [AirPort Base Station Agent] - C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)

HKLM-x32\...\Run: [D-Link D-Link Wireless N Dual Band DWA-160 ] - C:\Program Files (x86)\D-Link\DWA-160\AirNCFG.exe [1041728 2010-09-08] (D-Link Corp.)

HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5111464 2010-12-11] (Acronis)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION

HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION

HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION

HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION

HKLM Group Policy restriction on software: *‮* <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION

HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.png.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION

HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION

HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %localappdata%\akamai\admintool.exe <====== ATTENTION

HKLM Group Policy restriction on software: %localappdata%\akamai\uninstall.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\temp\sandboxieinstall.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\akamai\installer_no_upload_silent.exe <====== ATTENTION

HKLM Group Policy restriction on software: %localappdata%\temp\googleupdatesetup.exe985b80a <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\lastpass\wlandecrypt.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\akamai\controlpanel.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\akamai\admintool.exe <====== ATTENTION

HKLM Group Policy restriction on software: %localappdata%\akamai\rswinui.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\temp\googleupdatesetup.exe985b80a <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\lastpass\wlandecrypt.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\akamai\netsession_win.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\lastpass\wlandecrypt.exe <====== ATTENTION

HKLM Group Policy restriction on software: %localappdata%\akamai\installer_no_upload_silent.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\akamai\rswinui.exe <====== ATTENTION

HKLM Group Policy restriction on software: %localappdata%\temp\sandboxieinstall.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\akamai\uninstall.exe <====== ATTENTION

HKLM Group Policy restriction on software: %localappdata%\akamai\controlpanel.exe <====== ATTENTION

HKLM Group Policy restriction on software: %localappdata%\akamai\netsession_win.exe <====== ATTENTION

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-21-208884388-1864371658-2360693057-1000\...\Run: [Ditto] - C:\Program Files\Ditto\Ditto.exe [1717872 2012-11-08] ()

HKU\S-1-5-21-208884388-1864371658-2360693057-1000\...\Run: [sandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)

HKU\S-1-5-21-208884388-1864371658-2360693057-1000\...\Run: [Google Update] - C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-05-14] (Google Inc.)

HKU\S-1-5-21-208884388-1864371658-2360693057-1000\...\Run: [Akamai NetSession Interface] - C:\Users\admin\AppData\Local\Akamai\netsession_win.exe [4672920 2014-03-06] (Akamai Technologies, Inc.)

HKU\S-1-5-21-208884388-1864371658-2360693057-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Ditto] - C:\Program Files\Ditto\Ditto.exe [1717872 2012-11-08] ()

HKU\S-1-5-21-208884388-1864371658-2360693057-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [sandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)

HKU\S-1-5-21-208884388-1864371658-2360693057-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] - C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-05-14] (Google Inc.)

HKU\S-1-5-21-208884388-1864371658-2360693057-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] - C:\Users\admin\AppData\Local\Akamai\netsession_win.exe [4672920 2014-03-06] (Akamai Technologies, Inc.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM - {0D5ADB1A-DC96-49C2-8B08-1D8855570667} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - {0D5ADB1A-DC96-49C2-8B08-1D8855570667} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl

SearchScopes: HKCU - {0D5ADB1A-DC96-49C2-8B08-1D8855570667} URL = 

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)

BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)

BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)

Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg

FF Homepage: about:home

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\admin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\admin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\admin\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\admin\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF Extension: Flash Video Downloader - Full HD Download - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\artur.dubovoy@gmail.com [2014-03-21]

FF Extension: Pocket - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\isreaditlater@ideashower.com [2013-09-19]

FF Extension: Hola Unblocker - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-04-03]

FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\staged [2014-04-03]

FF Extension: LastPass - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\support@lastpass.com [2014-03-21]

FF Extension: Forecastfox - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013-09-16]

FF Extension: Nightly Tester Tools - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29} [2013-12-10]

FF Extension: Diigo Toolbar - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} [2013-09-16]

FF Extension: Add-on Compatibility Reporter - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\compatibility@addons.mozilla.org.xpi [2013-09-16]

FF Extension: Cutyfox URL Shortener - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\cutyfox@apps.metzweb.net.xpi [2013-09-16]

FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\elemhidehelper@adblockplus.org.xpi [2013-09-16]

FF Extension: feedly - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\feedly@devhd.xpi [2013-09-16]

FF Extension: DuckDuckGo Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013-09-16]

FF Extension: Test Pilot - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\testpilot@labs.mozilla.com.xpi [2013-09-16]

FF Extension: Stylish - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013-09-16]

FF Extension: NoScript - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-09-16]

FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-16]

FF Extension: Tab Mix Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-09-16]

FF Extension: Greasemonkey - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-09-16]

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-11]

FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-04-21]

FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird

FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2013-09-04]

 

Chrome: 

=======

CHR HomePage: about:blank

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File

CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File

CHR Extension: (Google Translate) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-04-19]

CHR Extension: (TooManyTabs for Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2013-04-14]

CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-14]

CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-14]

CHR Extension: (URLShortener) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\appbcbjpnlfggijahjcomlodcdmnpeej [2013-04-14]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-04-02]

CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-14]

CHR Extension: (Adblock Plus) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-02]

CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-14]

CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-20]

CHR Extension: (Hola Better Internet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-04-14]

CHR Extension: (TweetDeck by Twitter) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2014-03-10]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-03-22]

CHR Extension: (Keep My Opt-Outs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe [2013-04-14]

CHR Extension: (Disconnect Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2013-10-07]

CHR Extension: (Forecastfox) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg [2013-04-14]

CHR Extension: (Disconnect) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2013-08-09]

CHR Extension: (FVD Downloader) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-04-02]

CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-04-14]

CHR Extension: (FreshStart - Cross Browser Session Manager) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb [2013-04-14]

CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-07-16]

CHR Extension: (Personal Blocklist (by Google)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2013-04-14]

CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2013-04-14]

CHR Extension: (Evernote Web Clipper) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-03-22]

CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-14]

CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-04-21]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [89600 2013-04-19] (Andrea Electronics Corporation)

R2 CrashPlanService; C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [152576 2013-02-21] (CrashPlan)

R2 CronService; C:\Hawk\platform\windows\cronsvc.exe [23552 2013-05-08] (Fork Ltd.)

R2 D-Link Wireless N Dual Band DWA-160 _WPS; C:\Program Files (x86)\D-Link\DWA-160\ANIWConnService.exe [53248 2010-07-12] ()

S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [40888 2013-02-14] (ESET)

R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1020304 2013-02-14] (ESET)

S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [190208 2013-02-14] (ESET)

R4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()

R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)

R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe [247808 2013-04-19] (IDT, Inc.)

 

==================== Drivers (Whitelisted) ====================

 

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-28] ()

R3 Darusb_win7x; C:\Windows\System32\DRIVERS\Darusb_win7x.sys [786432 2010-07-12] (Atheros Communications, Inc.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [217000 2013-02-04] (ESET)

U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [183016 2013-04-09] (ESET)

R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [153200 2013-02-04] (ESET)

R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.)

R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [141304 2013-02-04] (ESET)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-08] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)

S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()

S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-02] (Realtek Semiconductor Corp.)

R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)

U4 eabfiltr; 

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-04-08 17:19 - 2014-04-08 17:19 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-08 17:19 - 2014-04-08 17:19 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-08 17:18 - 2014-04-08 17:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-08 17:18 - 2014-04-08 17:18 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-08 17:18 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-08 17:18 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-08 17:18 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-08 12:30 - 2014-03-30 20:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-08 12:30 - 2014-03-30 20:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-08 12:30 - 2014-03-30 19:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-08 12:30 - 2014-03-30 18:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-08 12:30 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-04-08 12:30 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2014-04-08 12:30 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2014-04-08 12:30 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2014-04-08 12:30 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2014-04-08 12:30 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2014-04-08 12:30 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-08 12:30 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2014-04-08 12:30 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2014-04-08 12:30 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2014-04-08 12:30 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2014-04-07 12:49 - 2014-04-07 12:49 - 00277888 _____ () C:\Windows\Minidump\040714-24757-01.dmp

2014-04-06 20:52 - 2014-04-06 20:52 - 00315392 _____ (Malwarebytes Corporation) C:\Users\admin\Downloads\mbam-clean-2.0.2.0.exe

2014-04-06 13:58 - 2014-04-06 13:59 - 00055080 _____ () C:\Users\admin\Downloads\Addition.txt

2014-04-06 13:57 - 2014-04-08 17:24 - 00042277 _____ () C:\Users\admin\Downloads\FRST.txt

2014-04-06 13:57 - 2014-04-08 17:24 - 00000000 ____D () C:\FRST

2014-04-06 13:55 - 2014-04-06 13:55 - 02157056 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe

2014-04-06 13:54 - 2014-04-06 13:55 - 01673896 _____ (Malwarebytes Corporation) C:\Users\admin\Downloads\mbam-check-2.1.0.0002.exe

2014-04-06 13:38 - 2014-04-06 13:38 - 00277832 _____ () C:\Windows\Minidump\040614-18720-01.dmp

2014-04-05 19:03 - 2014-04-07 12:49 - 511655497 _____ () C:\Windows\MEMORY.DMP

2014-04-05 19:03 - 2014-04-07 12:49 - 00000000 ____D () C:\Windows\Minidump

2014-04-05 19:03 - 2014-04-05 19:03 - 00277832 _____ () C:\Windows\Minidump\040514-21793-01.dmp

2014-04-05 18:55 - 2014-04-05 18:56 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\admin\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-03 18:53 - 2014-04-03 18:53 - 00000000 ____D () C:\TC2000

2014-04-01 20:23 - 2014-04-01 20:23 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Template

2014-04-01 20:23 - 2014-04-01 20:23 - 00000000 _____ () C:\Users\admin\AppData\Roaming\wklnhst.dat

2014-03-28 12:22 - 2014-04-08 16:27 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-208884388-1864371658-2360693057-1000UA1cf4aaa444517ca.job

2014-03-28 12:22 - 2014-03-28 12:22 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-208884388-1864371658-2360693057-1000UA1cf4aaa444517ca

2014-03-22 18:44 - 2014-03-22 18:44 - 00002062 _____ () C:\Users\Public\Desktop\GetDataBack Simple.lnk

2014-03-22 18:43 - 2014-03-22 18:43 - 00000000 ____D () C:\Program Files (x86)\Runtime Software

2014-03-22 18:41 - 2014-03-22 18:41 - 05667920 _____ () C:\Users\admin\Downloads\gdbsimsetup.exe

2014-03-21 18:19 - 2014-03-21 18:19 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-03-21 18:18 - 2014-03-21 18:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-03-21 18:18 - 2014-03-21 18:18 - 00000000 ____D () C:\Program Files\iTunes

