Jump to content

windows version installer problem


Recommended Posts

Hi!

 

Have not used this win7 desktop for some time. Did some updates which included a Java plug-in that carried a payload. Used several malware removers, including Malwarebytes. Windows Version Installer keeps popping up. Frst scan resulted in the following:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-08-2014
Ran by ING (administrator) on ING-B351 on 12-08-2014 17:14:23
Running from C:\Users\ING\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
() C:\Users\ING\AppData\Roaming\VOPackage\VOsrv.exe
(Sling Media Inc.) C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\XPgames\freecell.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-18] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [bigDog305] => C:\Windows\VM305_STI.EXE [61440 2012-08-20] (Vimicro)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-09-05] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3404179652-3976374348-2591870498-1000\...\Run: [Google Update] => C:\Users\ING\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-09-05] (Google Inc.)
HKU\S-1-5-21-3404179652-3976374348-2591870498-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3404179652-3976374348-2591870498-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-12] (SUPERAntiSpyware)
HKU\S-1-5-21-3404179652-3976374348-2591870498-1000\...\MountPoints2: {f218c740-3324-11e3-adb9-8c89a52c3a25} - I:\TL-Bootstrap.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:13945;https=127.0.0.1:13945
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fscj.edu/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {54522C96-46E9-48EA-82B5-9C1E5A230C31} URL =
SearchScopes: HKCU - {54522C96-46E9-48EA-82B5-9C1E5A230C31} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default
FF Homepage: hxxp://users.hal-pc.org/~lang
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\ING\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\ING\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: CostMin - C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\Extensions\0nd-gfgo@flm-bjur.net [2014-08-06]
FF Extension: EPUBReader - C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-12-08]
FF Extension: WebSlingPlayer - C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2012-05-09]
FF Extension: NoScript - C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-09-22]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-08-05]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-08-05]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-08-05]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-08-05]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-05]
FF HKCU\...\Firefox\Extensions: [{BF3CC464-7D6D-3AB7-38B3-069F211EB58B}] - C:\Program Files (x86)\ver3click-n-mark\176.xpi