2014-03-21 18:18 - 2014-03-21 18:18 - 00000000 ____D () C:\Program Files\iPod

2014-03-21 18:18 - 2014-03-21 18:18 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-03-13 18:13 - 2014-03-13 18:13 - 03346215 _____ () C:\Users\admin\Downloads\xyplorer_full.zip

2014-03-11 12:57 - 2014-03-01 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-03-11 12:57 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-03-11 12:57 - 2014-02-28 23:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-03-11 12:57 - 2014-02-28 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-03-11 12:57 - 2014-02-28 23:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-03-11 12:57 - 2014-02-28 23:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-03-11 12:57 - 2014-02-28 23:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-03-11 12:57 - 2014-02-28 23:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-03-11 12:57 - 2014-02-28 23:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-03-11 12:57 - 2014-02-28 23:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-03-11 12:57 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-03-11 12:57 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-03-11 12:57 - 2014-02-28 22:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-03-11 12:57 - 2014-02-28 22:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-03-11 12:57 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-03-11 12:57 - 2014-02-28 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-03-11 12:57 - 2014-02-28 22:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-03-11 12:57 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-03-11 12:57 - 2014-02-28 22:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-03-11 12:57 - 2014-02-28 22:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-03-11 12:57 - 2014-02-28 22:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-03-11 12:57 - 2014-02-28 22:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-03-11 12:57 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-03-11 12:57 - 2014-02-28 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-03-11 12:57 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-03-11 12:57 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-03-11 12:57 - 2014-02-28 22:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-03-11 12:57 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-03-11 12:57 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-03-11 12:57 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-03-11 12:57 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-03-11 12:57 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-03-11 12:56 - 2014-02-28 23:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-03-11 12:56 - 2014-02-28 23:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-03-11 12:56 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-03-11 12:56 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-03-11 12:56 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-03-11 12:56 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-03-11 12:56 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-03-11 12:56 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2014-03-11 12:56 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

 

==================== One Month Modified Files and Folders =======

 

2014-04-08 17:24 - 2014-04-06 13:57 - 00042277 _____ () C:\Users\admin\Downloads\FRST.txt

2014-04-08 17:24 - 2014-04-06 13:57 - 00000000 ____D () C:\FRST

2014-04-08 17:24 - 2013-04-14 11:13 - 00000000 ____D () C:\Users\admin\Desktop\mirc

2014-04-08 17:23 - 2009-07-13 23:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-08 17:23 - 2009-07-13 23:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-08 17:21 - 2010-02-28 04:20 - 01306839 _____ () C:\Windows\WindowsUpdate.log

2014-04-08 17:21 - 2009-07-14 00:13 - 00785786 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-08 17:20 - 2013-04-16 18:46 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Ditto

2014-04-08 17:19 - 2014-04-08 17:19 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-08 17:19 - 2014-04-08 17:19 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-08 17:19 - 2014-04-08 17:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-08 17:18 - 2014-04-08 17:18 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-08 17:15 - 2013-07-07 18:04 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat

2014-04-08 17:15 - 2013-04-14 02:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-08 17:15 - 2010-02-28 04:23 - 00333800 _____ () C:\Windows\PFRO.log

2014-04-08 17:15 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-08 17:15 - 2009-07-13 23:51 - 00051404 _____ () C:\Windows\setupact.log

2014-04-08 17:10 - 2013-04-16 12:24 - 00000000 ____D () C:\Program Files (x86)\CrashPlan

2014-04-08 16:55 - 2013-09-18 12:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-08 16:34 - 2014-02-11 11:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2749862c9ab6.job

2014-04-08 16:27 - 2014-03-28 12:22 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-208884388-1864371658-2360693057-1000UA1cf4aaa444517ca.job

2014-04-08 13:17 - 2013-04-14 11:30 - 00000000 ____D () C:\Users\admin\AppData\Roaming\vlc

2014-04-08 12:37 - 2010-01-10 23:34 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-04-08 12:36 - 2013-04-14 15:24 - 00000039 _____ () C:\Windows\vbaddin.ini

2014-04-08 12:32 - 2013-07-21 11:49 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-08 12:32 - 2013-04-14 03:48 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-04-08 12:27 - 2013-05-26 14:09 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-208884388-1864371658-2360693057-1000Core.job

2014-04-08 12:24 - 2013-05-26 14:10 - 00002376 _____ () C:\Users\admin\Desktop\Google Chrome Canary.lnk

2014-04-07 21:51 - 2013-04-14 11:24 - 00000000 ____D () C:\Users\admin\AppData\Local\Deployment

2014-04-07 21:43 - 2013-05-07 12:59 - 00001680 _____ () C:\Windows\Sandboxie.ini

2014-04-07 12:49 - 2014-04-07 12:49 - 00277888 _____ () C:\Windows\Minidump\040714-24757-01.dmp

2014-04-07 12:49 - 2014-04-05 19:03 - 511655497 _____ () C:\Windows\MEMORY.DMP

2014-04-07 12:49 - 2014-04-05 19:03 - 00000000 ____D () C:\Windows\Minidump

2014-04-06 20:52 - 2014-04-06 20:52 - 00315392 _____ (Malwarebytes Corporation) C:\Users\admin\Downloads\mbam-clean-2.0.2.0.exe

2014-04-06 13:59 - 2014-04-06 13:58 - 00055080 _____ () C:\Users\admin\Downloads\Addition.txt

2014-04-06 13:55 - 2014-04-06 13:55 - 02157056 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe

2014-04-06 13:55 - 2014-04-06 13:54 - 01673896 _____ (Malwarebytes Corporation) C:\Users\admin\Downloads\mbam-check-2.1.0.0002.exe

2014-04-06 13:38 - 2014-04-06 13:38 - 00277832 _____ () C:\Windows\Minidump\040614-18720-01.dmp

2014-04-05 19:03 - 2014-04-05 19:03 - 00277832 _____ () C:\Windows\Minidump\040514-21793-01.dmp

2014-04-05 18:56 - 2014-04-05 18:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\admin\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-03 18:53 - 2014-04-03 18:53 - 00000000 ____D () C:\TC2000

2014-04-03 17:29 - 2014-02-11 11:51 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf2749862c9ab6

2014-04-03 17:29 - 2013-04-14 02:40 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-04-03 09:51 - 2014-04-08 17:18 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:51 - 2014-04-08 17:18 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2014-04-08 17:18 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-02 17:52 - 2013-05-27 18:00 - 00000000 ____D () C:\Users\admin\AppData\Local\Akamai

2014-04-01 20:23 - 2014-04-01 20:23 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Template

2014-04-01 20:23 - 2014-04-01 20:23 - 00000000 _____ () C:\Users\admin\AppData\Roaming\wklnhst.dat

2014-04-01 20:23 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-03-31 17:52 - 2013-05-17 17:57 - 00000000 ____D () C:\Users\admin\AppData\Local\Citrix

2014-03-30 20:16 - 2014-04-08 12:30 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-30 20:13 - 2014-04-08 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-30 19:13 - 2014-04-08 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-30 18:57 - 2014-04-08 12:30 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-28 17:26 - 2013-12-15 15:43 - 00001090 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk

2014-03-28 12:22 - 2014-03-28 12:22 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-208884388-1864371658-2360693057-1000UA1cf4aaa444517ca

2014-03-28 12:22 - 2013-05-26 14:09 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-208884388-1864371658-2360693057-1000Core

2014-03-22 18:44 - 2014-03-22 18:44 - 00002062 _____ () C:\Users\Public\Desktop\GetDataBack Simple.lnk

2014-03-22 18:43 - 2014-03-22 18:43 - 00000000 ____D () C:\Program Files (x86)\Runtime Software

2014-03-22 18:41 - 2014-03-22 18:41 - 05667920 _____ () C:\Users\admin\Downloads\gdbsimsetup.exe

2014-03-21 18:19 - 2014-03-21 18:19 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-03-21 18:18 - 2014-03-21 18:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-03-21 18:18 - 2014-03-21 18:18 - 00000000 ____D () C:\Program Files\iTunes

2014-03-21 18:18 - 2014-03-21 18:18 - 00000000 ____D () C:\Program Files\iPod

2014-03-21 18:18 - 2014-03-21 18:18 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-03-19 12:22 - 2013-04-14 03:04 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Mozilla

2014-03-16 17:27 - 2013-04-19 19:03 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForadmin

2014-03-16 17:27 - 2013-04-19 19:03 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForadmin.job

2014-03-15 13:39 - 2013-04-14 02:41 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-03-13 18:14 - 2013-04-14 13:49 - 00000000 ____D () C:\Users\admin\AppData\Roaming\XYplorer

2014-03-13 18:13 - 2014-03-13 18:13 - 03346215 _____ () C:\Users\admin\Downloads\xyplorer_full.zip

2014-03-12 17:55 - 2013-09-18 12:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-03-12 17:28 - 2013-12-10 16:55 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2014-03-12 17:28 - 2013-04-14 03:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-03-12 17:28 - 2013-04-14 03:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-03-11 13:12 - 2013-04-14 15:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-11 13:12 - 2013-04-14 15:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-03-11 13:12 - 2009-07-13 23:45 - 00437208 _____ () C:\Windows\system32\FNTCACHE.DAT

 

Files to move or delete:

====================

C:\Users\admin\UserData2.dat

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-03-30 15:11

 

==================== End Of Log ============================

Link to post
Share on other sites

This problem seems to be related to use TrueCrypt to mount a encrypted drive and then have Malwarebytes start up its automatic daily scan. I had a TrueCrypt volume mounted when MBAM started is daily scan, Within a couple of mins the computer BSOD on me with I believe a Stop 1E. I rebooted the computer and this time I did not mount the TrueCrypt volume, performed a scan of the system and no BSOD, This is a major problem for me since I use TrueCrypt daily to allow access to sensitive information. MBAM 1.7 did not exhibit this problem.

Link to post
Share on other sites

  • Root Admin

Sorry for the delay.  Most helpers will not look at a post that has more than 1 reply.  When you replied that pretty much sealed the deal that you would not get a reply until I review older posts.
 
Anyways... Please make a new Recovery Point just in case. Also please note and read the information about backups.

Backup Software
 
We are supposed to support TrueCrypt drives and I've not seen a BSOD from others with this so I'm thinking maybe either the Cryptolocker GPO you have in place or some other security software may be the cause and to track it down we may need to reverse some of this to see what's really causing it if you want to spend the time and effort involved to do this.
 
The issue is almost certainly the Anti-Rootkit driver and one normally would not need to run it more than once anyways but in your computers current state you cannot even run it once which is what we need to find out why.  If you want to take the time to work on this further please let me know and let's start out with a new set of FRST logs.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.