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-09]
CHR Extension: (Google Drive) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-03]
CHR Extension: (YouTube) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-09]
CHR Extension: (Google Search) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-09]
CHR Extension: (RealDownloader) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2012-12-21]
CHR Extension: (Skype Click to Call) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-09-07]
CHR Extension: (Google Wallet) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-09]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
R2 HPSLPSVC; C:\Users\ING\AppData\Local\Temp\7zS75FD\hpslpsvc64.dll [1039360 2011-11-14] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 servervo; C:\Users\ING\AppData\Roaming\VOPackage\VOsrv.exe [73728 2014-08-06] () [File not signed]
R2 SlingAgentService; C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [94024 2010-11-03] (Sling Media Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 hcw89; C:\Windows\System32\DRIVERS\hcw89.sys [1605376 2011-07-05] (Hauppauge Computer Works, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [60416 2008-07-22] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-08-12] ()
S3 vvftav; C:\Windows\System32\drivers\vvftav.sys [300800 2012-08-20] (Vimicro Corporation)
S3 ZSMC0305; C:\Windows\System32\Drivers\usbVM305.sys [1541120 2012-08-20] (Vimicro Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 17:14 - 2014-08-12 17:14 - 00019914 _____ () C:\Users\ING\Downloads\FRST.txt
2014-08-12 17:14 - 2014-08-12 17:14 - 00000000 ____D () C:\FRST
2014-08-12 17:11 - 2014-08-12 17:11 - 02099712 _____ (Farbar) C:\Users\ING\Downloads\FRST64.exe
2014-08-12 15:13 - 2014-08-12 17:01 - 00000000 ____D () C:\Users\ING\AppData\Local\CrashDumps
2014-08-12 14:08 - 2014-08-12 14:15 - 00004063 _____ () C:\Users\ING\Desktop\RKreport_SCN_08122014_140803.log
2014-08-12 14:00 - 2014-08-12 14:00 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-12 14:00 - 2014-08-12 14:00 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-12 13:58 - 2014-08-12 13:59 - 04817496 _____ () C:\Users\ING\Desktop\RogueKiller.exe
2014-08-12 13:02 - 2014-08-12 13:02 - 14349744 _____ (Malwarebytes Corp.) C:\Users\ING\Downloads\mbar-1.07.0.1012.exe
2014-08-09 09:28 - 2014-08-09 12:20 - 00003039 _____ () C:\Users\ING\Documents\hotsauces.txt
2014-08-08 17:03 - 2014-08-12 17:00 - 00000672 _____ () C:\Windows\setupact.log
2014-08-08 17:03 - 2014-08-08 17:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-08 12:17 - 2014-08-08 12:17 - 00001938 _____ () C:\Users\ING\Documents\cc_20140808_121731.reg
2014-08-07 21:49 - 2014-08-07 21:49 - 00000000 ____D () C:\Users\ING\AppData\Roaming\SUPERAntiSpyware.com
2014-08-07 21:48 - 2014-08-12 17:01 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-07 21:48 - 2014-08-07 21:48 - 00001815 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-07 21:48 - 2014-08-07 21:48 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-07 21:48 - 2014-08-07 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-07 21:46 - 2014-08-07 21:46 - 18676504 _____ (SUPERAntiSpyware) C:\Users\ING\Downloads\SUPERAntiSpyware (1).exe
2014-08-07 19:36 - 2014-08-07 19:40 - 112030456 _____ (Microsoft Corporation) C:\Users\ING\Downloads\msert.exe
2014-08-06 12:57 - 2014-08-06 12:57 - 00010754 _____ () C:\Users\ING\Documents\cc_20140806_125705.reg
2014-08-06 12:54 - 2014-08-06 12:54 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Oracle
2014-08-06 12:51 - 2014-08-06 12:51 - 00005647 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-06 12:51 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-06 12:51 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-06 12:51 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-06 12:51 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-06 12:43 - 2014-08-06 12:43 - 00003814 _____ () C:\Users\ING\Documents\cc_20140806_124301.reg
2014-08-06 12:09 - 2014-08-09 12:34 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-08-06 12:09 - 2014-08-07 12:34 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-08-06 12:09 - 2014-08-06 12:54 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-08-06 12:09 - 2014-08-06 12:34 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-08-06 12:09 - 2014-08-06 12:34 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-08-06 12:09 - 2014-08-06 12:34 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-08-06 12:09 - 2014-08-06 12:10 - 00000324 _____ () C:\Users\ING\AppData\Roaming\aps.uninstall.scan.results
2014-08-06 12:08 - 2014-08-06 12:08 - 00591056 _____ (ClickMeIn Limited) C:\Users\ING\AppData\Local\nsx1367.tmp
2014-08-06 11:00 - 2014-08-06 12:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-06 10:59 - 2014-08-06 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-06 10:58 - 2014-08-06 10:58 - 00000000 ____D () C:\Users\ING\AppData\Local\Packages
2014-08-06 10:58 - 2014-08-06 10:58 - 00000000 ____D () C:\ProgramData\858d75a5186e3022
2014-08-06 10:57 - 2014-08-06 10:57 - 00000464 __RSH () C:\ProgramData\ntuser.pol
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Google
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator
2014-08-06 10:56 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Roaming\VOPackage
2014-08-06 10:56 - 2014-08-06 10:56 - 00000000 ____D () C:\ProgramData\StepAppIt
2014-08-06 10:55 - 2014-08-06 10:56 - 00000000 ____D () C:\ProgramData\InstallMate
2014-08-06 10:52 - 2014-08-08 12:04 - 00000000 ____D () C:\Users\ING\AppData\Roaming\device
2014-08-06 10:52 - 2014-08-07 22:09 - 00000000 ____D () C:\Users\ING\AppData\Roaming\serv
2014-08-05 20:41 - 2014-08-05 20:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-05 16:11 - 2014-08-05 16:11 - 00000000 ____D () C:\kingstonk
2014-08-05 15:50 - 2014-08-05 15:50 - 00000000 ____D () C:\Users\ING\Documents\Garmin
2014-08-05 15:44 - 2014-08-05 15:44 - 00000000 ____D () C:\Users\ING\AppData\Local\Garmin
2014-08-05 15:42 - 2014-08-05 15:49 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Garmin
2014-08-05 15:42 - 2014-08-05 15:42 - 00000000 ____D () C:\Program Files\DIFX
2014-08-05 15:41 - 2014-08-05 15:44 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-05 15:41 - 2014-08-05 15:42 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-05 15:41 - 2014-08-05 15:41 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-08-05 15:41 - 2014-08-05 15:41 - 00001895 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-08-05 15:41 - 2014-08-05 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-05 15:40 - 2014-08-05 15:42 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-05 15:35 - 2014-08-05 15:37 - 36347672 _____ (Garmin Ltd or its subsidiaries) C:\Users\ING\Downloads\GarminExpress.exe
2014-08-05 15:06 - 2014-08-05 15:06 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-05 15:06 - 2014-08-05 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-05 15:05 - 2014-08-05 15:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-05 15:05 - 2014-08-05 15:06 - 00000000 ____D () C:\Program Files\iTunes
2014-08-05 15:05 - 2014-08-05 15:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-05 15:05 - 2014-08-05 15:05 - 00000000 ____D () C:\Program Files\iPod
2014-08-04 13:22 - 2014-08-04 13:22 - 00032218 _____ () C:\Users\ING\Documents\cc_20140804_132229.reg
2014-08-04 12:10 - 2014-08-12 15:13 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000
2014-08-03 19:42 - 2014-08-03 19:42 - 01383387 _____ () C:\Users\ING\Downloads\myyellowstoneitinerary.zip
2014-08-03 15:06 - 2014-08-12 17:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 15:06 - 2014-08-03 15:06 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebyte.lnk
2014-08-03 15:06 - 2014-08-03 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-03 15:06 - 2014-08-03 15:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-03 15:06 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-03 15:06 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-03 14:08 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-03 14:08 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-03 14:08 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-03 14:08 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-03 14:08 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-03 14:08 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-03 14:08 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-03 14:08 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-03 14:08 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-03 14:08 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-03 14:08 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-03 14:08 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-03 14:08 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-03 14:08 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-03 14:08 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-03 14:08 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-03 14:08 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-03 14:08 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-03 14:08 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-03 14:08 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-03 14:08 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-03 14:08 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-03 14:08 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-03 14:08 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-03 14:08 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-03 14:08 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-03 14:08 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-03 14:08 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-03 14:08 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-03 14:08 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-03 14:08 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-03 14:08 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-03 14:08 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-03 14:08 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-03 14:08 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-03 14:08 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-03 14:08 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-03 14:08 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-03 14:08 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-03 14:08 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-03 14:08 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-03 14:08 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-03 14:08 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-03 14:08 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-03 14:08 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-03 14:08 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-03 14:08 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-03 14:08 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-03 14:08 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-03 14:08 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-03 14:08 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-03 14:08 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-03 14:08 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-03 14:08 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-03 14:08 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-03 14:08 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-03 14:07 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-03 14:07 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-03 14:07 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-08-03 14:07 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-08-03 14:07 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-03 14:07 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-08-03 14:07 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-08-03 14:07 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-08-03 14:07 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-08-03 14:07 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-08-03 14:07 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-08-03 14:07 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-08-03 14:07 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-08-03 14:07 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-08-03 14:07 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-08-03 14:07 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-08-03 14:07 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-08-03 14:07 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-08-03 14:07 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-08-03 14:07 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-08-03 14:07 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-08-03 14:07 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-08-03 14:07 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-08-03 14:07 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-08-03 14:07 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-08-03 14:07 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-08-03 14:07 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-08-03 14:07 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-03 14:07 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-03 14:07 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-08-03 14:07 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-08-03 14:07 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-08-03 14:07 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-08-03 14:07 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-08-03 14:07 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-08-03 14:07 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-08-03 14:07 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 17:14 - 2014-08-12 17:14 - 00019914 _____ () C:\Users\ING\Downloads\FRST.txt
2014-08-12 17:14 - 2014-08-12 17:14 - 00000000 ____D () C:\FRST
2014-08-12 17:11 - 2014-08-12 17:11 - 02099712 _____ (Farbar) C:\Users\ING\Downloads\FRST64.exe
2014-08-12 17:08 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-12 17:08 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-12 17:04 - 2011-09-05 21:18 - 01135824 _____ () C:\Windows\WindowsUpdate.log
2014-08-12 17:01 - 2014-08-12 15:13 - 00000000 ____D () C:\Users\ING\AppData\Local\CrashDumps
2014-08-12 17:01 - 2014-08-07 21:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-12 17:01 - 2014-08-03 15:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 17:01 - 2013-03-21 00:29 - 00003220 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3404179652-3976374348-2591870498-1000
2014-08-12 17:01 - 2013-01-03 14:09 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000
2014-08-12 17:00 - 2014-08-08 17:03 - 00000672 _____ () C:\Windows\setupact.log
2014-08-12 17:00 - 2013-12-13 17:54 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 17:00 - 2011-10-19 03:02 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-08-12 17:00 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-12 15:13 - 2014-08-04 12:10 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000
2014-08-12 15:13 - 2014-05-09 18:00 - 00003198 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3404179652-3976374348-2591870498-1000
2014-08-12 14:15 - 2014-08-12 14:08 - 00004063 _____ () C:\Users\ING\Desktop\RKreport_SCN_08122014_140803.log
2014-08-12 14:00 - 2014-08-12 14:00 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-12 14:00 - 2014-08-12 14:00 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-12 13:59 - 2014-08-12 13:58 - 04817496 _____ () C:\Users\ING\Desktop\RogueKiller.exe
2014-08-12 13:02 - 2014-08-12 13:02 - 14349744 _____ (Malwarebytes Corp.) C:\Users\ING\Downloads\mbar-1.07.0.1012.exe
2014-08-12 12:57 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-12 12:52 - 2012-07-21 18:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-12 12:30 - 2011-09-05 19:28 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000UA.job
2014-08-12 12:30 - 2011-09-05 19:28 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000Core.job
2014-08-12 12:29 - 2013-12-13 17:54 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-11 12:06 - 2012-07-24 21:38 - 00000000 ____D () C:\Users\ING\Documents\accts
2014-08-09 12:34 - 2014-08-06 12:09 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-08-09 12:20 - 2014-08-09 09:28 - 00003039 _____ () C:\Users\ING\Documents\hotsauces.txt
2014-08-08 17:03 - 2014-08-08 17:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-08 12:17 - 2014-08-08 12:17 - 00001938 _____ () C:\Users\ING\Documents\cc_20140808_121731.reg
2014-08-08 12:11 - 2013-04-08 08:52 - 00000000 ____D () C:\Users\ING\AppData\Roaming\BitTorrent
2014-08-08 12:04 - 2014-08-06 10:52 - 00000000 ____D () C:\Users\ING\AppData\Roaming\device
2014-08-08 10:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-07 22:09 - 2014-08-06 10:52 - 00000000 ____D () C:\Users\ING\AppData\Roaming\serv
2014-08-07 21:49 - 2014-08-07 21:49 - 00000000 ____D () C:\Users\ING\AppData\Roaming\SUPERAntiSpyware.com
2014-08-07 21:48 - 2014-08-07 21:48 - 00001815 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-07 21:48 - 2014-08-07 21:48 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-07 21:48 - 2014-08-07 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-07 21:46 - 2014-08-07 21:46 - 18676504 _____ (SUPERAntiSpyware) C:\Users\ING\Downloads\SUPERAntiSpyware (1).exe
2014-08-07 19:40 - 2014-08-07 19:36 - 112030456 _____ (Microsoft Corporation) C:\Users\ING\Downloads\msert.exe
2014-08-07 12:34 - 2014-08-06 12:09 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-08-06 12:57 - 2014-08-06 12:57 - 00010754 _____ () C:\Users\ING\Documents\cc_20140806_125705.reg
2014-08-06 12:54 - 2014-08-06 12:54 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Oracle
2014-08-06 12:54 - 2014-08-06 12:09 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-08-06 12:52 - 2014-08-06 11:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-06 12:51 - 2014-08-06 12:51 - 00005647 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-06 12:51 - 2012-07-20 22:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-06 12:47 - 2011-05-05 11:38 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-08-06 12:46 - 2011-12-03 17:55 - 00038194 _____ () C:\Windows\Irremote.ini
2014-08-06 12:46 - 2011-12-03 17:55 - 00000000 ____D () C:\Users\Public\WinTV
2014-08-06 12:43 - 2014-08-06 12:43 - 00003814 _____ () C:\Users\ING\Documents\cc_20140806_124301.reg
2014-08-06 12:38 - 2012-07-29 04:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-06 12:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\security
2014-08-06 12:34 - 2014-08-06 12:09 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-08-06 12:34 - 2014-08-06 12:09 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-08-06 12:34 - 2014-08-06 12:09 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-08-06 12:10 - 2014-08-06 12:09 - 00000324 _____ () C:\Users\ING\AppData\Roaming\aps.uninstall.scan.results
2014-08-06 12:08 - 2014-08-06 12:08 - 00591056 _____ (ClickMeIn Limited) C:\Users\ING\AppData\Local\nsx1367.tmp
2014-08-06 10:59 - 2014-08-06 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-06 10:58 - 2014-08-06 10:58 - 00000000 ____D () C:\Users\ING\AppData\Local\Packages
2014-08-06 10:58 - 2014-08-06 10:58 - 00000000 ____D () C:\ProgramData\858d75a5186e3022
2014-08-06 10:57 - 2014-08-06 10:57 - 00000464 __RSH () C:\ProgramData\ntuser.pol
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Google
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator
2014-08-06 10:57 - 2014-08-06 10:56 - 00000000 ____D () C:\Users\ING\AppData\Roaming\VOPackage
2014-08-06 10:57 - 2011-09-05 19:28 - 00000000 ____D () C:\Users\ING\AppData\Local\Google
2014-08-06 10:57 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-06 10:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-06 10:56 - 2014-08-06 10:56 - 00000000 ____D () C:\ProgramData\StepAppIt
2014-08-06 10:56 - 2014-08-06 10:55 - 00000000 ____D () C:\ProgramData\InstallMate
2014-08-06 06:59 - 2011-09-06 23:14 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Skype
2014-08-05 20:41 - 2014-08-05 20:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-05 16:11 - 2014-08-05 16:11 - 00000000 ____D () C:\kingstonk
2014-08-05 15:50 - 2014-08-05 15:50 - 00000000 ____D () C:\Users\ING\Documents\Garmin
2014-08-05 15:49 - 2014-08-05 15:42 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Garmin
2014-08-05 15:44 - 2014-08-05 15:44 - 00000000 ____D () C:\Users\ING\AppData\Local\Garmin
2014-08-05 15:44 - 2014-08-05 15:41 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-05 15:42 - 2014-08-05 15:42 - 00000000 ____D () C:\Program Files\DIFX
2014-08-05 15:42 - 2014-08-05 15:41 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-05 15:42 - 2014-08-05 15:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-05 15:41 - 2014-08-05 15:41 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-08-05 15:41 - 2014-08-05 15:41 - 00001895 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-08-05 15:41 - 2014-08-05 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-05 15:37 - 2014-08-05 15:35 - 36347672 _____ (Garmin Ltd or its subsidiaries) C:\Users\ING\Downloads\GarminExpress.exe
2014-08-05 15:06 - 2014-08-05 15:06 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-05 15:06 - 2014-08-05 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-05 15:06 - 2014-08-05 15:05 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-05 15:06 - 2014-08-05 15:05 - 00000000 ____D () C:\Program Files\iTunes
2014-08-05 15:06 - 2014-08-05 15:05 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-05 15:05 - 2014-08-05 15:05 - 00000000 ____D () C:\Program Files\iPod
2014-08-04 21:06 - 2011-09-06 23:14 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-04 21:06 - 2011-09-06 23:14 - 00000000 ____D () C:\ProgramData\Skype
2014-08-04 13:22 - 2014-08-04 13:22 - 00032218 _____ () C:\Users\ING\Documents\cc_20140804_132229.reg
2014-08-04 13:20 - 2012-07-22 07:44 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-04 13:20 - 2012-07-22 07:44 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-03 19:54 - 2012-07-24 21:41 - 00000000 ____D () C:\Users\ING\Documents\gcumcDocs
2014-08-03 19:42 - 2014-08-03 19:42 - 01383387 _____ () C:\Users\ING\Downloads\myyellowstoneitinerary.zip
2014-08-03 16:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-03 15:06 - 2014-08-03 15:06 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebyte.lnk
2014-08-03 15:06 - 2014-08-03 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-03 15:06 - 2014-08-03 15:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-03 15:06 - 2011-09-05 19:49 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Malwarebytes
2014-08-03 15:06 - 2011-09-05 19:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-03 15:06 - 2011-09-05 19:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-03 15:00 - 2009-07-14 00:45 - 00337840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-03 14:59 - 2013-03-21 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-03 14:59 - 2013-03-21 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-03 14:58 - 2014-05-06 14:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-03 14:58 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-03 14:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-03 14:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-08-03 14:13 - 2013-08-14 23:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-03 14:11 - 2013-03-21 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-03 13:52 - 2012-07-21 18:09 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-03 13:52 - 2012-07-21 18:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-03 13:52 - 2011-11-05 15:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-03 12:40 - 2011-09-05 19:29 - 00002366 _____ () C:\Users\ING\Desktop\Google Chrome.lnk
2014-08-03 12:25 - 2011-09-05 19:28 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000UA
2014-08-03 12:25 - 2011-09-05 19:28 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000Core
2014-08-03 12:24 - 2013-12-13 17:54 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-03 12:24 - 2013-12-13 17:54 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-25 12:55 - 2014-08-06 12:51 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-25 12:49 - 2014-08-06 12:51 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-25 12:49 - 2014-08-06 12:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-25 12:49 - 2014-08-06 12:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 09:34

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2014
Ran by ING at 2014-08-12 17:15:15
Running from C:\Users\ING\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‎Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.00 - Canon Inc.)
Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG3200 series User Registration (HKLM-x32\...\Canon MG3200 series User Registration) (Version:  - Canon Inc.‎)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digital Cable Advisor (HKLM\...\{07ECF9FC-BB47-4325-8345-7BFEC708DDD7}) (Version: 1.0.0.0 - Microsoft Corporation)
Elevated Installer (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Garmin Express (HKLM-x32\...\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - Christian Kindahl)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2345 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LibreOffice 4.1 Help Pack (English (United States)) (HKLM-x32\...\{8A9813D3-562E-49A8-A67F-8FF6616CC699}) (Version: 4.1.5.3 - The Document Foundation)
LibreOffice 4.1.5.3 (HKLM-x32\...\{E77773E5-944A-453F-97F3-46767AE0A253}) (Version: 4.1.5.3 - The Document Foundation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.50.862.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.50.859.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.50.861.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6334 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13348 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SlingPlayer (HKLM-x32\...\InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}) (Version: 2.0.4522 - Sling Media)
SlingPlayer (x32 Version: 2.0.4522 - Sling Media) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1128 - SUPERAntiSpyware.com)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2309 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0474 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0186 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
USB PC Camera VC305 (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0305}) (Version: 1.45.060824 - Vimicro Corporation)
VLC media player 1.1.9 (HKLM-x32\...\VLC media player) (Version: 1.1.9 - VideoLAN)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3404179652-3976374348-2591870498-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\ING\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3404179652-3976374348-2591870498-1000_Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 -> C:\Windows\system32\webcheck.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3404179652-3976374348-2591870498-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ING\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