 

Thanks

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014

Ran by admin (administrator) on ADMIN-PC on 15-04-2014 20:03:32

Running from C:\Users\admin\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe

(Hewlett-Packard) C:\Windows\system32\Hpservice.exe

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Fork Ltd.) C:\Hawk\platform\windows\cronsvc.exe

() C:\Program Files (x86)\D-Link\DWA-160\ANIWConnService.exe

(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(mIRC Co. Ltd.) C:\Users\admin\Desktop\mirc\mirc.exe

(Pixel Tucker Pty Ltd) C:\Users\admin\AppData\Local\Apps\2.0\0H4LTHWJ.783\G7RO7L4H.93H\metr..tion_89233686fad4c081_0001.0002_ea17dec1c6cb85eb\MetroTwitLoop.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe

(Hyperionics Technology LLC) C:\Program Files\FileBX\FileBX.exe

() C:\Program Files\FileBX\Fbx32helper.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [igfxTray] => C:\Windows\system32\igfxtray.exe [166424 2009-10-24] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [390168 2009-10-24] (Intel Corporation)

HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [408600 2009-10-24] (Intel Corporation)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1814312 2009-08-15] (Synaptics Incorporated)

HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-08-25] ()

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2013-04-19] (IDT, Inc.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-20] (Logitech, Inc.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [4144944 2013-02-14] (ESET)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [358200 2010-12-11] (Acronis)

HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)

HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)

HKLM-x32\...\Run: [D-Link D-Link Wireless N Dual Band DWA-160 ] => C:\Program Files (x86)\D-Link\DWA-160\AirNCFG.exe [1041728 2010-09-08] (D-Link Corp.)

HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5111464 2010-12-11] (Acronis)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION

HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION

HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION

HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION

HKLM Group Policy restriction on software: *‮* <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION

HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.png.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION

HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION

HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %localappdata%\akamai\admintool.exe <====== ATTENTION

HKLM Group Policy restriction on software: %localappdata%\akamai\uninstall.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\temp\sandboxieinstall.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\akamai\installer_no_upload_silent.exe <====== ATTENTION

HKLM Group Policy restriction on software: %localappdata%\temp\googleupdatesetup.exe985b80a <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\lastpass\wlandecrypt.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\akamai\controlpanel.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\akamai\admintool.exe <====== ATTENTION

HKLM Group Policy restriction on software: %localappdata%\akamai\rswinui.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\temp\googleupdatesetup.exe985b80a <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\lastpass\wlandecrypt.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\akamai\netsession_win.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\lastpass\wlandecrypt.exe <====== ATTENTION

HKLM Group Policy restriction on software: %localappdata%\akamai\installer_no_upload_silent.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\akamai\rswinui.exe <====== ATTENTION

HKLM Group Policy restriction on software: %localappdata%\temp\sandboxieinstall.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\akamai\uninstall.exe <====== ATTENTION

HKLM Group Policy restriction on software: %localappdata%\akamai\controlpanel.exe <====== ATTENTION

HKLM Group Policy restriction on software: %localappdata%\akamai\netsession_win.exe <====== ATTENTION

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-19\...\Run: [sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)

HKU\S-1-5-20\...\Run: [sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)

HKU\S-1-5-21-208884388-1864371658-2360693057-1000\...\Run: [Ditto] => C:\Program Files\Ditto\Ditto.exe [1717872 2012-11-08] ()

HKU\S-1-5-21-208884388-1864371658-2360693057-1000\...\Run: [sandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)

HKU\S-1-5-21-208884388-1864371658-2360693057-1000\...\Run: [Google Update] => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-05-14] (Google Inc.)

HKU\S-1-5-21-208884388-1864371658-2360693057-1000\...\Run: [Akamai NetSession Interface] => C:\Users\admin\AppData\Local\Akamai\netsession_win.exe [4672920 2014-03-06] (Akamai Technologies, Inc.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM - {0D5ADB1A-DC96-49C2-8B08-1D8855570667} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - {0D5ADB1A-DC96-49C2-8B08-1D8855570667} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl

SearchScopes: HKCU - {0D5ADB1A-DC96-49C2-8B08-1D8855570667} URL = 

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)

BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)

BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)

Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg

FF Homepage: about:home

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\admin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\admin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\admin\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\admin\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF Extension: Flash Video Downloader - Full HD Download - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\artur.dubovoy@gmail.com [2014-03-21]

FF Extension: Pocket - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\isreaditlater@ideashower.com [2013-09-19]

FF Extension: Hola Unblocker - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-04-03]

FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\staged [2014-04-03]

FF Extension: LastPass - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\support@lastpass.com [2014-03-21]

FF Extension: Forecastfox - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013-09-16]

FF Extension: Nightly Tester Tools - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29} [2013-12-10]

FF Extension: Diigo Toolbar - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} [2013-09-16]

FF Extension: Add-on Compatibility Reporter - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\compatibility@addons.mozilla.org.xpi [2013-09-16]

FF Extension: Cutyfox URL Shortener - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\cutyfox@apps.metzweb.net.xpi [2013-09-16]

FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\elemhidehelper@adblockplus.org.xpi [2013-09-16]

FF Extension: feedly - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\feedly@devhd.xpi [2013-09-16]

FF Extension: DuckDuckGo Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013-09-16]

FF Extension: Test Pilot - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\testpilot@labs.mozilla.com.xpi [2013-09-16]

FF Extension: Stylish - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013-09-16]

FF Extension: NoScript - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-09-16]

FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-16]

FF Extension: Tab Mix Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-09-16]

FF Extension: Greasemonkey - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hf3cl69f.greg\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-09-16]

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-11]

FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-04-21]

FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird

FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2013-09-04]

 

Chrome: 

=======

CHR HomePage: about:blank

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File

CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File

CHR Extension: (Google Translate) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-04-19]

CHR Extension: (TooManyTabs for Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2013-04-14]

CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-14]

CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-14]

CHR Extension: (URLShortener) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\appbcbjpnlfggijahjcomlodcdmnpeej [2013-04-14]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-04-02]

CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-14]

CHR Extension: (Adblock Plus) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-02]

CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-14]

CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-20]

CHR Extension: (Hola Better Internet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-04-14]

CHR Extension: (TweetDeck by Twitter) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2014-03-10]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-03-22]

CHR Extension: (Keep My Opt-Outs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe [2013-04-14]

CHR Extension: (Disconnect Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2013-10-07]

CHR Extension: (Forecastfox) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg [2013-04-14]

CHR Extension: (Disconnect) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2013-08-09]

CHR Extension: (FVD Downloader) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-04-02]

CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-04-14]

CHR Extension: (FreshStart - Cross Browser Session Manager) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb [2013-04-14]

CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-07-16]

CHR Extension: (Personal Blocklist (by Google)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2013-04-14]

CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2013-04-14]

CHR Extension: (Evernote Web Clipper) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-03-22]

CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-14]

CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-04-21]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [89600 2013-04-19] (Andrea Electronics Corporation)

R2 CronService; C:\Hawk\platform\windows\cronsvc.exe [23552 2013-05-08] (Fork Ltd.)

R2 D-Link Wireless N Dual Band DWA-160 _WPS; C:\Program Files (x86)\D-Link\DWA-160\ANIWConnService.exe [53248 2010-07-12] ()

S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [40888 2013-02-14] (ESET)

R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1020304 2013-02-14] (ESET)

S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [190208 2013-02-14] (ESET)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()

R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)

R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe [247808 2013-04-19] (IDT, Inc.)

 

==================== Drivers (Whitelisted) ====================

 

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-28] ()

S3 Darusb_win7x; C:\Windows\System32\DRIVERS\Darusb_win7x.sys [786432 2010-07-12] (Atheros Communications, Inc.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [217000 2013-02-04] (ESET)

U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [183016 2013-04-09] (ESET)

R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [153200 2013-02-04] (ESET)

R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.)

R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [141304 2013-02-04] (ESET)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-15] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)

S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()

S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-02] (Realtek Semiconductor Corp.)

R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)

S1 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

U4 eabfiltr; 

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-04-15 20:03 - 2014-04-15 20:03 - 00000000 ____D () C:\Users\admin\Downloads\FRST-OlderVersion

2014-04-13 18:04 - 2014-04-13 18:05 - 03398247 _____ () C:\Users\admin\Downloads\xyplorer_full.zip

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ___SD () C:\Users\admin\Documents\My Shapes

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\TC2000

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\StockFinder5

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\Snagit Stamps

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\Snagit

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\PDF files

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\PassMark

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\Outlook Files

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\OneNote Notebooks

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\My Tresors

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\MDownloader

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\MailStore Home

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\FinePrint files

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\Fax

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\blip_data

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\Adobe

2014-04-12 18:57 - 2013-05-19 14:17 - 00002058 ____H () C:\Users\admin\Documents\Default.rdp

2014-04-12 18:57 - 2013-02-14 18:34 - 01415824 _____ (ESET) C:\Users\admin\Documents\eset_nod32_antivirus_live_installer (1).exe

2014-04-12 18:57 - 2013-02-06 19:03 - 00013854 _____ () C:\Users\admin\Documents\holLaunchPadOnline.application

2014-04-12 18:57 - 2013-01-25 19:22 - 00001089 _____ () C:\Users\admin\Documents\Info.txt

2014-04-12 18:57 - 2012-10-12 14:00 - 00000130 _____ () C:\Users\admin\Documents\twittv.ini

2014-04-12 18:57 - 2012-09-17 15:36 - 00161204 _____ () C:\Users\admin\Documents\Com.cfgx

2014-04-12 18:57 - 2012-02-23 22:18 - 00000026 ____H () C:\Users\admin\Documents\.picasa.ini

2014-04-12 18:57 - 2012-01-12 20:29 - 00000124 _____ () C:\Users\admin\Documents\TweetDeckSettings.txt

2014-04-12 18:57 - 2011-11-05 22:12 - 00000036 _____ () C:\Users\admin\Documents\GoogleSync.txt

2014-04-12 18:57 - 2011-11-05 22:05 - 00000247 _____ () C:\Users\admin\Documents\IRC_OPfilter.txt

2014-04-12 18:57 - 2011-10-01 15:08 - 00000055 _____ () C:\Users\admin\Documents\AutoCompColon.mrc

2014-04-12 18:57 - 2011-08-13 20:49 - 00002973 _____ () C:\Users\admin\Documents\IRCMacros.txt

2014-04-12 18:57 - 2011-08-04 14:24 - 00000000 _____ () C:\Users\admin\Documents\TestFile.txt

2014-04-12 18:57 - 2011-07-12 18:13 - 00001802 _____ () C:\Users\admin\Documents\TwitServerInfo.txt

2014-04-12 18:57 - 2011-04-24 15:20 - 00000338 _____ () C:\Users\admin\Documents\Aida64Key.txt