14-05-2014 10:53:32 Windows Update
15-05-2014 18:53:52 Windows Update
01-08-2014 21:12:24 Scheduled Checkpoint
03-08-2014 18:08:56 Windows Update
05-08-2014 19:40:28 Garmin Express
05-08-2014 19:41:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
06-08-2014 14:59:12 Installed Java 7 Update 45
06-08-2014 16:50:37 Installed Java 7 Update 67
07-08-2014 12:24:46 Windows Update
11-08-2014 16:02:18 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1C0AE2CD-4F11-48AF-B4EC-AC9472A037D4} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3404179652-3976374348-2591870498-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {31D25B00-0DCA-4E52-8844-B862C29CC04A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000UA => C:\Users\ING\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-05] (Google Inc.)
Task: {47C2658C-6B56-4EA9-9E11-E537A7B96A95} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-23] ()
Task: {4DB5900A-DBE1-4257-8D24-66BCD657D703} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-03] (Adobe Systems Incorporated)
Task: {59127C13-25A0-4C16-B23E-6794FB448474} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {674793A1-25E4-4E2E-A337-C89CD122B4C1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {6AACC4C3-6477-4C5B-A4EF-3C73CE8A1C6A} - System32\Tasks\{72613726-4937-4B5B-8451-608BB51E0CBC} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {72E14497-9524-48B0-879E-6BC2C4F310C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-13] (Google Inc.)
Task: {7354FC8F-BB36-4F8B-8057-19AF2CB29B30} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {751895AF-ABF9-4CC0-BCCF-18E2EC1B91BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-13] (Google Inc.)
Task: {85CAC0E7-07CA-46BF-9482-DBAA4E5A0CCA} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8F70D501-A758-4F14-BDAF-A708E7B5AA96} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A31C68D1-443B-4CAE-A065-4543503DABD1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {ABEEED44-3243-47A7-81F0-09CDD7822978} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3404179652-3976374348-2591870498-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D06EBEF7-629D-4D87-A24F-6025FC75CE90} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3404179652-3976374348-2591870498-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D570F5DE-C89A-4620-90A1-9A856AECE04C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {DB555FB1-5EC3-4689-A7FE-0D2ADA46B099} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E6726401-1AA0-42B5-BF05-35C2B50AE1B6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000Core => C:\Users\ING\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-05] (Google Inc.)
Task: {E908A772-E8FB-4989-A658-698EAD1B154E} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {EC010500-E16B-4EF1-AA68-8F6DE6ACC2F1} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000Core.job => C:\Users\ING\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000UA.job => C:\Users\ING\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-08-06 10:57 - 2014-08-06 10:57 - 00073728 _____ () C:\Users\ING\AppData\Roaming\VOPackage\VOsrv.exe
2011-05-05 10:55 - 2011-03-26 15:29 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-08-05 20:41 - 2014-08-05 20:41 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-03 13:52 - 2014-08-03 13:52 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\ING\Downloads\noname (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\ING\Downloads\noname.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/12/2014 05:02:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2014 05:01:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VM305_STI.EXE, version: 4.3.625.61, time stamp: 0x42f311f6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00620038
Faulting process id: 0xd0c
Faulting application start time: 0xVM305_STI.EXE0
Faulting application path: VM305_STI.EXE1
Faulting module path: VM305_STI.EXE2
Report Id: VM305_STI.EXE3

Error: (08/12/2014 03:14:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2014 03:13:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VM305_STI.EXE, version: 4.3.625.61, time stamp: 0x42f311f6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00620038
Faulting process id: 0xea8
Faulting application start time: 0xVM305_STI.EXE0
Faulting application path: VM305_STI.EXE1
Faulting module path: VM305_STI.EXE2
Report Id: VM305_STI.EXE3

Error: (08/12/2014 01:54:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2014 01:53:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VM305_STI.EXE, version: 4.3.625.61, time stamp: 0x42f311f6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00620038
Faulting process id: 0xfe8
Faulting application start time: 0xVM305_STI.EXE0
Faulting application path: VM305_STI.EXE1
Faulting module path: VM305_STI.EXE2
Report Id: VM305_STI.EXE3

Error: (08/12/2014 00:52:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2014 00:51:26 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Vimicro because of this error.

Program: Vimicro
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (08/12/2014 00:51:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VM305_STI.EXE, version: 4.3.625.61, time stamp: 0x42f311f6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000096
Fault offset: 0x00620038
Faulting process id: 0xc20
Faulting application start time: 0xVM305_STI.EXE0
Faulting application path: VM305_STI.EXE1
Faulting module path: VM305_STI.EXE2
Report Id: VM305_STI.EXE3

Error: (08/12/2014 09:43:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/12/2014 05:01:47 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (08/12/2014 05:01:47 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/

Error: (08/12/2014 05:01:47 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (08/12/2014 05:01:47 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/

Error: (08/12/2014 03:13:17 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (08/12/2014 03:13:17 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/

Error: (08/12/2014 03:13:17 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (08/12/2014 03:13:17 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/

Error: (08/12/2014 02:00:02 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (08/12/2014 01:53:17 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7


Microsoft Office Sessions:
=========================
Error: (08/12/2014 05:02:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2014 05:01:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VM305_STI.EXE4.3.625.6142f311f6unknown0.0.0.000000000c000000500620038d0c01cfb670839bfe81C:\Windows\VM305_STI.EXEunknownc9b9eada-2263-11e4-989f-8c89a52c3a25

Error: (08/12/2014 03:14:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2014 03:13:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VM305_STI.EXE4.3.625.6142f311f6unknown0.0.0.000000000c000000500620038ea801cfb6616cee0c19C:\Windows\VM305_STI.EXEunknownaf112b7d-2254-11e4-a601-8c89a52c3a25

Error: (08/12/2014 01:54:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2014 01:53:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VM305_STI.EXE4.3.625.6142f311f6unknown0.0.0.000000000c000000500620038fe801cfb6564168f8ebC:\Windows\VM305_STI.EXEunknown81ede8df-2249-11e4-bb03-8c89a52c3a25

Error: (08/12/2014 00:52:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2014 00:51:26 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Vimicro000000000

Error: (08/12/2014 00:51:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VM305_STI.EXE4.3.625.6142f311f6unknown0.0.0.000000000c000009600620038c2001cfb64da4db0069C:\Windows\VM305_STI.EXEunknowne5c64b89-2240-11e4-bb07-8c89a52c3a25

Error: (08/12/2014 09:43:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 8103.95 MB
Available physical RAM: 5833.61 MB
Total Pagefile: 16206.07 MB
Available Pagefile: 13772.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:833.66 GB) (Free:390.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: EB128DA8)

 

 

Please advise.

Link to post
Share on other sites

  • Replies 58
  • Created
  • Last Reply

Top Posters In This Topic

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

Is this a campus computer?

Link to post
Share on other sites

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

Marius,

I did not see the warning about rootkits. Scan produced the following:

GMER 2.1.19357 - http://www.gmer.net

Rootkit scan 2014-08-14 07:34:56

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EALX-229BA0 rev.15.01H15 931.51GB

Running: jkuos856.exe; Driver: C:\Users\ING\AppData\Local\Temp\kxrorpow.sys

---- Processes - GMER 2.1 ----

Process C:\Users\ING\AppData\Roaming\VOPackage\VOsrv.exe (*** suspicious ***) @ C:\Users\ING\AppData\Roaming\VOPackage\VOsrv.exe [2052](2014- 0000000000290000

Library c:\users\ing\appdata\local\temp\7zs75fd\hpslpsvc64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [3196] (HP Network Devices Support/Hewlett-Packard Co.)(2012-08-06 19:47:25) 0000000180000000

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 13769

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\ING\AppData\Local\Logitech\xae Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe 1

---- EOF - GMER 2.1 ----

Link to post
Share on other sites

Sorry!

GMER 2.1.19357 - http://www.gmer.net

Rootkit scan 2014-08-14 07:34:56

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EALX-229BA0 rev.15.01H15 931.51GB

Running: jkuos856.exe; Driver: C:\Users\ING\AppData\Local\Temp\kxrorpow.sys

---- Processes - GMER 2.1 ----

Process C:\Users\ING\AppData\Roaming\VOPackage\VOsrv.exe (*** suspicious ***) @ C:\Users\ING\AppData\Roaming\VOPackage\VOsrv.exe [2052](2014- 0000000000290000

Library c:\users\ing\appdata\local\temp\7zs75fd\hpslpsvc64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [3196] (HP Network Devices Support/Hewlett-Packard Co.)(2012-08-06 19:47:25) 0000000180000000

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 13769

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\ING\AppData\Local\Logitech\xae Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe 1

---- EOF - GMER 2.1 ----

Link to post
Share on other sites

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.



On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt



  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.


It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Marius,

 

When I booted up the system it offered a choice of repair or normal startup. I chose repair and then it asked if I wanted to specify a restore point. I declined and it went on to repair and has taken at least five minutes now. I tried to Cancel and it said the repair cannot be canceled.

 

What next? Unplug the power cord?

Link to post
Share on other sites

It finally finished and reported that Startup Repair cannot repair automatically and offered to send or not send report.

 

Details:

 

Startup Repair online

 

Signature 1:  6.1.7600,16385

                2:  6.1.7600

                3:  Unknown

                4:  357

                5:  AutoFailover

                6:  1

                7:  NoRootCause

 

OS Version:  6.1.7601.2.1.0.256.1

 

Locale ID:     1033

Link to post
Share on other sites

I could boot up and went to the Command Prompt window. I did not see the Disclaimer and went ahead to scan:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014 01
Ran by SYSTEM on MININT-VH5OOAE on 14-08-2014 10:42:11
Running from J:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-18] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [bigDog305] => C:\Windows\VM305_STI.EXE [61440 2012-08-20] (Vimicro)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-09-05] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\ING\...\Run: [Google Update] => C:\Users\ING\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-09-05] (Google Inc.)
HKU\ING\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
HKU\ING\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-12] (SUPERAntiSpyware)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
S2 HPSLPSVC; C:\Users\ING\AppData\Local\Temp\7zS75FD\hpslpsvc64.dll [1039360 2011-11-14] (Hewlett-Packard Co.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 servervo; C:\Users\ING\AppData\Roaming\VOPackage\VOsrv.exe [73728 2014-08-06] ()
S2 SlingAgentService; C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [94024 2010-11-03] (Sling Media Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 hcw89; C:\Windows\System32\DRIVERS\hcw89.sys [1605376 2011-07-05] (Hauppauge Computer Works, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-24] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [60416 2008-07-22] (Realtek Semiconductor Corporation                           )
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-08-12] ()
S3 vvftav; C:\Windows\System32\drivers\vvftav.sys [300800 2012-08-20] (Vimicro Corporation)
S3 ZSMC0305; C:\Windows\System32\Drivers\usbVM305.sys [1541120 2012-08-20] (Vimicro Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-14 03:46 - 2014-08-14 03:46 - 588518084 _____ () C:\Windows\MEMORY.DMP
2014-08-14 03:34 - 2014-08-14 03:34 - 00001224 _____ () C:\Users\ING\Documents\ark.txt
2014-08-14 03:26 - 2014-08-14 03:27 - 00380416 _____ () C:\Users\ING\Downloads\jkuos856.exe
2014-08-12 13:15 - 2014-08-12 13:15 - 00031937 _____ () C:\Users\ING\Downloads\Addition.txt
2014-08-12 13:14 - 2014-08-14 10:42 - 00000000 ____D () C:\FRST
2014-08-12 13:14 - 2014-08-12 13:15 - 00055934 _____ () C:\Users\ING\Downloads\FRST.txt
2014-08-12 13:11 - 2014-08-12 13:11 - 02099712 _____ (Farbar) C:\Users\ING\Downloads\FRST64.exe
2014-08-12 11:13 - 2014-08-14 03:14 - 00000000 ____D () C:\Users\ING\AppData\Local\CrashDumps
2014-08-12 10:00 - 2014-08-12 10:00 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-12 10:00 - 2014-08-12 10:00 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-12 09:58 - 2014-08-12 09:59 - 04817496 _____ () C:\Users\ING\Desktop\RogueKiller.exe
2014-08-12 09:02 - 2014-08-12 09:02 - 14349744 _____ (Malwarebytes Corp.) C:\Users\ING\Downloads\mbar-1.07.0.1012.exe
2014-08-09 05:28 - 2014-08-09 08:20 - 00003039 _____ () C:\Users\ING\Documents\hotsauces.txt
2014-08-08 13:03 - 2014-08-14 03:13 - 00000840 _____ () C:\Windows\setupact.log
2014-08-08 13:03 - 2014-08-08 13:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-08 08:17 - 2014-08-08 08:17 - 00001938 _____ () C:\Users\ING\Documents\cc_20140808_121731.reg
2014-08-07 17:49 - 2014-08-07 17:49 - 00000000 ____D () C:\Users\ING\AppData\Roaming\SUPERAntiSpyware.com
2014-08-07 17:48 - 2014-08-14 03:14 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-07 17:48 - 2014-08-07 17:48 - 00001815 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-07 17:48 - 2014-08-07 17:48 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-07 17:46 - 2014-08-07 17:46 - 18676504 _____ (SUPERAntiSpyware) C:\Users\ING\Downloads\SUPERAntiSpyware (1).exe
2014-08-07 15:36 - 2014-08-07 15:40 - 112030456 _____ (Microsoft Corporation) C:\Users\ING\Downloads\msert.exe
2014-08-06 08:57 - 2014-08-06 08:57 - 00010754 _____ () C:\Users\ING\Documents\cc_20140806_125705.reg
2014-08-06 08:54 - 2014-08-06 08:54 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Oracle
2014-08-06 08:51 - 2014-08-06 08:51 - 00005647 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-06 08:51 - 2014-07-25 08:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-06 08:51 - 2014-07-25 08:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-06 08:51 - 2014-07-25 08:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-06 08:51 - 2014-07-25 08:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-06 08:43 - 2014-08-06 08:43 - 00003814 _____ () C:\Users\ING\Documents\cc_20140806_124301.reg
2014-08-06 08:09 - 2014-08-09 08:34 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-08-06 08:09 - 2014-08-07 08:34 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-08-06 08:09 - 2014-08-06 08:54 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-08-06 08:09 - 2014-08-06 08:34 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-08-06 08:09 - 2014-08-06 08:34 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-08-06 08:09 - 2014-08-06 08:34 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-08-06 08:09 - 2014-08-06 08:10 - 00000324 _____ () C:\Users\ING\AppData\Roaming\aps.uninstall.scan.results
2014-08-06 08:08 - 2014-08-06 08:08 - 00591056 _____ (ClickMeIn Limited) C:\Users\ING\AppData\Local\nsx1367.tmp
2014-08-06 07:00 - 2014-08-06 08:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-06 06:58 - 2014-08-06 06:58 - 00000000 ____D () C:\Users\ING\AppData\Local\Packages
2014-08-06 06:58 - 2014-08-06 06:58 - 00000000 ____D () C:\ProgramData\858d75a5186e3022
2014-08-06 06:57 - 2014-08-06 06:57 - 00000464 __RSH () C:\ProgramData\ntuser.pol
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Torch
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Comodo
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Chromatic Browser
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\users\HomeGroupUser$
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Torch
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Google
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Comodo
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Chromatic Browser
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\users\Choo
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\users\Administrator
2014-08-06 06:56 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\ING\AppData\Roaming\VOPackage
2014-08-06 06:56 - 2014-08-06 06:56 - 00000000 ____D () C:\ProgramData\StepAppIt
2014-08-06 06:55 - 2014-08-06 06:56 - 00000000 ____D () C:\ProgramData\InstallMate
2014-08-06 06:52 - 2014-08-08 08:04 - 00000000 ____D () C:\Users\ING\AppData\Roaming\device
2014-08-06 06:52 - 2014-08-07 18:09 - 00000000 ____D () C:\Users\ING\AppData\Roaming\serv
2014-08-05 16:41 - 2014-08-05 16:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-05 12:11 - 2014-08-05 12:11 - 00000000 ____D () C:\kingstonk
2014-08-05 11:50 - 2014-08-05 11:50 - 00000000 ____D () C:\Users\ING\Documents\Garmin
2014-08-05 11:44 - 2014-08-05 11:44 - 00000000 ____D () C:\Users\ING\AppData\Local\Garmin
2014-08-05 11:42 - 2014-08-05 11:49 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Garmin
2014-08-05 11:42 - 2014-08-05 11:42 - 00000000 ____D () C:\Program Files\DIFX
2014-08-05 11:41 - 2014-08-05 11:44 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-05 11:41 - 2014-08-05 11:42 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-05 11:41 - 2014-08-05 11:41 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-08-05 11:41 - 2014-08-05 11:41 - 00001895 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-08-05 11:40 - 2014-08-05 11:42 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-05 11:35 - 2014-08-05 11:37 - 36347672 _____ (Garmin Ltd or its subsidiaries) C:\Users\ING\Downloads\GarminExpress.exe
2014-08-05 11:06 - 2014-08-05 11:06 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-05 11:05 - 2014-08-05 11:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-05 11:05 - 2014-08-05 11:06 - 00000000 ____D () C:\Program Files\iTunes
2014-08-05 11:05 - 2014-08-05 11:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-05 11:05 - 2014-08-05 11:05 - 00000000 ____D () C:\Program Files\iPod
2014-08-04 09:22 - 2014-08-04 09:22 - 00032218 _____ () C:\Users\ING\Documents\cc_20140804_132229.reg
2014-08-04 08:10 - 2014-08-12 11:13 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000
2014-08-03 15:42 - 2014-08-03 15:42 - 01383387 _____ () C:\Users\ING\Downloads\myyellowstoneitinerary.zip
2014-08-03 11:06 - 2014-08-14 03:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-03 11:06 - 2014-08-03 11:06 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebyte.lnk
2014-08-03 11:06 - 2014-08-03 11:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-03 11:06 - 2014-05-12 03:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-08-03 11:06 - 2014-05-12 03:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-08-03 10:08 - 2014-06-20 12:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-08-03 10:08 - 2014-06-20 11:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-03 10:08 - 2014-06-18 17:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-08-03 10:08 - 2014-06-18 17:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-08-03 10:08 - 2014-06-18 17:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-08-03 10:08 - 2014-06-18 16:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-08-03 10:08 - 2014-06-18 16:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-08-03 10:08 - 2014-06-18 16:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-08-03 10:08 - 2014-06-18 16:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-08-03 10:08 - 2014-06-18 16:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-08-03 10:08 - 2014-06-18 16:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-08-03 10:08 - 2014-06-18 16:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-08-03 10:08 - 2014-06-18 16:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-08-03 10:08 - 2014-06-18 16:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-08-03 10:08 - 2014-06-18 16:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-08-03 10:08 - 2014-06-18 16:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-08-03 10:08 - 2014-06-18 16:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-03 10:08 - 2014-06-18 16:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-03 10:08 - 2014-06-18 16:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-08-03 10:08 - 2014-06-18 15:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-03 10:08 - 2014-06-18 15:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-03 10:08 - 2014-06-18 15:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-08-03 10:08 - 2014-06-18 15:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-08-03 10:08 - 2014-06-18 15:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-08-03 10:08 - 2014-06-18 15:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-08-03 10:08 - 2014-06-18 15:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-08-03 10:08 - 2014-06-18 15:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-03 10:08 - 2014-06-18 15:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-03 10:08 - 2014-06-18 15:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-03 10:08 - 2014-06-18 15:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-03 10:08 - 2014-06-18 15:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-08-03 10:08 - 2014-06-18 15:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-03 10:08 - 2014-06-18 15:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-03 10:08 - 2014-06-18 15:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-03 10:08 - 2014-06-18 15:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-08-03 10:08 - 2014-06-18 15:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-08-03 10:08 - 2014-06-18 15:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-03 10:08 - 2014-06-18 15:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-03 10:08 - 2014-06-18 15:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-03 10:08 - 2014-06-18 15:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-03 10:08 - 2014-06-18 15:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-03 10:08 - 2014-06-18 15:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-03 10:08 - 2014-06-18 14:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-03 10:08 - 2014-06-18 14:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-08-03 10:08 - 2014-06-18 14:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-03 10:08 - 2014-06-18 14:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-03 10:08 - 2014-06-18 14:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-08-03 10:08 - 2014-06-18 14:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-03 10:08 - 2014-06-18 14:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-03 10:08 - 2014-06-18 14:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-03 10:08 - 2014-06-18 14:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-03 10:08 - 2014-06-18 14:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-08-03 10:08 - 2014-06-18 14:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-08-03 10:08 - 2014-06-18 14:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-03 10:08 - 2014-06-18 14:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-03 10:08 - 2014-06-18 14:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-03 10:07 - 2014-06-29 18:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-08-03 10:07 - 2014-06-29 18:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-08-03 10:07 - 2014-06-17 18:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\osk.exe
2014-08-03 10:07 - 2014-06-17 17:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-08-03 10:07 - 2014-06-17 17:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-03 10:07 - 2014-06-06 02:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-08-03 10:07 - 2014-06-06 01:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-08-03 10:07 - 2014-06-05 06:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-08-03 10:07 - 2014-06-05 06:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-08-03 10:07 - 2014-06-05 06:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-08-03 10:07 - 2014-05-30 00:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-08-03 10:07 - 2014-05-30 00:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-08-03 10:07 - 2014-05-30 00:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-08-03 10:07 - 2014-05-30 00:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2014-08-03 10:07 - 2014-05-30 00:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-08-03 10:07 - 2014-05-30 00:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-08-03 10:07 - 2014-05-30 00:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-08-03 10:07 - 2014-05-29 23:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-08-03 10:07 - 2014-05-29 23:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-08-03 10:07 - 2014-05-29 23:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-08-03 10:07 - 2014-05-29 23:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-08-03 10:07 - 2014-05-29 23:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-08-03 10:07 - 2014-05-29 23:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-08-03 10:07 - 2014-05-29 23:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-08-03 10:07 - 2014-05-29 22:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2014-08-03 10:07 - 2014-04-24 18:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2014-08-03 10:07 - 2014-04-24 18:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-08-03 10:07 - 2014-04-04 18:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-08-03 10:07 - 2014-04-04 18:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2014-08-03 10:07 - 2014-03-26 06:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2014-08-03 10:07 - 2014-03-26 06:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-08-03 10:07 - 2014-03-26 06:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml6r.dll
2014-08-03 10:07 - 2014-03-26 06:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-08-03 10:07 - 2014-03-26 06:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-08-03 10:07 - 2014-03-26 06:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-08-03 10:07 - 2014-03-26 06:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-08-03 10:07 - 2014-03-26 06:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-14 10:42 - 2014-08-12 13:14 - 00000000 ____D () C:\FRST
2014-08-14 03:46 - 2014-08-14 03:46 - 588518084 _____ () C:\Windows\MEMORY.DMP
2014-08-14 03:34 - 2014-08-14 03:34 - 00001224 _____ () C:\Users\ING\Documents\ark.txt
2014-08-14 03:30 - 2011-09-05 15:28 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000UA.job
2014-08-14 03:29 - 2013-12-13 13:54 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-14 03:27 - 2014-08-14 03:26 - 00380416 _____ () C:\Users\ING\Downloads\jkuos856.exe
2014-08-14 03:25 - 2011-09-05 17:18 - 01378770 _____ () C:\Windows\WindowsUpdate.log
2014-08-14 03:21 - 2009-07-13 20:45 - 00016976 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-14 03:21 - 2009-07-13 20:45 - 00016976 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-14 03:14 - 2014-08-12 11:13 - 00000000 ____D () C:\Users\ING\AppData\Local\CrashDumps
2014-08-14 03:14 - 2014-08-07 17:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-14 03:14 - 2014-08-03 11:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-14 03:14 - 2013-12-13 13:54 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-14 03:14 - 2013-03-20 20:29 - 00003220 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3404179652-3976374348-2591870498-1000
2014-08-14 03:14 - 2013-01-03 10:09 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000
2014-08-14 03:13 - 2014-08-08 13:03 - 00000840 _____ () C:\Windows\setupact.log
2014-08-14 03:13 - 2011-10-18 23:02 - 00000000 _____ () C:\Windows\System32\Drivers\lvuvc.hs
2014-08-14 03:13 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-13 05:52 - 2012-07-21 14:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-12 13:15 - 2014-08-12 13:15 - 00031937 _____ () C:\Users\ING\Downloads\Addition.txt
2014-08-12 13:15 - 2014-08-12 13:14 - 00055934 _____ () C:\Users\ING\Downloads\FRST.txt
2014-08-12 13:11 - 2014-08-12 13:11 - 02099712 _____ (Farbar) C:\Users\ING\Downloads\FRST64.exe
2014-08-12 11:13 - 2014-08-04 08:10 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000
2014-08-12 11:13 - 2014-05-09 14:00 - 00003198 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3404179652-3976374348-2591870498-1000
2014-08-12 10:00 - 2014-08-12 10:00 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-12 10:00 - 2014-08-12 10:00 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-12 09:59 - 2014-08-12 09:58 - 04817496 _____ () C:\Users\ING\Desktop\RogueKiller.exe
2014-08-12 09:02 - 2014-08-12 09:02 - 14349744 _____ (Malwarebytes Corp.) C:\Users\ING\Downloads\mbar-1.07.0.1012.exe
2014-08-12 08:57 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-08-12 08:30 - 2011-09-05 15:28 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000Core.job
2014-08-11 08:06 - 2012-07-24 17:38 - 00000000 ____D () C:\Users\ING\Documents\accts
2014-08-09 08:34 - 2014-08-06 08:09 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-08-09 08:20 - 2014-08-09 05:28 - 00003039 _____ () C:\Users\ING\Documents\hotsauces.txt
2014-08-08 13:03 - 2014-08-08 13:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-08 08:17 - 2014-08-08 08:17 - 00001938 _____ () C:\Users\ING\Documents\cc_20140808_121731.reg
2014-08-08 08:11 - 2013-04-08 04:52 - 00000000 ____D () C:\Users\ING\AppData\Roaming\BitTorrent
2014-08-08 08:04 - 2014-08-06 06:52 - 00000000 ____D () C:\Users\ING\AppData\Roaming\device
2014-08-08 06:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-08-07 18:09 - 2014-08-06 06:52 - 00000000 ____D () C:\Users\ING\AppData\Roaming\serv
2014-08-07 17:49 - 2014-08-07 17:49 - 00000000 ____D () C:\Users\ING\AppData\Roaming\SUPERAntiSpyware.com
2014-08-07 17:48 - 2014-08-07 17:48 - 00001815 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-07 17:48 - 2014-08-07 17:48 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-07 17:46 - 2014-08-07 17:46 - 18676504 _____ (SUPERAntiSpyware) C:\Users\ING\Downloads\SUPERAntiSpyware (1).exe
2014-08-07 15:40 - 2014-08-07 15:36 - 112030456 _____ (Microsoft Corporation) C:\Users\ING\Downloads\msert.exe
2014-08-07 08:34 - 2014-08-06 08:09 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-08-06 08:57 - 2014-08-06 08:57 - 00010754 _____ () C:\Users\ING\Documents\cc_20140806_125705.reg
2014-08-06 08:54 - 2014-08-06 08:54 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Oracle
2014-08-06 08:54 - 2014-08-06 08:09 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-08-06 08:52 - 2014-08-06 07:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-06 08:51 - 2014-08-06 08:51 - 00005647 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-06 08:51 - 2012-07-20 18:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-06 08:47 - 2011-05-05 07:38 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-08-06 08:46 - 2011-12-03 13:55 - 00038194 _____ () C:\Windows\Irremote.ini
2014-08-06 08:46 - 2011-12-03 13:55 - 00000000 ____D () C:\Users\Public\WinTV
2014-08-06 08:43 - 2014-08-06 08:43 - 00003814 _____ () C:\Users\ING\Documents\cc_20140806_124301.reg
2014-08-06 08:38 - 2012-07-29 00:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-06 08:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\security
2014-08-06 08:34 - 2014-08-06 08:09 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-08-06 08:34 - 2014-08-06 08:09 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-08-06 08:34 - 2014-08-06 08:09 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-08-06 08:10 - 2014-08-06 08:09 - 00000324 _____ () C:\Users\ING\AppData\Roaming\aps.uninstall.scan.results
2014-08-06 08:08 - 2014-08-06 08:08 - 00591056 _____ (ClickMeIn Limited) C:\Users\ING\AppData\Local\nsx1367.tmp
2014-08-06 06:58 - 2014-08-06 06:58 - 00000000 ____D () C:\Users\ING\AppData\Local\Packages
2014-08-06 06:58 - 2014-08-06 06:58 - 00000000 ____D () C:\ProgramData\858d75a5186e3022
2014-08-06 06:57 - 2014-08-06 06:57 - 00000464 __RSH () C:\ProgramData\ntuser.pol
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Torch
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Comodo
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Chromatic Browser
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\users\HomeGroupUser$
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Torch
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Google
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Comodo
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Chromatic Browser
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\users\Choo
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-08-06 06:57 - 2014-08-06 06:57 - 00000000 ____D () C:\users\Administrator
2014-08-06 06:57 - 2014-08-06 06:56 - 00000000 ____D () C:\Users\ING\AppData\Roaming\VOPackage
2014-08-06 06:57 - 2011-09-05 15:28 - 00000000 ____D () C:\Users\ING\AppData\Local\Google
2014-08-06 06:57 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\System32\GroupPolicy
2014-08-06 06:57 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-06 06:56 - 2014-08-06 06:56 - 00000000 ____D () C:\ProgramData\StepAppIt
2014-08-06 06:56 - 2014-08-06 06:55 - 00000000 ____D () C:\ProgramData\InstallMate
2014-08-06 02:59 - 2011-09-06 19:14 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Skype
2014-08-05 16:41 - 2014-08-05 16:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-05 12:11 - 2014-08-05 12:11 - 00000000 ____D () C:\kingstonk
2014-08-05 11:50 - 2014-08-05 11:50 - 00000000 ____D () C:\Users\ING\Documents\Garmin
2014-08-05 11:49 - 2014-08-05 11:42 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Garmin
2014-08-05 11:44 - 2014-08-05 11:44 - 00000000 ____D () C:\Users\ING\AppData\Local\Garmin
2014-08-05 11:44 - 2014-08-05 11:41 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-05 11:42 - 2014-08-05 11:42 - 00000000 ____D () C:\Program Files\DIFX
2014-08-05 11:42 - 2014-08-05 11:41 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-05 11:42 - 2014-08-05 11:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-05 11:41 - 2014-08-05 11:41 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-08-05 11:41 - 2014-08-05 11:41 - 00001895 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-08-05 11:37 - 2014-08-05 11:35 - 36347672 _____ (Garmin Ltd or its subsidiaries) C:\Users\ING\Downloads\GarminExpress.exe
2014-08-05 11:06 - 2014-08-05 11:06 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-05 11:06 - 2014-08-05 11:05 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-05 11:06 - 2014-08-05 11:05 - 00000000 ____D () C:\Program Files\iTunes
2014-08-05 11:06 - 2014-08-05 11:05 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-05 11:05 - 2014-08-05 11:05 - 00000000 ____D () C:\Program Files\iPod
2014-08-04 17:06 - 2011-09-06 19:14 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-04 17:06 - 2011-09-06 19:14 - 00000000 ____D () C:\ProgramData\Skype
2014-08-04 09:22 - 2014-08-04 09:22 - 00032218 _____ () C:\Users\ING\Documents\cc_20140804_132229.reg
2014-08-04 09:20 - 2012-07-22 03:44 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-04 09:20 - 2012-07-22 03:44 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-03 15:54 - 2012-07-24 17:41 - 00000000 ____D () C:\Users\ING\Documents\gcumcDocs
2014-08-03 15:42 - 2014-08-03 15:42 - 01383387 _____ () C:\Users\ING\Downloads\myyellowstoneitinerary.zip
2014-08-03 12:08 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-08-03 11:06 - 2014-08-03 11:06 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebyte.lnk
2014-08-03 11:06 - 2014-08-03 11:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-03 11:06 - 2011-09-05 15:49 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Malwarebytes
2014-08-03 11:06 - 2011-09-05 15:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-03 11:06 - 2011-09-05 15:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-03 11:00 - 2009-07-13 20:45 - 00337840 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-08-03 10:59 - 2013-03-20 23:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-03 10:59 - 2013-03-20 23:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-03 10:58 - 2014-05-06 10:47 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-08-03 10:58 - 2010-11-20 23:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-03 10:58 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-03 10:58 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Dism
2014-08-03 10:13 - 2013-08-14 19:23 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-03 09:52 - 2012-07-21 14:09 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-03 09:52 - 2012-07-21 14:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-03 09:52 - 2011-11-05 11:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-03 08:40 - 2011-09-05 15:29 - 00002366 _____ () C:\Users\ING\Desktop\Google Chrome.lnk
2014-08-03 08:25 - 2011-09-05 15:28 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000UA
2014-08-03 08:25 - 2011-09-05 15:28 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000Core
2014-08-03 08:24 - 2013-12-13 13:54 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-03 08:24 - 2013-12-13 13:54 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-25 08:55 - 2014-08-06 08:51 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-25 08:49 - 2014-08-06 08:51 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-25 08:49 - 2014-08-06 08:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-25 08:49 - 2014-08-06 08:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2014-05-14 02:53:45
Restore point made on: 2014-05-15 10:54:07
Restore point made on: 2014-08-01 13:12:35
Restore point made on: 2014-08-03 10:09:09
Restore point made on: 2014-08-05 11:40:41
Restore point made on: 2014-08-05 11:41:11
Restore point made on: 2014-08-06 06:59:24
Restore point made on: 2014-08-06 08:50:47
Restore point made on: 2014-08-07 04:24:57
Restore point made on: 2014-08-11 08:02:29
 