2014-04-12 18:57 - 2010-11-02 21:37 - 00001124 _____ () C:\Users\admin\Documents\RegistryBKU.reg

2014-04-12 18:57 - 2010-11-01 20:53 - 00001366 _____ () C:\Users\admin\Documents\blip.aup

2014-04-12 18:57 - 2010-11-01 19:08 - 00404589 _____ () C:\Users\admin\Documents\Untitled (3).wma

2014-04-12 18:57 - 2010-11-01 19:07 - 00355199 _____ () C:\Users\admin\Documents\Untitled (2).wma

2014-04-12 18:57 - 2010-10-30 19:32 - 00000292 _____ () C:\Users\admin\Documents\TextPad License.txt

2014-04-12 18:57 - 2010-10-06 21:34 - 00130699 _____ () C:\Users\admin\Documents\Untitled.wma

2014-04-12 18:57 - 2010-09-01 21:39 - 00001002 _____ () C:\Users\admin\Documents\MTS_Pvr Problem.txt

2014-04-12 18:57 - 2010-08-09 12:04 - 00003919 _____ () C:\Users\admin\Documents\Roger.ns1

2014-04-12 18:57 - 2010-08-05 21:13 - 00045056 _____ () C:\Users\admin\Documents\FPYield.xls

2014-04-12 18:57 - 2010-08-05 21:13 - 00045056 _____ () C:\Users\admin\Documents\Book1.xls

2014-04-12 18:57 - 2010-08-02 12:39 - 00000597 _____ () C:\Users\admin\Documents\CriticalUpdate.txt

2014-04-12 18:57 - 2010-05-19 18:49 - 00000000 _____ () C:\Users\admin\Documents\New Text Document.txt

2014-04-12 18:57 - 2010-05-04 18:44 - 00000371 _____ () C:\Users\admin\Documents\Stuff.txt

2014-04-12 18:57 - 2010-04-28 18:40 - 01726908 _____ () C:\Users\admin\Documents\OASettings100428.OA

2014-04-12 18:57 - 2010-04-24 10:44 - 01337080 _____ () C:\Users\admin\Documents\test.xml

2014-04-12 18:24 - 2014-04-12 18:24 - 00277832 _____ () C:\Windows\Minidump\041214-26161-01.dmp

2014-04-11 12:24 - 2014-04-11 12:24 - 60696922 _____ () C:\Users\admin\Downloads\net-internals-log.json

2014-04-08 18:03 - 2014-04-08 18:04 - 00277888 _____ () C:\Windows\Minidump\040814-55239-01.dmp

2014-04-08 17:24 - 2014-03-06 03:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-04-08 17:24 - 2014-03-06 03:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-04-08 17:24 - 2014-03-06 03:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-04-08 17:24 - 2014-03-06 02:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-04-08 17:23 - 2014-03-06 05:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-08 17:23 - 2014-03-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-08 17:23 - 2014-03-06 04:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-04-08 17:23 - 2014-03-06 04:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-08 17:23 - 2014-03-06 03:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-04-08 17:23 - 2014-03-06 03:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-04-08 17:23 - 2014-03-06 03:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-04-08 17:23 - 2014-03-06 03:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-04-08 17:23 - 2014-03-06 03:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-04-08 17:23 - 2014-03-06 03:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-08 17:23 - 2014-03-06 03:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-04-08 17:23 - 2014-03-06 03:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-04-08 17:23 - 2014-03-06 03:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-04-08 17:23 - 2014-03-06 03:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-04-08 17:23 - 2014-03-06 03:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-04-08 17:23 - 2014-03-06 03:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-04-08 17:23 - 2014-03-06 03:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-04-08 17:23 - 2014-03-06 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-04-08 17:23 - 2014-03-06 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-04-08 17:23 - 2014-03-06 02:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-04-08 17:23 - 2014-03-06 02:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-04-08 17:23 - 2014-03-06 02:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-04-08 17:23 - 2014-03-06 02:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-04-08 17:23 - 2014-03-06 02:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-04-08 17:23 - 2014-03-06 02:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-04-08 17:23 - 2014-03-06 02:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-04-08 17:23 - 2014-03-06 02:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-04-08 17:23 - 2014-03-06 02:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-04-08 17:23 - 2014-03-06 02:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-04-08 17:23 - 2014-03-06 02:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-04-08 17:23 - 2014-03-06 02:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-04-08 17:23 - 2014-03-06 02:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-04-08 17:23 - 2014-03-06 02:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-04-08 17:23 - 2014-03-06 02:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-04-08 17:23 - 2014-03-06 01:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-04-08 17:23 - 2014-03-06 01:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-04-08 17:23 - 2014-03-06 01:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-04-08 17:23 - 2014-03-06 01:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-04-08 17:23 - 2014-03-06 01:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-04-08 17:23 - 2014-03-06 00:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-04-08 17:23 - 2014-03-06 00:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-04-08 17:23 - 2014-03-06 00:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-04-08 17:23 - 2014-03-06 00:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-04-08 17:23 - 2014-03-06 00:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-04-08 17:19 - 2014-04-15 15:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-08 17:19 - 2014-04-08 17:19 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-08 17:18 - 2014-04-08 17:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-08 17:18 - 2014-04-08 17:18 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-08 17:18 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-08 17:18 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-08 17:18 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-08 12:30 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-04-08 12:30 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2014-04-08 12:30 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2014-04-08 12:30 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2014-04-08 12:30 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2014-04-08 12:30 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2014-04-08 12:30 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-08 12:30 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2014-04-08 12:30 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2014-04-08 12:30 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2014-04-08 12:30 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2014-04-07 12:49 - 2014-04-07 12:49 - 00277888 _____ () C:\Windows\Minidump\040714-24757-01.dmp

2014-04-06 20:52 - 2014-04-06 20:52 - 00315392 _____ (Malwarebytes Corporation) C:\Users\admin\Downloads\mbam-clean-2.0.2.0.exe

2014-04-06 13:58 - 2014-04-06 13:59 - 00055080 _____ () C:\Users\admin\Downloads\Addition.txt

2014-04-06 13:57 - 2014-04-15 20:03 - 00042201 _____ () C:\Users\admin\Downloads\FRST.txt

2014-04-06 13:57 - 2014-04-15 20:03 - 00000000 ____D () C:\FRST

2014-04-06 13:55 - 2014-04-15 20:03 - 02054144 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe

2014-04-06 13:54 - 2014-04-06 13:55 - 01673896 _____ (Malwarebytes Corporation) C:\Users\admin\Downloads\mbam-check-2.1.0.0002.exe

2014-04-06 13:38 - 2014-04-06 13:38 - 00277832 _____ () C:\Windows\Minidump\040614-18720-01.dmp

2014-04-05 19:03 - 2014-04-12 18:24 - 455081489 _____ () C:\Windows\MEMORY.DMP

2014-04-05 19:03 - 2014-04-12 18:24 - 00000000 ____D () C:\Windows\Minidump

2014-04-05 19:03 - 2014-04-05 19:03 - 00277832 _____ () C:\Windows\Minidump\040514-21793-01.dmp

2014-04-05 18:55 - 2014-04-05 18:56 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\admin\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-03 18:53 - 2014-04-03 18:53 - 00000000 ____D () C:\TC2000

2014-04-01 20:23 - 2014-04-01 20:23 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Template

2014-04-01 20:23 - 2014-04-01 20:23 - 00000000 _____ () C:\Users\admin\AppData\Roaming\wklnhst.dat

2014-03-28 12:22 - 2014-04-15 19:27 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-208884388-1864371658-2360693057-1000UA1cf4aaa444517ca.job

2014-03-28 12:22 - 2014-03-28 12:22 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-208884388-1864371658-2360693057-1000UA1cf4aaa444517ca

2014-03-22 18:44 - 2014-03-22 18:44 - 00002062 _____ () C:\Users\Public\Desktop\GetDataBack Simple.lnk

2014-03-22 18:43 - 2014-03-22 18:43 - 00000000 ____D () C:\Program Files (x86)\Runtime Software

2014-03-22 18:41 - 2014-03-22 18:41 - 05667920 _____ () C:\Users\admin\Downloads\gdbsimsetup.exe

2014-03-21 18:19 - 2014-03-21 18:19 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-03-21 18:18 - 2014-03-21 18:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-03-21 18:18 - 2014-03-21 18:18 - 00000000 ____D () C:\Program Files\iTunes

2014-03-21 18:18 - 2014-03-21 18:18 - 00000000 ____D () C:\Program Files\iPod

2014-03-21 18:18 - 2014-03-21 18:18 - 00000000 ____D () C:\Program Files (x86)\iTunes

 

==================== One Month Modified Files and Folders =======

 

2014-04-15 20:03 - 2014-04-15 20:03 - 00000000 ____D () C:\Users\admin\Downloads\FRST-OlderVersion

2014-04-15 20:03 - 2014-04-06 13:57 - 00042201 _____ () C:\Users\admin\Downloads\FRST.txt

2014-04-15 20:03 - 2014-04-06 13:57 - 00000000 ____D () C:\FRST

2014-04-15 20:03 - 2014-04-06 13:55 - 02054144 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe

2014-04-15 19:55 - 2013-09-18 12:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-15 19:34 - 2014-02-11 11:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2749862c9ab6.job

2014-04-15 19:27 - 2014-03-28 12:22 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-208884388-1864371658-2360693057-1000UA1cf4aaa444517ca.job

2014-04-15 19:21 - 2013-07-07 18:04 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat

2014-04-15 18:46 - 2013-04-14 11:30 - 00000000 ____D () C:\Users\admin\AppData\Roaming\vlc

2014-04-15 18:17 - 2013-04-14 13:49 - 00000000 ____D () C:\Users\admin\AppData\Roaming\XYplorer

2014-04-15 17:59 - 2013-04-14 11:13 - 00000000 ____D () C:\Users\admin\Desktop\mirc

2014-04-15 17:34 - 2013-04-14 02:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-15 17:28 - 2013-05-26 14:10 - 00002376 _____ () C:\Users\admin\Desktop\Google Chrome Canary.lnk

2014-04-15 17:27 - 2013-04-19 19:03 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForadmin

2014-04-15 17:27 - 2013-04-19 19:03 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForadmin.job

2014-04-15 15:57 - 2014-04-08 17:19 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-15 12:34 - 2010-02-28 04:20 - 01553849 _____ () C:\Windows\WindowsUpdate.log

2014-04-15 12:27 - 2013-05-26 14:09 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-208884388-1864371658-2360693057-1000Core.job

2014-04-14 12:24 - 2013-04-14 11:24 - 00000000 ____D () C:\Users\admin\AppData\Local\Deployment

2014-04-13 18:55 - 2013-04-16 18:46 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Ditto