==================== Memory info =========================== 
 
Percentage of memory in use: 10%
Total physical RAM: 8103.95 MB
Available physical RAM: 7283.03 MB
Total Pagefile: 8102.14 MB
Available Pagefile: 7278.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:833.66 GB) (Free:389.41 GB) NTFS
Drive j: (SLAX) (Removable) (Total:3.73 GB) (Free:0.53 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System) (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: EB128DA8)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=834 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=05)
 
========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
 
LastRegBack: 2014-08-07 05:34
 
==================== End Of Log ============================
Link to post
Share on other sites

I know! :)

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

Link to post
Share on other sites

Marius,

Thanks again for your attention.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-08-2014

Ran by ING (administrator) on ING-B351 on 15-08-2014 07:23:04

Running from C:\Users\ING\Desktop

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://nmd.msn.com

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKCU - DefaultScope {54522C96-46E9-48EA-82B5-9C1E5A230C31} URL =

SearchScopes: HKCU - {54522C96-46E9-48EA-82B5-9C1E5A230C31} URL =

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:

========

FF ProfilePath: C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default

FF Homepage: hxxp://users.hal-pc.org/~lang

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\ING\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\ING\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF user.js: detected! => C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\user.js

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)

FF Extension: CostMin - C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\Extensions\0nd-gfgo@flm-bjur.net [2014-08-06]

FF Extension: EPUBReader - C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-12-08]

FF Extension: WebSlingPlayer - C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2012-05-09]

FF Extension: NoScript - C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-09-22]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-08-05]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-08-05]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-08-05]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-08-05]

FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-05]