2014-04-13 18:05 - 2014-04-13 18:04 - 03398247 _____ () C:\Users\admin\Downloads\xyplorer_full.zip

2014-04-12 19:01 - 2013-04-16 12:24 - 00000000 ____D () C:\ProgramData\CrashPlan

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ___SD () C:\Users\admin\Documents\My Shapes

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\TC2000

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\StockFinder5

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\Snagit Stamps

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\Snagit

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\PDF files

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\PassMark

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\Outlook Files

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\OneNote Notebooks

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\My Tresors

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\MDownloader

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\MailStore Home

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\FinePrint files

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\Fax

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\blip_data

2014-04-12 18:57 - 2014-04-12 18:57 - 00000000 ____D () C:\Users\admin\Documents\Adobe

2014-04-12 18:56 - 2013-04-14 01:23 - 00000000 ____D () C:\Users\admin

2014-04-12 18:31 - 2009-07-13 23:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-12 18:31 - 2009-07-13 23:45 - 00023024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-12 18:29 - 2009-07-14 00:13 - 00785786 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-12 18:24 - 2014-04-12 18:24 - 00277832 _____ () C:\Windows\Minidump\041214-26161-01.dmp

2014-04-12 18:24 - 2014-04-05 19:03 - 455081489 _____ () C:\Windows\MEMORY.DMP

2014-04-12 18:24 - 2014-04-05 19:03 - 00000000 ____D () C:\Windows\Minidump

2014-04-12 18:24 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-12 18:24 - 2009-07-13 23:51 - 00051572 _____ () C:\Windows\setupact.log

2014-04-12 14:15 - 2013-04-14 16:41 - 00000000 ____D () C:\Users\admin\AppData\Local\MetaGeek,_LLC

2014-04-11 12:24 - 2014-04-11 12:24 - 60696922 _____ () C:\Users\admin\Downloads\net-internals-log.json

2014-04-08 21:24 - 2013-04-14 02:41 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-04-08 19:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

2014-04-08 18:04 - 2014-04-08 18:03 - 00277888 _____ () C:\Windows\Minidump\040814-55239-01.dmp

2014-04-08 18:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-04-08 17:19 - 2014-04-08 17:19 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-08 17:19 - 2014-04-08 17:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-08 17:18 - 2014-04-08 17:18 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-08 17:15 - 2010-02-28 04:23 - 00333800 _____ () C:\Windows\PFRO.log

2014-04-08 12:37 - 2010-01-10 23:34 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-04-08 12:36 - 2013-07-21 11:49 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-08 12:36 - 2013-04-14 15:24 - 00000039 _____ () C:\Windows\vbaddin.ini

2014-04-08 12:32 - 2013-04-14 03:48 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-04-07 21:43 - 2013-05-07 12:59 - 00001680 _____ () C:\Windows\Sandboxie.ini

2014-04-07 12:49 - 2014-04-07 12:49 - 00277888 _____ () C:\Windows\Minidump\040714-24757-01.dmp

2014-04-06 20:52 - 2014-04-06 20:52 - 00315392 _____ (Malwarebytes Corporation) C:\Users\admin\Downloads\mbam-clean-2.0.2.0.exe

2014-04-06 13:59 - 2014-04-06 13:58 - 00055080 _____ () C:\Users\admin\Downloads\Addition.txt

2014-04-06 13:55 - 2014-04-06 13:54 - 01673896 _____ (Malwarebytes Corporation) C:\Users\admin\Downloads\mbam-check-2.1.0.0002.exe

2014-04-06 13:38 - 2014-04-06 13:38 - 00277832 _____ () C:\Windows\Minidump\040614-18720-01.dmp

2014-04-05 19:03 - 2014-04-05 19:03 - 00277832 _____ () C:\Windows\Minidump\040514-21793-01.dmp

2014-04-05 18:56 - 2014-04-05 18:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\admin\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-03 18:53 - 2014-04-03 18:53 - 00000000 ____D () C:\TC2000

2014-04-03 17:29 - 2014-02-11 11:51 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf2749862c9ab6

2014-04-03 17:29 - 2013-04-14 02:40 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-04-03 09:51 - 2014-04-08 17:18 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:51 - 2014-04-08 17:18 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2014-04-08 17:18 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-02 17:52 - 2013-05-27 18:00 - 00000000 ____D () C:\Users\admin\AppData\Local\Akamai

2014-04-01 20:23 - 2014-04-01 20:23 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Template

2014-04-01 20:23 - 2014-04-01 20:23 - 00000000 _____ () C:\Users\admin\AppData\Roaming\wklnhst.dat

2014-04-01 20:23 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-03-31 17:52 - 2013-05-17 17:57 - 00000000 ____D () C:\Users\admin\AppData\Local\Citrix

2014-03-28 17:26 - 2013-12-15 15:43 - 00001090 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk

2014-03-28 12:22 - 2014-03-28 12:22 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-208884388-1864371658-2360693057-1000UA1cf4aaa444517ca

2014-03-28 12:22 - 2013-05-26 14:09 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-208884388-1864371658-2360693057-1000Core

2014-03-22 18:44 - 2014-03-22 18:44 - 00002062 _____ () C:\Users\Public\Desktop\GetDataBack Simple.lnk

2014-03-22 18:43 - 2014-03-22 18:43 - 00000000 ____D () C:\Program Files (x86)\Runtime Software

2014-03-22 18:41 - 2014-03-22 18:41 - 05667920 _____ () C:\Users\admin\Downloads\gdbsimsetup.exe

2014-03-21 18:19 - 2014-03-21 18:19 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-03-21 18:18 - 2014-03-21 18:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-03-21 18:18 - 2014-03-21 18:18 - 00000000 ____D () C:\Program Files\iTunes

2014-03-21 18:18 - 2014-03-21 18:18 - 00000000 ____D () C:\Program Files\iPod

2014-03-21 18:18 - 2014-03-21 18:18 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-03-19 12:22 - 2013-04-14 03:04 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Mozilla

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-04-09 13:25

 

==================== End Of Log ============================

Link to post
Share on other sites

 

I have had to post these as separate posts as system complained that the post was too long. I made sure TrueCrypt had the volume mounted when Farbar app was run. I then dismounted the volume to prevent a BSOD

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014

Ran by admin at 2014-04-06 13:58:29

Running from C:\Users\admin\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}

AS: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

Acronis True Image Home (HKLM-x32\...\{67ED38A3-4882-448B-B44D-3428AB00D7D5}) (Version: 13.0.7154 - Acronis)

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)

Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)

AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)

Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)

Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)

Citrix Online Launcher (HKLM-x32\...\{B025BA0B-64A6-46DE-9D64-32965C83CCA9}) (Version: 1.0.179 - Citrix)

CrashPlan (HKLM-x32\...\{494C75CC-5353-44A2-88E5-EB12E5A73784}) (Version: 3.5.2 - CrashPlan)

CryptoPrevent v2.5.1 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)

CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)

CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2216 - CyberLink Corp.)

CyberLink DVD Suite (x32 Version: 7.0.2216 - CyberLink Corp.) Hidden

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)

Ditto (HKLM\...\Ditto_is1) (Version:  - Scott Brogden)

D-Link DWA-160  (HKLM-x32\...\{294A97F8-CC15-41F7-8718-CEE6B0C7D7E0}) (Version:  - D-Link Corporation)

Dropbox (HKCU\...\Dropbox) (Version: 2.0.8 - Dropbox, Inc.)

DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)

DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden

Ekahau HeatMapper (HKLM\...\Heatmapper-1.1.4.39795) (Version: 1.1.4.39795 - Ekahau Inc.)

ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)

eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

ESET Endpoint Antivirus (HKLM\...\{3187B3B0-3620-4459-A983-4403FC481420}) (Version: 5.0.2214.4 - ESET, spol. s r.o.)

ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)

Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version:  - )

Fences (HKLM-x32\...\Fences) (Version:  - Stardock Corporation)

Fences (Version: 1.0 - Stardock Corporation) Hidden

FileBox eXtender (HKLM-x32\...\FileBox eXtender) (Version:  - Hyperionics Technology LLC)

FileBox eXtender (Version: 2.1.0 - Hyperionics Technology LLC) Hidden

FinePrint (HKLM\...\FinePrint) (Version: 6.25 - FinePrint Software, LLC)

FlashFXP 4 (HKLM-x32\...\FlashFXP 4) (Version: 4.4.3.2031 - OpenSight Software LLC)

Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)

GetDataBack Simple (HKLM-x32\...\{D06B8000-52B4-4D0B-A003-DA83ED982B51}) (Version: 1.01.000 - Runtime Software)

Google Chrome (HKLM-x32\...\{037FADB6-2BF2-33F9-B7AA-6E48A4543749}) (Version: 65.96.32832 - Google, Inc.)

Google Chrome Canary (HKCU\...\Google Chrome SxS) (Version: 36.0.1928.2 - Google Inc.)

Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Talk Plugin (HKLM-x32\...\{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google)

Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden

Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)

HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)

HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)

HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3509 - Hewlett-Packard)

HP MediaSmart DVD (x32 Version: 3.1.3509 - Hewlett-Packard) Hidden

HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.1.2125 - Hewlett-Packard)

HP MediaSmart Internet TV (x32 Version: 3.1.2125 - Hewlett-Packard) Hidden

HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.1.2206 - Hewlett-Packard)

HP MediaSmart Live TV (x32 Version: 3.1.2206 - Hewlett-Packard) Hidden

HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3405 - Hewlett-Packard)

HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3405 - Hewlett-Packard) Hidden

HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)

HP MediaSmart Software Notebook Demo (HKLM-x32\...\{82A213BD-B6AA-4281-A2D3-59D51893CC56}) (Version: 1.00.0000 - Hewlett-Packard)

HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.2207 - Hewlett-Packard)

HP MediaSmart Webcam (x32 Version: 3.1.2207 - Hewlett-Packard) Hidden

HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.12.1 - Hewlett-Packard)

HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)

HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)

HP Smart Web Printing (x32 Version: 131.1.35898 - Hewlett-Packard) Hidden

HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)

HP User Guides 0154 (HKLM-x32\...\{B51605BF-6326-4553-AE96-6D7F1813D5F5}) (Version: 1.01.0001 - Hewlett-Packard)

HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6276.0 - IDT)

ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)

inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1968 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)

iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)

Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden

LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2215 - CyberLink Corp.)

LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.) Hidden

LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)

LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)

Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)

Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)

MetroTwit (HKCU\...\6d9570ab26892611) (Version: 1.2.0.0 - Pixel Tucker Pty Ltd)

MetroTwit Loop (HKCU\...\6ec97845f5fcfadf) (Version: 1.2.0.0 - Pixel Tucker Pty Ltd)

Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)

Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden

Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Visio 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Visio MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)

Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)

Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden

Mozilla Firefox 27.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0 (x86 en-US)) (Version: 27.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.2 - Notepad++ Team)

PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.1 - Tracker Software Products Ltd)

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3415 - CyberLink Corp.)

Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.) Hidden

PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3420 - CyberLink Corp.)

PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.) Hidden

QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden

Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden

Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)

SDK Debuggers (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

Snapshot (remove only) (HKLM-x32\...\Snapshot) (Version:  - )

StockFinder 5.0 (HKLM-x32\...\StockFinder 5) (Version: 5.0 - Worden Brothers, Inc.)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.0.3 - Synaptics Incorporated)

TC2000 (HKCU\...\2506488145.www.tc2000.com) (Version:  - www.tc2000.com)

TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27339 - TeamViewer)

TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)

Update for Microsoft .NET Framework 4.5 (KB2750147) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4.5 (KB2805221) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805221) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4.5 (KB2805226) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805226) (Version: 1 - Microsoft Corporation)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIOR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)

VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)

VNC Free Edition 4.1.3 (HKLM-x32\...\RealVNC_is1) (Version: 4.1.3 - RealVNC Ltd.)

Windows Software Development Kit EULA (x32 Version: 8.100.25984 - Microsoft Corporations) Hidden

Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{2fc72c67-2837-46c2-b20a-9acb0d3cb2b2}) (Version: 8.100.25984 - Microsoft Corporation)

WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

XYplorer 13.80 (HKLM-x32\...\XYplorer) (Version: 13.80 - Donald Lessau)

 

==================== Restore Points  =========================

 

18-03-2014 17:34:56 Windows Update

25-03-2014 23:02:24 Windows Update

02-04-2014 22:57:37 Windows Update

 

==================== Hosts content: ==========================

 

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {07E5D302-43CA-4E6E-A79D-D98433B9A5DC} - System32\Tasks\GoogleUpdateTaskMachineUA1cf2749862c9ab6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-14] (Google Inc.)

Task: {293D2180-0FC7-49D9-9FEC-ABC3DB65BFFD} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-10-07] (CL)

Task: {40BF6468-2A2E-4D0E-96BE-3533D72710F7} - System32\Tasks\HPCeeScheduleForadmin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)

Task: {49FC7892-A602-406F-8ADD-067BE9CCBC18} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-10-07] (CL)

Task: {574856A6-1573-427E-8B24-A22EB37EE1CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)

Task: {5E768D7F-2181-4777-92F9-F47CA5A2ABF7} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()

Task: {6851D131-C4D4-4D9F-B04A-C861B16850F0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-208884388-1864371658-2360693057-1000Core => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-14] (Google Inc.)

Task: {765D0CF7-FCF9-4610-A193-2C4777236F6A} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-06] (CyberLink)

Task: {7953ECC6-9934-4B94-94F7-1753B5112715} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-10-07] (CL)

Task: {7A23CE85-F6BF-4652-A8C4-0EA24C5C6820} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)

Task: {CF09930E-AA2F-4930-B0B0-26216AB18B81} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-14] (Google Inc.)

Task: {D149998C-C7E5-48CA-8B3E-38E3F36DC4CD} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

Task: {D8663C45-DFD2-4FB2-9CB6-A7AE8C3D735D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {E35C178B-B738-47A7-A21F-F2289D33E419} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-10-07] (CyberLink Corp.)

Task: {E5F60EA5-BCF4-4AFC-8E94-30A5421A35A3} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()

Task: {E8DDA143-8BE5-45E3-B116-F807A6BDE927} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-208884388-1864371658-2360693057-1000UA1cf4aaa444517ca => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-14] (Google Inc.)

Task: {F478557C-8C2D-4528-AB84-45BFF05AA000} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-04-16] (Microsoft)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2749862c9ab6.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-208884388-1864371658-2360693057-1000Core.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-208884388-1864371658-2360693057-1000UA1cf4aaa444517ca.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForadmin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-04-14 02:42 - 2012-10-04 19:49 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll

2014-02-06 22:14 - 2010-07-12 00:39 - 00053248 _____ () C:\Program Files (x86)\D-Link\DWA-160\ANIWConnService.exe

2010-01-11 00:34 - 2009-07-06 14:20 - 00247152 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2009-08-25 12:48 - 2009-08-25 12:48 - 00610872 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

2013-04-16 18:45 - 2012-11-08 20:17 - 01717872 _____ () C:\Program Files\Ditto\Ditto.exe

2011-02-23 10:04 - 2011-02-23 10:04 - 00080896 _____ () C:\Program Files\FileBX\FbxRes.dll

2011-02-23 10:09 - 2011-02-23 10:09 - 00007680 _____ () C:\Program Files\FileBX\Fbx32helper.exe

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-02-21 23:26 - 2013-02-21 23:26 - 00013312 _____ () C:\Program Files (x86)\CrashPlan\md5.dll

2014-02-26 13:13 - 2014-02-26 13:13 - 00197120 _____ () C:\Program Files (x86)\CrashPlan\cpnative.dll

2009-10-06 02:08 - 2009-10-06 02:08 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

2014-02-06 22:14 - 2014-02-06 22:14 - 00315392 _____ () C:\Program Files (x86)\D-Link\DWA-160\ANPDApi.dll

2014-02-06 22:14 - 2010-08-02 00:28 - 00290816 _____ () C:\Program Files (x86)\D-Link\DWA-160\WlanApp.dll

2010-12-11 18:23 - 2010-12-11 18:23 - 00279904 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\resource.dll

2010-12-11 17:09 - 2010-12-11 17:09 - 00019808 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\thread_pool.dll

2010-12-11 17:10 - 2010-12-11 17:10 - 00028512 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\rpc_client.dll

2014-03-15 13:39 - 2014-03-14 19:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll

2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-03-15 13:39 - 2014-03-14 19:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll

2014-03-15 13:39 - 2014-03-14 19:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll

2014-03-15 13:39 - 2014-03-14 19:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll

2014-03-15 13:39 - 2014-03-14 19:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll

2014-03-15 13:39 - 2014-03-14 19:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll

2014-03-15 13:39 - 2014-03-14 19:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00113171 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 02396179 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00268307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00031251 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 11148307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 01248787 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00066579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 02021395 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00100371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00240659 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00076307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00045587 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00060947 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00531475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00708627 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00114195 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00040467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00133139 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 01512467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00296979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00054291 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00038419 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00036371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00383507 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00118803 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00021011 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00017427 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00116755 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_http_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00189971 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00091667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00067603 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00077331 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00025619 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00074259 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00016403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libtta_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00023059 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00021523 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libwav_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00929299 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsid_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00144403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libogg_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 01194003 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libdirac_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00675347 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblive555_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00018451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libpva_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libxa_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00017427 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00018451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00015891 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libau_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00417811 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libgme_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00023059 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libimage_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libnsv_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00524819 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmod_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00127507 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libts_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00037907 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libps_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00034835 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libty_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00016403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00050195 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 10396179 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00291859 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00017939 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 01280019 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00018451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00336403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00344595 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00198675 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00027155 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00015891 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 01371667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00146451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00022035 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00733203 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00026131 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00171027 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00019475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00724499 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00026643 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00555027 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00113683 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00053779 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00016915 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00032275 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00020499 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00017427 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00013843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00067091 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll

2014-02-04 20:32 - 2014-02-04 20:32 - 00013843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll

2014-02-04 20:31 - 2014-02-04 20:31 - 01496083 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

==================== Disabled items from MSCONFIG ==============

 

 

==================== Faulty Device Manager Devices =============

 

Name: Logitech HID-compliant Cordless Mouse

Description: Logitech HID-compliant Cordless Mouse

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Logitech

Service: mouhid

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (04/06/2014 01:33:31 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 56575073

 

Error: (04/06/2014 01:33:31 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 56575073

 

Error: (04/06/2014 01:33:31 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/06/2014 01:33:30 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 56574044

 

Error: (04/06/2014 01:33:30 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 56574044

 

Error: (04/06/2014 01:33:30 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/06/2014 01:33:29 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 56573014

 

Error: (04/06/2014 01:33:29 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 56573014

 

Error: (04/06/2014 01:33:29 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/06/2014 01:33:28 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 56571906

 

 

System errors:

=============

Error: (04/06/2014 01:38:31 PM) (Source: Microsoft-Windows-Time-Service) (User: NT AUTHORITY)

Description: The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

 

Error: (04/06/2014 01:38:18 PM) (Source: BugCheck) (User: )

Description: 0x0000001e (0xffffffffc0000005, 0xfffff80002e8cbe6, 0x0000000000000000, 0xffffffffffffffff)C:\Windows\MEMORY.DMP040614-18720-01

 

Error: (04/06/2014 01:38:09 PM) (Source: EventLog) (User: )

Description: The previous system shutdown at 1:35:26 PM on ‎06/‎04/‎2014 was unexpected.

 

Error: (04/05/2014 07:04:16 PM) (Source: Microsoft-Windows-Time-Service) (User: NT AUTHORITY)

Description: The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

 

Error: (04/05/2014 07:03:58 PM) (Source: BugCheck) (User: )

Description: 0x0000001e (0xffffffffc0000005, 0xfffff80002ee6be6, 0x0000000000000000, 0xffffffffffffffff)C:\Windows\MEMORY.DMP040514-21793-01

 

Error: (04/05/2014 07:03:51 PM) (Source: EventLog) (User: )

Description: The previous system shutdown at 7:02:14 PM on ‎05/‎04/‎2014 was unexpected.

 

Error: (04/04/2014 05:42:18 PM) (Source: Microsoft-Windows-Time-Service) (User: NT AUTHORITY)

Description: The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

 

Error: (04/03/2014 06:51:39 PM) (Source: WMPNetworkSvc) (User: )

Description: WMPNetworkSvc0x80004005

 

Error: (04/03/2014 06:50:40 PM) (Source: Microsoft-Windows-Time-Service) (User: NT AUTHORITY)

Description: The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

 

Error: (04/03/2014 06:27:26 PM) (Source: DCOM) (User: )

Description: {06622D85-6856-4460-8DE1-A81921B41C4B}

 

 

Microsoft Office Sessions:

=========================

Error: (04/06/2014 01:33:31 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 56575073

 

Error: (04/06/2014 01:33:31 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 56575073

 

Error: (04/06/2014 01:33:31 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/06/2014 01:33:30 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 56574044

 

Error: (04/06/2014 01:33:30 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 56574044

 

Error: (04/06/2014 01:33:30 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/06/2014 01:33:29 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 56573014

 

Error: (04/06/2014 01:33:29 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 56573014

 

Error: (04/06/2014 01:33:29 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/06/2014 01:33:28 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 56571906

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 71%

Total physical RAM: 3894.87 MB

Available physical RAM: 1114.4 MB

Total Pagefile: 7787.91 MB

Available Pagefile: 4389.61 MB

Total Virtual: 8192 MB

Available Virtual: 8191.8 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:451.92 GB) (Free:316.86 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:13.54 GB) (Free:1.9 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: E940F807)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

You should be able to go in and disable the RootKit scanner from within MBAM for now to stop any BSOD.