FF HKCU\...\Firefox\Extensions: [{BF3CC464-7D6D-3AB7-38B3-069F211EB58B}] - C:\Program Files (x86)\ver3click-n-mark\176.xpi

Chrome:

=======

CHR Extension: (Google Docs) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-09]

CHR Extension: (Google Drive) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-09]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-03]

CHR Extension: (YouTube) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-09]

CHR Extension: (Google Search) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-09]

CHR Extension: (RealDownloader) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2012-12-21]

CHR Extension: (Skype Click to Call) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-09-07]

CHR Extension: (Google Wallet) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]

CHR Extension: (Gmail) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-09]

CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-14]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)

R2 HPSLPSVC; C:\Users\ING\AppData\Local\Temp\7zS75FD\hpslpsvc64.dll [1039360 2011-11-14] (Hewlett-Packard Co.) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

R2 servervo; C:\Users\ING\AppData\Roaming\VOPackage\VOsrv.exe [73728 2014-08-06] () [File not signed]

R2 SlingAgentService; C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [94024 2010-11-03] (Sling Media Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 hcw89; C:\Windows\System32\DRIVERS\hcw89.sys [1605376 2011-07-05] (Hauppauge Computer Works, Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-15] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [60416 2008-07-22] (Realtek Semiconductor Corporation )

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-08-12] ()

S3 vvftav; C:\Windows\System32\drivers\vvftav.sys [300800 2012-08-20] (Vimicro Corporation)

S3 ZSMC0305; C:\Windows\System32\Drivers\usbVM305.sys [1541120 2012-08-20] (Vimicro Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-15 07:23 - 2014-08-15 07:23 - 00019704 _____ () C:\Users\ING\Desktop\FRST.txt

2014-08-15 07:21 - 2014-08-15 07:21 - 02100224 _____ (Farbar) C:\Users\ING\Desktop\FRST64(1).exe

2014-08-14 07:46 - 2014-08-14 07:46 - 588518084 _____ () C:\Windows\MEMORY.DMP

2014-08-14 07:34 - 2014-08-14 07:34 - 00001224 _____ () C:\Users\ING\Documents\ark.txt

2014-08-14 07:26 - 2014-08-14 07:27 - 00380416 _____ () C:\Users\ING\Downloads\jkuos856.exe

2014-08-12 17:15 - 2014-08-12 17:15 - 00031937 _____ () C:\Users\ING\Downloads\Addition.txt

2014-08-12 17:14 - 2014-08-15 07:23 - 00000000 ____D () C:\FRST

2014-08-12 17:14 - 2014-08-12 17:15 - 00055934 _____ () C:\Users\ING\Downloads\FRST.txt

2014-08-12 17:11 - 2014-08-12 17:11 - 02099712 _____ (Farbar) C:\Users\ING\Downloads\FRST64.exe

2014-08-12 15:13 - 2014-08-15 07:20 - 00000000 ____D () C:\Users\ING\AppData\Local\CrashDumps

2014-08-12 14:00 - 2014-08-12 14:00 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys

2014-08-12 14:00 - 2014-08-12 14:00 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-08-12 13:58 - 2014-08-12 13:59 - 04817496 _____ () C:\Users\ING\Desktop\RogueKiller.exe

2014-08-12 13:02 - 2014-08-12 13:02 - 14349744 _____ (Malwarebytes Corp.) C:\Users\ING\Downloads\mbar-1.07.0.1012.exe

2014-08-09 09:28 - 2014-08-09 12:20 - 00003039 _____ () C:\Users\ING\Documents\hotsauces.txt

2014-08-08 17:03 - 2014-08-15 07:17 - 00001008 _____ () C:\Windows\setupact.log

2014-08-08 17:03 - 2014-08-08 17:03 - 00000000 _____ () C:\Windows\setuperr.log

2014-08-08 12:17 - 2014-08-08 12:17 - 00001938 _____ () C:\Users\ING\Documents\cc_20140808_121731.reg

2014-08-07 21:49 - 2014-08-07 21:49 - 00000000 ____D () C:\Users\ING\AppData\Roaming\SUPERAntiSpyware.com

2014-08-07 21:48 - 2014-08-15 07:19 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware

2014-08-07 21:48 - 2014-08-07 21:48 - 00001815 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2014-08-07 21:48 - 2014-08-07 21:48 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com

2014-08-07 21:48 - 2014-08-07 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

2014-08-07 21:46 - 2014-08-07 21:46 - 18676504 _____ (SUPERAntiSpyware) C:\Users\ING\Downloads\SUPERAntiSpyware (1).exe

2014-08-07 19:36 - 2014-08-07 19:40 - 112030456 _____ (Microsoft Corporation) C:\Users\ING\Downloads\msert.exe

2014-08-06 12:57 - 2014-08-06 12:57 - 00010754 _____ () C:\Users\ING\Documents\cc_20140806_125705.reg

2014-08-06 12:54 - 2014-08-06 12:54 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Oracle

2014-08-06 12:51 - 2014-08-06 12:51 - 00005647 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log

2014-08-06 12:51 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-08-06 12:51 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-08-06 12:51 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-08-06 12:51 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-08-06 12:43 - 2014-08-06 12:43 - 00003814 _____ () C:\Users\ING\Documents\cc_20140806_124301.reg

2014-08-06 12:09 - 2014-08-09 12:34 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job

2014-08-06 12:09 - 2014-08-07 12:34 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job

2014-08-06 12:09 - 2014-08-06 12:54 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job

2014-08-06 12:09 - 2014-08-06 12:34 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP1

2014-08-06 12:09 - 2014-08-06 12:34 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP3

2014-08-06 12:09 - 2014-08-06 12:34 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP2

2014-08-06 12:09 - 2014-08-06 12:10 - 00000324 _____ () C:\Users\ING\AppData\Roaming\aps.uninstall.scan.results

2014-08-06 12:08 - 2014-08-06 12:08 - 00591056 _____ (ClickMeIn Limited) C:\Users\ING\AppData\Local\nsx1367.tmp

2014-08-06 11:00 - 2014-08-06 12:52 - 00000000 ____D () C:\ProgramData\Oracle

2014-08-06 10:59 - 2014-08-06 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-06 10:58 - 2014-08-06 10:58 - 00000000 ____D () C:\Users\ING\AppData\Local\Packages

2014-08-06 10:58 - 2014-08-06 10:58 - 00000000 ____D () C:\ProgramData\858d75a5186e3022

2014-08-06 10:57 - 2014-08-06 10:57 - 00000464 __RSH () C:\ProgramData\ntuser.pol

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Torch

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Comodo

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Chromatic Browser

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Torch

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Google

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Comodo

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Chromatic Browser

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator

2014-08-06 10:56 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Roaming\VOPackage

2014-08-06 10:56 - 2014-08-06 10:56 - 00000000 ____D () C:\ProgramData\StepAppIt

2014-08-06 10:55 - 2014-08-06 10:56 - 00000000 ____D () C:\ProgramData\InstallMate

2014-08-06 10:52 - 2014-08-08 12:04 - 00000000 ____D () C:\Users\ING\AppData\Roaming\device

2014-08-06 10:52 - 2014-08-07 22:09 - 00000000 ____D () C:\Users\ING\AppData\Roaming\serv

2014-08-05 20:41 - 2014-08-05 20:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-08-05 16:11 - 2014-08-05 16:11 - 00000000 ____D () C:\kingstonk

2014-08-05 15:50 - 2014-08-05 15:50 - 00000000 ____D () C:\Users\ING\Documents\Garmin

2014-08-05 15:44 - 2014-08-05 15:44 - 00000000 ____D () C:\Users\ING\AppData\Local\Garmin

2014-08-05 15:42 - 2014-08-05 15:49 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Garmin

2014-08-05 15:42 - 2014-08-05 15:42 - 00000000 ____D () C:\Program Files\DIFX

2014-08-05 15:41 - 2014-08-05 15:44 - 00000000 ____D () C:\ProgramData\Garmin

2014-08-05 15:41 - 2014-08-05 15:42 - 00000000 ____D () C:\Program Files (x86)\Garmin

2014-08-05 15:41 - 2014-08-05 15:41 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask

2014-08-05 15:41 - 2014-08-05 15:41 - 00001895 _____ () C:\Users\Public\Desktop\Garmin Express.lnk

2014-08-05 15:41 - 2014-08-05 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin

2014-08-05 15:40 - 2014-08-05 15:42 - 00000000 ____D () C:\ProgramData\Package Cache

2014-08-05 15:35 - 2014-08-05 15:37 - 36347672 _____ (Garmin Ltd or its subsidiaries) C:\Users\ING\Downloads\GarminExpress.exe

2014-08-05 15:06 - 2014-08-05 15:06 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-08-05 15:06 - 2014-08-05 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-08-05 15:05 - 2014-08-05 15:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-08-05 15:05 - 2014-08-05 15:06 - 00000000 ____D () C:\Program Files\iTunes

2014-08-05 15:05 - 2014-08-05 15:06 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-08-05 15:05 - 2014-08-05 15:05 - 00000000 ____D () C:\Program Files\iPod

2014-08-04 13:22 - 2014-08-04 13:22 - 00032218 _____ () C:\Users\ING\Documents\cc_20140804_132229.reg

2014-08-04 12:10 - 2014-08-14 15:45 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000

2014-08-03 19:42 - 2014-08-03 19:42 - 01383387 _____ () C:\Users\ING\Downloads\myyellowstoneitinerary.zip

2014-08-03 15:06 - 2014-08-15 07:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-03 15:06 - 2014-08-03 15:06 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebyte.lnk

2014-08-03 15:06 - 2014-08-03 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-03 15:06 - 2014-08-03 15:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-03 15:06 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-08-03 15:06 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-08-03 14:08 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-03 14:08 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-03 14:08 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-03 14:08 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-03 14:08 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-03 14:08 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-03 14:08 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-03 14:08 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-03 14:08 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-03 14:08 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-03 14:08 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-03 14:08 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-03 14:08 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-03 14:08 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-03 14:08 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-03 14:08 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-03 14:08 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-03 14:08 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-03 14:08 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-03 14:08 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-03 14:08 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-03 14:08 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-03 14:08 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-03 14:08 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-03 14:08 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-03 14:08 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-03 14:08 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-03 14:08 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-03 14:08 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-03 14:08 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-03 14:08 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-03 14:08 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-03 14:08 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-03 14:08 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-03 14:08 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-03 14:08 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-03 14:08 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-03 14:08 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-03 14:08 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-03 14:08 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-03 14:08 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-03 14:08 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-03 14:08 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-03 14:08 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-03 14:08 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-03 14:08 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-03 14:08 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-03 14:08 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-03 14:08 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-03 14:08 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-03 14:08 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-03 14:08 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-03 14:08 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-03 14:08 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-03 14:08 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-03 14:08 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-03 14:07 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-08-03 14:07 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-08-03 14:07 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe

2014-08-03 14:07 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe

2014-08-03 14:07 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-03 14:07 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-08-03 14:07 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-08-03 14:07 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-08-03 14:07 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-08-03 14:07 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-08-03 14:07 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-08-03 14:07 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-08-03 14:07 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-08-03 14:07 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2014-08-03 14:07 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-08-03 14:07 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-08-03 14:07 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-08-03 14:07 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-08-03 14:07 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2014-08-03 14:07 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2014-08-03 14:07 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2014-08-03 14:07 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2014-08-03 14:07 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-08-03 14:07 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-08-03 14:07 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2014-08-03 14:07 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2014-08-03 14:07 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll

2014-08-03 14:07 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-08-03 14:07 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2014-08-03 14:07 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2014-08-03 14:07 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-08-03 14:07 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll

2014-08-03 14:07 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-08-03 14:07 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2014-08-03 14:07 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-08-03 14:07 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll

2014-08-03 14:07 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-15 07:23 - 2014-08-15 07:23 - 00019704 _____ () C:\Users\ING\Desktop\FRST.txt

2014-08-15 07:23 - 2014-08-12 17:14 - 00000000 ____D () C:\FRST

2014-08-15 07:21 - 2014-08-15 07:21 - 02100224 _____ (Farbar) C:\Users\ING\Desktop\FRST64(1).exe

2014-08-15 07:21 - 2011-09-05 21:18 - 01457698 _____ () C:\Windows\WindowsUpdate.log

2014-08-15 07:20 - 2014-08-12 15:13 - 00000000 ____D () C:\Users\ING\AppData\Local\CrashDumps

2014-08-15 07:20 - 2014-08-03 15:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-15 07:20 - 2013-03-21 00:29 - 00003220 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3404179652-3976374348-2591870498-1000

2014-08-15 07:20 - 2013-01-03 14:09 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000

2014-08-15 07:19 - 2014-08-07 21:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware

2014-08-15 07:19 - 2013-12-13 17:54 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-08-15 07:17 - 2014-08-08 17:03 - 00001008 _____ () C:\Windows\setupact.log

2014-08-15 07:17 - 2011-10-19 03:02 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs

2014-08-15 07:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-14 15:52 - 2012-07-21 18:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-08-14 15:52 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-14 15:52 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-14 15:49 - 2011-09-05 19:29 - 00002366 _____ () C:\Users\ING\Desktop\Google Chrome.lnk

2014-08-14 15:45 - 2014-08-04 12:10 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000

2014-08-14 15:45 - 2014-05-09 18:00 - 00003198 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3404179652-3976374348-2591870498-1000

2014-08-14 12:30 - 2011-09-05 19:28 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000UA.job

2014-08-14 12:30 - 2011-09-05 19:28 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000Core.job

2014-08-14 12:29 - 2013-12-13 17:54 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-08-14 07:46 - 2014-08-14 07:46 - 588518084 _____ () C:\Windows\MEMORY.DMP

2014-08-14 07:34 - 2014-08-14 07:34 - 00001224 _____ () C:\Users\ING\Documents\ark.txt

2014-08-14 07:27 - 2014-08-14 07:26 - 00380416 _____ () C:\Users\ING\Downloads\jkuos856.exe

2014-08-12 17:15 - 2014-08-12 17:15 - 00031937 _____ () C:\Users\ING\Downloads\Addition.txt

2014-08-12 17:15 - 2014-08-12 17:14 - 00055934 _____ () C:\Users\ING\Downloads\FRST.txt

2014-08-12 17:11 - 2014-08-12 17:11 - 02099712 _____ (Farbar) C:\Users\ING\Downloads\FRST64.exe

2014-08-12 14:00 - 2014-08-12 14:00 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys

2014-08-12 14:00 - 2014-08-12 14:00 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-08-12 13:59 - 2014-08-12 13:58 - 04817496 _____ () C:\Users\ING\Desktop\RogueKiller.exe

2014-08-12 13:02 - 2014-08-12 13:02 - 14349744 _____ (Malwarebytes Corp.) C:\Users\ING\Downloads\mbar-1.07.0.1012.exe

2014-08-12 12:57 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-11 12:06 - 2012-07-24 21:38 - 00000000 ____D () C:\Users\ING\Documents\accts

2014-08-09 12:34 - 2014-08-06 12:09 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job

2014-08-09 12:20 - 2014-08-09 09:28 - 00003039 _____ () C:\Users\ING\Documents\hotsauces.txt

2014-08-08 17:03 - 2014-08-08 17:03 - 00000000 _____ () C:\Windows\setuperr.log

2014-08-08 12:17 - 2014-08-08 12:17 - 00001938 _____ () C:\Users\ING\Documents\cc_20140808_121731.reg

2014-08-08 12:11 - 2013-04-08 08:52 - 00000000 ____D () C:\Users\ING\AppData\Roaming\BitTorrent

2014-08-08 12:04 - 2014-08-06 10:52 - 00000000 ____D () C:\Users\ING\AppData\Roaming\device

2014-08-08 10:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-08-07 22:09 - 2014-08-06 10:52 - 00000000 ____D () C:\Users\ING\AppData\Roaming\serv

2014-08-07 21:49 - 2014-08-07 21:49 - 00000000 ____D () C:\Users\ING\AppData\Roaming\SUPERAntiSpyware.com

2014-08-07 21:48 - 2014-08-07 21:48 - 00001815 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2014-08-07 21:48 - 2014-08-07 21:48 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com

2014-08-07 21:48 - 2014-08-07 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

2014-08-07 21:46 - 2014-08-07 21:46 - 18676504 _____ (SUPERAntiSpyware) C:\Users\ING\Downloads\SUPERAntiSpyware (1).exe

2014-08-07 19:40 - 2014-08-07 19:36 - 112030456 _____ (Microsoft Corporation) C:\Users\ING\Downloads\msert.exe

2014-08-07 12:34 - 2014-08-06 12:09 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job

2014-08-06 12:57 - 2014-08-06 12:57 - 00010754 _____ () C:\Users\ING\Documents\cc_20140806_125705.reg

2014-08-06 12:54 - 2014-08-06 12:54 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Oracle

2014-08-06 12:54 - 2014-08-06 12:09 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job

2014-08-06 12:52 - 2014-08-06 11:00 - 00000000 ____D () C:\ProgramData\Oracle

2014-08-06 12:51 - 2014-08-06 12:51 - 00005647 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log

2014-08-06 12:51 - 2012-07-20 22:37 - 00000000 ____D () C:\Program Files (x86)\Java

2014-08-06 12:47 - 2011-05-05 11:38 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information

2014-08-06 12:46 - 2011-12-03 17:55 - 00038194 _____ () C:\Windows\Irremote.ini

2014-08-06 12:46 - 2011-12-03 17:55 - 00000000 ____D () C:\Users\Public\WinTV

2014-08-06 12:43 - 2014-08-06 12:43 - 00003814 _____ () C:\Users\ING\Documents\cc_20140806_124301.reg

2014-08-06 12:38 - 2012-07-29 04:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-08-06 12:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\security

2014-08-06 12:34 - 2014-08-06 12:09 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP1

2014-08-06 12:34 - 2014-08-06 12:09 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP3

2014-08-06 12:34 - 2014-08-06 12:09 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP2

2014-08-06 12:10 - 2014-08-06 12:09 - 00000324 _____ () C:\Users\ING\AppData\Roaming\aps.uninstall.scan.results

2014-08-06 12:08 - 2014-08-06 12:08 - 00591056 _____ (ClickMeIn Limited) C:\Users\ING\AppData\Local\nsx1367.tmp

2014-08-06 10:59 - 2014-08-06 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-06 10:58 - 2014-08-06 10:58 - 00000000 ____D () C:\Users\ING\AppData\Local\Packages

2014-08-06 10:58 - 2014-08-06 10:58 - 00000000 ____D () C:\ProgramData\858d75a5186e3022

2014-08-06 10:57 - 2014-08-06 10:57 - 00000464 __RSH () C:\ProgramData\ntuser.pol

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Torch

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Comodo

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Chromatic Browser

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Torch

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Google

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Comodo

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Chromatic Browser

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser

2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator

2014-08-06 10:57 - 2014-08-06 10:56 - 00000000 ____D () C:\Users\ING\AppData\Roaming\VOPackage

2014-08-06 10:57 - 2011-09-05 19:28 - 00000000 ____D () C:\Users\ING\AppData\Local\Google

2014-08-06 10:57 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-08-06 10:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-08-06 10:56 - 2014-08-06 10:56 - 00000000 ____D () C:\ProgramData\StepAppIt

2014-08-06 10:56 - 2014-08-06 10:55 - 00000000 ____D () C:\ProgramData\InstallMate

2014-08-06 06:59 - 2011-09-06 23:14 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Skype

2014-08-05 20:41 - 2014-08-05 20:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-08-05 16:11 - 2014-08-05 16:11 - 00000000 ____D () C:\kingstonk

2014-08-05 15:50 - 2014-08-05 15:50 - 00000000 ____D () C:\Users\ING\Documents\Garmin

2014-08-05 15:49 - 2014-08-05 15:42 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Garmin

2014-08-05 15:44 - 2014-08-05 15:44 - 00000000 ____D () C:\Users\ING\AppData\Local\Garmin

2014-08-05 15:44 - 2014-08-05 15:41 - 00000000 ____D () C:\ProgramData\Garmin

2014-08-05 15:42 - 2014-08-05 15:42 - 00000000 ____D () C:\Program Files\DIFX

2014-08-05 15:42 - 2014-08-05 15:41 - 00000000 ____D () C:\Program Files (x86)\Garmin

2014-08-05 15:42 - 2014-08-05 15:40 - 00000000 ____D () C:\ProgramData\Package Cache

2014-08-05 15:41 - 2014-08-05 15:41 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask

2014-08-05 15:41 - 2014-08-05 15:41 - 00001895 _____ () C:\Users\Public\Desktop\Garmin Express.lnk

2014-08-05 15:41 - 2014-08-05 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin

2014-08-05 15:37 - 2014-08-05 15:35 - 36347672 _____ (Garmin Ltd or its subsidiaries) C:\Users\ING\Downloads\GarminExpress.exe

2014-08-05 15:06 - 2014-08-05 15:06 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-08-05 15:06 - 2014-08-05 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-08-05 15:06 - 2014-08-05 15:05 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-08-05 15:06 - 2014-08-05 15:05 - 00000000 ____D () C:\Program Files\iTunes

2014-08-05 15:06 - 2014-08-05 15:05 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-08-05 15:05 - 2014-08-05 15:05 - 00000000 ____D () C:\Program Files\iPod

2014-08-04 21:06 - 2011-09-06 23:14 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-08-04 21:06 - 2011-09-06 23:14 - 00000000 ____D () C:\ProgramData\Skype

2014-08-04 13:22 - 2014-08-04 13:22 - 00032218 _____ () C:\Users\ING\Documents\cc_20140804_132229.reg

2014-08-04 13:20 - 2012-07-22 07:44 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-08-04 13:20 - 2012-07-22 07:44 - 00000000 ____D () C:\Program Files\CCleaner

2014-08-03 19:54 - 2012-07-24 21:41 - 00000000 ____D () C:\Users\ING\Documents\gcumcDocs

2014-08-03 19:42 - 2014-08-03 19:42 - 01383387 _____ () C:\Users\ING\Downloads\myyellowstoneitinerary.zip

2014-08-03 16:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache

2014-08-03 15:06 - 2014-08-03 15:06 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebyte.lnk

2014-08-03 15:06 - 2014-08-03 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-03 15:06 - 2014-08-03 15:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-03 15:06 - 2011-09-05 19:49 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Malwarebytes

2014-08-03 15:06 - 2011-09-05 19:49 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-03 15:06 - 2011-09-05 19:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-08-03 15:00 - 2009-07-14 00:45 - 00337840 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-03 14:59 - 2013-03-21 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-08-03 14:59 - 2013-03-21 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-08-03 14:58 - 2014-05-06 14:47 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-08-03 14:58 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal

2014-08-03 14:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism

2014-08-03 14:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism

2014-08-03 14:13 - 2013-08-14 23:23 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-03 14:11 - 2013-03-21 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-08-03 13:52 - 2012-07-21 18:09 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-08-03 13:52 - 2012-07-21 18:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-08-03 13:52 - 2011-11-05 15:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-08-03 12:25 - 2011-09-05 19:28 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000UA

2014-08-03 12:25 - 2011-09-05 19:28 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000Core

2014-08-03 12:24 - 2013-12-13 17:54 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-08-03 12:24 - 2013-12-13 17:54 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-07-25 12:55 - 2014-08-06 12:51 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-07-25 12:49 - 2014-08-06 12:51 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-07-25 12:49 - 2014-08-06 12:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-07-25 12:49 - 2014-08-06 12:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-07 09:34

==================== End Of Log ============================

Link to post
Share on other sites

Marius,

 