 

Let me have you run the following.  

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

  • Root Admin

I'm saying I don't know yet.  I've only seen a few similar errors like this and in most cases the MBAM-CLEAN routine corrected it except for a couple that were infected.

Since you say you've already ran the clean removal then that was not a fix for you.

 

If you like you can try again and let me know if there is any change.

 

MBAM Clean Removal Process 2x

 

Thanks

Link to post
Share on other sites

  • Root Admin

Please create a new System Restore Point and then let's go ahead and run the following.
 
Please go into Control Panel, Add/Remove and uninstall ALL versions of JAVA
 
Then run the following.

Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

If at all possible I'd recommend keeping Java off of the system but if you really have to have it make sure you have the very latest version at all times.  http://www.java.com
 
Then run the following and restart the computer when done.
 
Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

After the restart please run the following.
 
Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.
 
Thanks

Link to post
Share on other sites


JavaRa 1.16 Removal Log.

 

Report follows after line.

 

------------------------------------

 

The JavaRa removal process was started on Wed Apr 16 09:58:48 2014

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

 

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

 

Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

 

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

 

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

 

Found and removed: SOFTWARE\Classes\.jar

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

 

Found and removed: SOFTWARE\JavaSoft

 

Found and removed: SOFTWARE\MozillaPlugins

 

------------------------------------

 

Finished reporting.

 

 

 


==================================================================

MiniToolBox by Farbar  Version: 23-01-2014

Ran by admin (administrator) on 16-04-2014 at 10:07:01

Running from "C:\Users\admin\Desktop"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

 

========================= Flush DNS: ===================================

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========================= IE Proxy Settings: ============================== 

 

Proxy is not enabled.

No Proxy Server is set.

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

 

========================= FF Proxy Settings: ============================== 

 

 

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

 

========================= Hosts content: =================================

 

127.0.0.1       localhost

 

========================= IP Configuration: ================================

 

Broadcom 43225 802.11b/g/n = Wireless Network Connection (Connected)

Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global icmpredirects=enabled

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : admin-PC

   Primary Dns Suffix  . . . . . . . : 

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

 

Wireless LAN adapter Wireless Network Connection 2:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter

   Physical Address. . . . . . . . . : C4-17-FE-48-8C-8C

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Wireless LAN adapter Wireless Network Connection:

 

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Broadcom 43225 802.11b/g/n

   Physical Address. . . . . . . . . : C4-17-FE-48-8C-8C

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   IPv4 Address. . . . . . . . . . . : 192.168.1.20(Preferred) 

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : April-16-14 10:04:05 AM

   Lease Expires . . . . . . . . . . : May-23-50 4:35:28 PM

   Default Gateway . . . . . . . . . : 192.168.1.1

   DHCP Server . . . . . . . . . . . : 192.168.1.1

   DNS Servers . . . . . . . . . . . : 192.168.1.1

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Tunnel adapter isatap.{D71AE67F-F496-4716-A418-54B381598CAB}:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 11:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Microsoft 6to4 Adapter

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 9:

 

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:38fa:1c2f:3f57:feeb(Preferred) 

   Link-local IPv6 Address . . . . . : fe80::38fa:1c2f:3f57:feeb%18(Preferred) 

   Default Gateway . . . . . . . . . : ::

   NetBIOS over Tcpip. . . . . . . . : Disabled

 

Tunnel adapter isatap.{919E80E6-15FA-448F-B739-4C406FC832B0}:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

Server:  Mort

Address:  192.168.1.1

 

Name:    google.com

Addresses:  2607:f8b0:4001:c07::71

 216.123.55.110

 216.123.55.88

 216.123.55.84

 216.123.55.113

 216.123.55.80

 216.123.55.102

 216.123.55.91

 216.123.55.99

 216.123.55.90

 216.123.55.117

 216.123.55.121

 216.123.55.112

 216.123.55.106

 216.123.55.123

 216.123.55.101

 216.123.55.95

 

 

Pinging google.com [216.123.55.95] with 32 bytes of data:

Reply from 216.123.55.95: bytes=32 time=19ms TTL=60

Reply from 216.123.55.95: bytes=32 time=19ms TTL=60

 

Ping statistics for 216.123.55.95:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 19ms, Maximum = 19ms, Average = 19ms

Server:  Mort

Address:  192.168.1.1

 

Name:    yahoo.com

Addresses:  206.190.36.45

 98.139.183.24

 98.138.253.109

 

 

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=82ms TTL=54

Reply from 98.138.253.109: bytes=32 time=112ms TTL=54

 

Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 82ms, Maximum = 112ms, Average = 97ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

 15...c4 17 fe 48 8c 8c ......Microsoft Virtual WiFi Miniport Adapter

 12...c4 17 fe 48 8c 8c ......Broadcom 43225 802.11b/g/n

  1...........................Software Loopback Interface 1

 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

 11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter

 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.20     25

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      192.168.1.0    255.255.255.0         On-link      192.168.1.20    281

     192.168.1.20  255.255.255.255         On-link      192.168.1.20    281

    192.168.1.255  255.255.255.255         On-link      192.168.1.20    281

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link      192.168.1.20    281

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link      192.168.1.20    281

===========================================================================

Persistent Routes:

  None

 

IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

 18     58 ::/0                     On-link

  1    306 ::1/128                  On-link

 18     58 2001::/32                On-link

 18    306 2001:0:9d38:6abd:38fa:1c2f:3f57:feeb/128

                                    On-link

 18    306 fe80::/64                On-link

 18    306 fe80::38fa:1c2f:3f57:feeb/128

                                    On-link

  1    306 ff00::/8                 On-link

 18    306 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (04/16/2014 10:02:53 AM) (Source: Application Error) (User: )

Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4

Faulting module name: FileBXH.dll_unloaded, version: 0.0.0.0, time stamp: 0x4d652330

Exception code: 0xc000041d

Fault offset: 0x0000000005741610

Faulting process id: 0xb18

Faulting application start time: 0xExplorer.EXE0

Faulting application path: Explorer.EXE1

Faulting module path: Explorer.EXE2

Report Id: Explorer.EXE3

 

Error: (04/16/2014 09:49:55 AM) (Source: Application Error) (User: )

Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2

Faulting module name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2

Exception code: 0xc0000005

Fault offset: 0x00199a80

Faulting process id: 0xae8

Faulting application start time: 0xmbam.exe0

Faulting application path: mbam.exe1

Faulting module path: mbam.exe2

Report Id: mbam.exe3

 

Error: (04/16/2014 09:49:27 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 42659659

 

Error: (04/16/2014 09:49:27 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 42659659

 

Error: (04/16/2014 09:49:27 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/15/2014 09:27:32 PM) (Source: Application Hang) (User: )

Description: The program mbam.exe version 1.0.0.500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 18fc

 

Start Time: 01cf58061e0a409e

 

Termination Time: 200

 

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

 

Report Id: a51a489f-c50e-11e3-9859-c80aa91d320e

 

Error: (04/14/2014 10:00:19 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 12169

 

Error: (04/14/2014 10:00:19 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 12169

 

Error: (04/14/2014 10:00:19 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/14/2014 10:00:18 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 11170

 

 

System errors:

=============

Error: (04/16/2014 10:04:15 AM) (Source: Microsoft-Windows-Time-Service) (User: NT AUTHORITY)

Description: The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

 

Error: (04/16/2014 10:01:21 AM) (Source: Service Control Manager) (User: )

Description: The Acronis Nonstop Backup Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (04/15/2014 09:56:54 PM) (Source: WMPNetworkSvc) (User: )

Description: WMPNetworkSvc0x80004005

 

Error: (04/15/2014 09:56:07 PM) (Source: Microsoft-Windows-Time-Service) (User: NT AUTHORITY)

Description: The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

 

Error: (04/15/2014 09:42:15 PM) (Source: Service Control Manager) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (04/15/2014 09:37:55 PM) (Source: Application Popup) (User: )

Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (04/15/2014 09:35:02 PM) (Source: Service Control Manager) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (04/13/2014 03:36:11 PM) (Source: Microsoft-Windows-Time-Service) (User: NT AUTHORITY)

Description: The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

 

Error: (04/12/2014 06:58:51 PM) (Source: Ntfs) (User: )

Description: The default transaction resource manager on volume U: encountered a non-retryable error and could not start.  The data contains the error code.

 

Error: (04/12/2014 06:24:40 PM) (Source: Microsoft-Windows-Time-Service) (User: NT AUTHORITY)

Description: The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

 

 

Microsoft Office Sessions:

=========================

Error: (04/16/2014 10:02:53 AM) (Source: Application Error)(User: )

Description: Explorer.EXE6.1.7601.175674d672ee4FileBXH.dll_unloaded0.0.0.04d652330c000041d0000000005741610b1801cf591f5c1f1405C:\Windows\Explorer.EXEFileBXH.dll2ef6e643-c578-11e3-aca0-b98e9a92e779

 

Error: (04/16/2014 09:49:55 AM) (Source: Application Error)(User: )

Description: mbam.exe1.0.0.500533d8de2mbam.exe1.0.0.500533d8de2c000000500199a80ae801cf591f5bf43b40C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe5f65b4a6-c576-11e3-aca0-b98e9a92e779

 

Error: (04/16/2014 09:49:27 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 42659659

 

Error: (04/16/2014 09:49:27 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 42659659

 

Error: (04/16/2014 09:49:27 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/15/2014 09:27:32 PM) (Source: Application Hang)(User: )

Description: mbam.exe1.0.0.50018fc01cf58061e0a409e200C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exea51a489f-c50e-11e3-9859-c80aa91d320e

 

Error: (04/14/2014 10:00:19 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 12169

 

Error: (04/14/2014 10:00:19 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 12169

 

Error: (04/14/2014 10:00:19 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/14/2014 10:00:18 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 11170

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-04-15 21:37:55.644

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-04-15 21:37:55.566

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

=========================== Installed Programs ============================

 

Acronis True Image Home (Version: 13.0.7154)

Adobe Flash Player 12 ActiveX (Version: 12.0.0.77)

Adobe Flash Player 12 Plugin (Version: 12.0.0.77)

Adobe Shockwave Player (Version: 11.5.1.601)

Adobe Shockwave Player 12.0 (Version: 12.0.3.133)

AirPort (Version: 5.6.1.2)

Akamai NetSession Interface

Apple Application Support (Version: 3.0.1)

Apple Mobile Device Support (Version: 7.1.1.3)

Apple Software Update (Version: 2.1.3.127)

Bonjour (Version: 3.0.0.10)

Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6)

Citrix Online Launcher (Version: 1.0.179)

CryptoPrevent v2.5.1

CutePDF Writer 3.0 (Version:  3.0)

CyberLink DVD Suite (Version: 7.0.2216)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Ditto

D-Link DWA-160 

Dropbox (Version: 2.0.8)

DVD Menu Pack for HP MediaSmart Video (Version: 3.1.3224)

Ekahau HeatMapper (Version: 1.1.4.39795)

ENE CIR Receiver Driver (Version: 2.7.4.0)

eReg (Version: 1.20.138.34)

ESET Endpoint Antivirus (Version: 5.0.2214.4)

ESU for Microsoft Windows 7 (Version: 1.0.0)

Everything 1.2.1.371

Fences (Version: 1.0)

FileBox eXtender (Version: 2.1.0)

FinePrint (Version: 6.25)

FlashFXP 4 (Version: 4.4.3.2031)

Foxit Reader (Version: 6.1.2.1224)

GetDataBack Simple (Version: 1.01.000)

Google Chrome (Version: 65.96.32832)

Google Chrome Canary (Version: 36.0.1942.0)

Google Earth Plug-in (Version: 7.1.2.2041)

Google Talk Plugin (Version: 5.2.4.18058)

Google Update Helper (Version: 1.3.23.9)

Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)

HP 3D DriveGuard (Version: 4.0.3.1)

HP Advisor (Version: 3.3.9512.3162)

HP Customer Experience Enhancements (Version: 6.0.1.7)

HP Games (Version: 1.0.0.71)

HP MediaSmart DVD (Version: 3.1.3509)

HP MediaSmart Internet TV (Version: 3.1.2125)

HP MediaSmart Live TV (Version: 3.1.2206)

HP MediaSmart Music/Photo/Video (Version: 3.1.3405)

HP MediaSmart SmartMenu (Version: 3.1.0.1)

HP MediaSmart Software Notebook Demo (Version: 1.00.0000)

HP MediaSmart Webcam (Version: 3.1.2207)

HP Quick Launch Buttons (Version: 6.50.12.1)

HP Setup (Version: 1.2.3560.3170)

HP Smart Web Printing (Version: 131.1.35898)

HP Support Assistant (Version: 7.0.39.15)

HP Update (Version: 5.001.000.014)

HP User Guides 0154 (Version: 1.01.0001)

HP Wireless Assistant (Version: 3.50.9.1)

IDT Audio (Version: 1.0.6276.0)

ImgBurn (Version: 2.5.7.0)

inSSIDer Home (Version: 3.1.2.1)

Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1968)

Intel® Management Engine Components (Version: 6.0.0.1179)

Intel® Matrix Storage Manager

IrfanView (remove only) (Version: 4.35)

iTunes (Version: 11.1.5.5)

Kits Configuration Installer (Version: 8.100.25984)

LabelPrint (Version: 2.5.2215)

LastPass (uninstall only)

LightScribe System Software (Version: 1.18.8.1)

Logitech SetPoint 6.52 (Version: 6.52.74)

Malwarebytes Anti-Malware version 2.0.1.1004 (Version: 2.0.1.1004)

MetroTwit Loop (Version: 1.2.0.0)

Microsoft .NET Framework 4.5 (Version: 4.5.50709)

Microsoft Choice Guard (Version: 2.0.48.0)

Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Visio 2010 (Version: 14.0.7015.1000)

Microsoft Office Visio MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)

Microsoft Silverlight (Version: 5.1.30214.0)

Microsoft Visio Professional 2010 (Version: 14.0.7015.1000)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Works (Version: 9.7.0621)

MiniTool Partition Wizard Home Edition 8.1.1

Movie Theme Pack for HP MediaSmart Video (Version: 3.1.3310)

Mozilla Firefox 27.0 (x86 en-US) (Version: 27.0)

Mozilla Maintenance Service (Version: 27.0)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

Notepad++ (Version: 6.3.2)

PDF-Viewer (Version: 2.5.214.1)

Power2Go (Version: 6.0.3415)

PowerDirector (Version: 7.0.3420)

QLBCASL (Version: 6.40.17.2)

Realtek Ethernet Controller  Driver (Version: 1.00.0008)

Realtek USB 2.0 Card Reader (Version: 6.1.7600.30104)

Recovery Manager (Version: 5.5.2214)

Sandboxie 4.08 (64-bit) (Version: 4.08)

SDK Debuggers (Version: 8.100.25984)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition

Snapshot (remove only)

StockFinder 5.0 (Version: 5.0)

swMSM (Version: 12.0.0.1)

Synaptics Pointing Device Driver (Version: 14.0.0.3)

TeamViewer 9 (Version: 9.0.27339)

TrueCrypt (Version: 7.1a)

Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1)

Update for Microsoft .NET Framework 4.5 (KB2805221) (Version: 1)

Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition

Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition

Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition

Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition

Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition

VLC media player 2.1.2 (Version: 2.1.2)

VNC Free Edition 4.1.3 (Version: 4.1.3)

Windows Software Development Kit EULA (Version: 8.100.25984)

Windows Software Development Kit for Windows 8.1 (Version: 8.100.25984)

WinRAR 4.20 (64-bit) (Version: 4.20.0)

XYplorer 13.90 (Version: 13.90)

 

========================= Devices: ================================

 

Name: Logitech HID-compliant Cordless Mouse

Description: Logitech HID-compliant Cordless Mouse

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Logitech

Service: mouhid

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

========================= Memory info: ===================================

 

Percentage of memory in use: 68%

Total physical RAM: 3894.87 MB

Available physical RAM: 1209.06 MB

Total Pagefile: 7787.91 MB

Available Pagefile: 4317.32 MB

Total Virtual: 4095.88 MB

Available Virtual: 3954.63 MB

 

========================= Partitions: =====================================

 

1 Drive c: () (Fixed) (Total:451.92 GB) (Free:318.46 GB) NTFS

2 Drive d: (RECOVERY) (Fixed) (Total:13.54 GB) (Free:1.87 GB) NTFS

3 Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

 

========================= Users: ========================================

 

User accounts for \\ADMIN-PC

 

admin                    Administrator            Guest                    

 

========================= Minidump Files ==================================

 

No minidump file found

 

 

**** End of log ****
Link to post
Share on other sites

  • Root Admin

Your still having a few services that are crashing including MBAM and Explorer.

 

For now let's go ahead and rule out MBAM.  Please run the clean removal procedure but for now do not reinstall MBAM.

 

MBAM Clean Removal Process 2x

 

Then reboot as requested and run the MinitToolbox again as well as the following.

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender

    [*]Press "Scan". [*]It will create a log (FSS.txt) in the same directory the tool is run. [*]Please copy and paste the log to your reply.


 

Link to post
Share on other sites

Farbar Service Scanner Version: 25-02-2014

Ran by admin (administrator) on 16-04-2014 at 12:54:50

Running from "C:\Users\admin\Desktop"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

Link to post
Share on other sites

  • Root Admin

Please restart your computer and run the following scans.
 
Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop
dds.scr
dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please include the following logs in your next reply as an attachment: DDS.txt and Attach.txt
  • You can ignore the note about zipping the Attach.txt file and just post it or attach it.
Link to post
Share on other sites

  • Root Admin

Is this a virtual machine ?
 
You're still getting a couple of errors but the time one would appear to probably be due to a virtual machine maybe.
 
==== Event Viewer Messages From Past Week ========
.
4/16/14 3:39:48 PM, Error: Microsoft-Windows-Time-Service [4]  - The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)
4/16/14 10:01:21 AM, Error: Service Control Manager [7034]  - The Acronis Nonstop Backup Service service terminated unexpectedly.  It has done this 1 time(s).

 

 

 

Let's do some checking and get another log please...


» Check Windows System files integrity

  • open the Command Prompt as Administrator. 
  • type the following command and press Enter:
     

        sfc /scannow

 

  • Note: This may take some time to finish.

    if it doesn't say "No integrity violations found" them do this:
  • In the command prompt window, type or Copy & Paste the following:
     

 

     

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt
  • Close the command prompt.
  • Attach to your post the sfcdetails.txt file that was just placed on your Desktop
  • You can safely delete the sfcdetails.txt file afterwards if you like


» Check some windows critical services...
Download Farbar Service Scanner

  • Run FSS
  • Check all the options
  • click Scan

Post the generated log in your reply.

 

Link to post
Share on other sites

I got the following error when I issued that command: "The following error occurred: The service has not been started. (0x80070426)"

 

I then went into Services GUI and started Windows Time service which is set to Automatic but was not started. Then I issued that same command again. Note I discovered that I have an issue with Windows Time Sync here due to me using my own router on my ISP's supplied Gateway box. Even though my router has been DMZ'd the ISP's Gateway box is blocking NNTP for DMZ'd clients..

 

 

 

C:\Windows\system32>w32tm /query /configuration /verbose
[Configuration]
 
EventLogFlags: 2 (Local)
AnnounceFlags: 10 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 10 (Local)
MaxPollInterval: 15 (Local)
MaxNegPhaseCorrection: 54000 (Local)
MaxPosPhaseCorrection: 54000 (Local)
MaxAllowedPhaseOffset: 1 (Local)
 
FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 1 (Local)
UpdateInterval: 360000 (Local)
 
FileLogName:  (Undefined or NotUsed)
FileLogEntries:  (Undefined or NotUsed)
FileLogSize: 0 (Undefined or NotUsed)
FileLogFlags: 0 (Undefined or NotUsed)
 
[TimeProviders]
 
NtpClient (Local)
DllName: C:\Windows\system32\w32time.DLL (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
CrossSiteSyncFlags: 0 (Undefined or NotUsed)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Local)
ResolvePeerBackoffMaxTimes: 7 (Local)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 604800 (Local)
Type: NTP (Local)
NtpServer: time-c.nist.gov,0x9 (Local)
 
NtpServer (Local)
DllName: C:\Windows\system32\w32time.DLL (Local)
Enabled: 0 (Local)
InputProvider: 0 (Local)
 
 
C:\Windows\system32>
Link to post
Share on other sites

  • Root Admin

Please run a Full Disk Check on your system drive.  If needed here are some links on how to run a Disk Check.


On Windows 7 the disk check log is in the Event Logs under Application with a heading source of  Wininit


How to Run Disk Check in Windows 7

How to Run Check Disk at Startup in Vista or Windows 7

How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8
 

When done please open the Event Viewer and locate the entry for the disk check and post back the results.

Link to post
Share on other sites

I am do a chkdsk /r on the C: partition right now after I rebooted and will post back the results. What makes you think that this computer was a virtual computer? I don't follow what chkdsk has to do with a BSOD with MBAM 2.0 that I never experience with MBAM 1.7.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.