The End User Agreement seems

to be blocking my pasting the

logs.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-08-2014
Ran by ING (administrator) on ING-B351 on 15-08-2014 08:36:56
Running from C:\Users\ING\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
() C:\Users\ING\AppData\Roaming\VOPackage\VOsrv.exe
(Sling Media Inc.) C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\ING\Desktop\FRST64(1).exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(                                                            ) C:\Users\ING\AppData\Local\Temp\nsmD7DA.tmp


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-18] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [bigDog305] => C:\Windows\VM305_STI.EXE [61440 2012-08-20] (Vimicro)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-09-05] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3404179652-3976374348-2591870498-1000\...\Run: [Google Update] => C:\Users\ING\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-09-05] (Google Inc.)
HKU\S-1-5-21-3404179652-3976374348-2591870498-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3404179652-3976374348-2591870498-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-12] (SUPERAntiSpyware)
HKU\S-1-5-21-3404179652-3976374348-2591870498-1000\...\MountPoints2: {f218c740-3324-11e3-adb9-8c89a52c3a25} - I:\TL-Bootstrap.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:13945;https=127.0.0.1:13945
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fscj.edu/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {54522C96-46E9-48EA-82B5-9C1E5A230C31} URL =
SearchScopes: HKCU - {54522C96-46E9-48EA-82B5-9C1E5A230C31} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default
FF Homepage: hxxp://users.hal-pc.org/~lang
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\ING\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\ING\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: CostMin - C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\Extensions\0nd-gfgo@flm-bjur.net [2014-08-06]
FF Extension: EPUBReader - C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-12-08]
FF Extension: WebSlingPlayer - C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2012-05-09]
FF Extension: NoScript - C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-09-22]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-08-05]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-08-05]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-08-05]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-08-05]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-05]
FF HKCU\...\Firefox\Extensions: [{BF3CC464-7D6D-3AB7-38B3-069F211EB58B}] - C:\Program Files (x86)\ver3click-n-mark\176.xpi

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-09]
CHR Extension: (Google Drive) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-03]
CHR Extension: (YouTube) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-09]
CHR Extension: (Google Search) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-09]
CHR Extension: (RealDownloader) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2012-12-21]
CHR Extension: (Skype Click to Call) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-09-07]
CHR Extension: (Google Wallet) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Users\ING\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-09]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
R2 HPSLPSVC; C:\Users\ING\AppData\Local\Temp\7zS75FD\hpslpsvc64.dll [1039360 2011-11-14] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 servervo; C:\Users\ING\AppData\Roaming\VOPackage\VOsrv.exe [73728 2014-08-06] () [File not signed]
R2 SlingAgentService; C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [94024 2010-11-03] (Sling Media Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 hcw89; C:\Windows\System32\DRIVERS\hcw89.sys [1605376 2011-07-05] (Hauppauge Computer Works, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [60416 2008-07-22] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-08-12] ()
S3 vvftav; C:\Windows\System32\drivers\vvftav.sys [300800 2012-08-20] (Vimicro Corporation)
S3 ZSMC0305; C:\Windows\System32\Drivers\usbVM305.sys [1541120 2012-08-20] (Vimicro Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-15 07:49 - 2014-08-15 07:49 - 00001093 _____ () C:\Users\ING\Desktop\Continue Live Installation.lnk
2014-08-15 07:23 - 2014-08-15 08:37 - 00019756 _____ () C:\Users\ING\Desktop\FRST.txt
2014-08-15 07:21 - 2014-08-15 07:21 - 02100224 _____ (Farbar) C:\Users\ING\Desktop\FRST64(1).exe
2014-08-14 07:46 - 2014-08-14 07:46 - 588518084 _____ () C:\Windows\MEMORY.DMP
2014-08-14 07:34 - 2014-08-14 07:34 - 00001224 _____ () C:\Users\ING\Documents\ark.txt
2014-08-14 07:26 - 2014-08-14 07:27 - 00380416 _____ () C:\Users\ING\Downloads\jkuos856.exe
2014-08-12 17:15 - 2014-08-12 17:15 - 00031937 _____ () C:\Users\ING\Downloads\Addition.txt
2014-08-12 17:14 - 2014-08-15 08:36 - 00000000 ____D () C:\FRST
2014-08-12 17:14 - 2014-08-12 17:15 - 00055934 _____ () C:\Users\ING\Downloads\FRST.txt
2014-08-12 17:11 - 2014-08-12 17:11 - 02099712 _____ (Farbar) C:\Users\ING\Downloads\FRST64.exe
2014-08-12 15:13 - 2014-08-15 07:20 - 00000000 ____D () C:\Users\ING\AppData\Local\CrashDumps
2014-08-12 14:00 - 2014-08-12 14:00 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-12 14:00 - 2014-08-12 14:00 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-12 13:58 - 2014-08-12 13:59 - 04817496 _____ () C:\Users\ING\Desktop\RogueKiller.exe
2014-08-12 13:02 - 2014-08-12 13:02 - 14349744 _____ (Malwarebytes Corp.) C:\Users\ING\Downloads\mbar-1.07.0.1012.exe
2014-08-09 09:28 - 2014-08-09 12:20 - 00003039 _____ () C:\Users\ING\Documents\hotsauces.txt
2014-08-08 17:03 - 2014-08-15 07:17 - 00001008 _____ () C:\Windows\setupact.log
2014-08-08 17:03 - 2014-08-08 17:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-08 12:17 - 2014-08-08 12:17 - 00001938 _____ () C:\Users\ING\Documents\cc_20140808_121731.reg
2014-08-07 21:49 - 2014-08-07 21:49 - 00000000 ____D () C:\Users\ING\AppData\Roaming\SUPERAntiSpyware.com
2014-08-07 21:48 - 2014-08-15 07:19 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-07 21:48 - 2014-08-07 21:48 - 00001815 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-07 21:48 - 2014-08-07 21:48 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-07 21:48 - 2014-08-07 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-07 21:46 - 2014-08-07 21:46 - 18676504 _____ (SUPERAntiSpyware) C:\Users\ING\Downloads\SUPERAntiSpyware (1).exe
2014-08-07 19:36 - 2014-08-07 19:40 - 112030456 _____ (Microsoft Corporation) C:\Users\ING\Downloads\msert.exe
2014-08-06 12:57 - 2014-08-06 12:57 - 00010754 _____ () C:\Users\ING\Documents\cc_20140806_125705.reg
2014-08-06 12:54 - 2014-08-06 12:54 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Oracle
2014-08-06 12:51 - 2014-08-06 12:51 - 00005647 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-06 12:51 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-06 12:51 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-06 12:51 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-06 12:51 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-06 12:43 - 2014-08-06 12:43 - 00003814 _____ () C:\Users\ING\Documents\cc_20140806_124301.reg
2014-08-06 12:09 - 2014-08-09 12:34 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-08-06 12:09 - 2014-08-07 12:34 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-08-06 12:09 - 2014-08-06 12:54 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-08-06 12:09 - 2014-08-06 12:34 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-08-06 12:09 - 2014-08-06 12:34 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-08-06 12:09 - 2014-08-06 12:34 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-08-06 12:09 - 2014-08-06 12:10 - 00000324 _____ () C:\Users\ING\AppData\Roaming\aps.uninstall.scan.results
2014-08-06 12:08 - 2014-08-06 12:08 - 00591056 _____ (ClickMeIn Limited) C:\Users\ING\AppData\Local\nsx1367.tmp
2014-08-06 11:00 - 2014-08-06 12:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-06 10:59 - 2014-08-06 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-06 10:58 - 2014-08-06 10:58 - 00000000 ____D () C:\Users\ING\AppData\Local\Packages
2014-08-06 10:58 - 2014-08-06 10:58 - 00000000 ____D () C:\ProgramData\858d75a5186e3022
2014-08-06 10:57 - 2014-08-06 10:57 - 00000464 __RSH () C:\ProgramData\ntuser.pol
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Google
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator
2014-08-06 10:56 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Roaming\VOPackage
2014-08-06 10:56 - 2014-08-06 10:56 - 00000000 ____D () C:\ProgramData\StepAppIt
2014-08-06 10:55 - 2014-08-06 10:56 - 00000000 ____D () C:\ProgramData\InstallMate
2014-08-06 10:52 - 2014-08-08 12:04 - 00000000 ____D () C:\Users\ING\AppData\Roaming\device
2014-08-06 10:52 - 2014-08-07 22:09 - 00000000 ____D () C:\Users\ING\AppData\Roaming\serv
2014-08-05 20:41 - 2014-08-05 20:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-05 16:11 - 2014-08-05 16:11 - 00000000 ____D () C:\kingstonk
2014-08-05 15:50 - 2014-08-05 15:50 - 00000000 ____D () C:\Users\ING\Documents\Garmin
2014-08-05 15:44 - 2014-08-05 15:44 - 00000000 ____D () C:\Users\ING\AppData\Local\Garmin
2014-08-05 15:42 - 2014-08-05 15:49 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Garmin
2014-08-05 15:42 - 2014-08-05 15:42 - 00000000 ____D () C:\Program Files\DIFX
2014-08-05 15:41 - 2014-08-05 15:44 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-05 15:41 - 2014-08-05 15:42 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-05 15:41 - 2014-08-05 15:41 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-08-05 15:41 - 2014-08-05 15:41 - 00001895 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-08-05 15:41 - 2014-08-05 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-05 15:40 - 2014-08-05 15:42 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-05 15:35 - 2014-08-05 15:37 - 36347672 _____ (Garmin Ltd or its subsidiaries) C:\Users\ING\Downloads\GarminExpress.exe
2014-08-05 15:06 - 2014-08-05 15:06 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-05 15:06 - 2014-08-05 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-05 15:05 - 2014-08-05 15:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-05 15:05 - 2014-08-05 15:06 - 00000000 ____D () C:\Program Files\iTunes
2014-08-05 15:05 - 2014-08-05 15:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-05 15:05 - 2014-08-05 15:05 - 00000000 ____D () C:\Program Files\iPod
2014-08-04 13:22 - 2014-08-04 13:22 - 00032218 _____ () C:\Users\ING\Documents\cc_20140804_132229.reg
2014-08-04 12:10 - 2014-08-14 15:45 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000
2014-08-03 19:42 - 2014-08-03 19:42 - 01383387 _____ () C:\Users\ING\Downloads\myyellowstoneitinerary.zip
2014-08-03 15:06 - 2014-08-15 08:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 15:06 - 2014-08-03 15:06 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebyte.lnk
2014-08-03 15:06 - 2014-08-03 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-03 15:06 - 2014-08-03 15:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-03 15:06 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-03 15:06 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-03 14:08 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-03 14:08 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-03 14:08 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-03 14:08 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-03 14:08 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-03 14:08 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-03 14:08 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-03 14:08 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-03 14:08 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-03 14:08 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-03 14:08 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-03 14:08 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-03 14:08 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-03 14:08 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-03 14:08 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-03 14:08 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-03 14:08 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-03 14:08 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-03 14:08 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-03 14:08 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-03 14:08 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-03 14:08 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-03 14:08 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-03 14:08 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-03 14:08 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-03 14:08 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-03 14:08 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-03 14:08 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-03 14:08 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-03 14:08 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-03 14:08 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-03 14:08 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-03 14:08 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-03 14:08 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-03 14:08 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-03 14:08 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-03 14:08 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-03 14:08 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-03 14:08 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-03 14:08 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-03 14:08 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-03 14:08 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-03 14:08 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-03 14:08 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-03 14:08 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-03 14:08 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-03 14:08 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-03 14:08 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-03 14:08 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-03 14:08 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-03 14:08 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-03 14:08 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-03 14:08 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-03 14:08 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-03 14:08 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-03 14:08 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-03 14:07 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-03 14:07 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-03 14:07 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-08-03 14:07 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-08-03 14:07 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-03 14:07 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-08-03 14:07 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-08-03 14:07 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-08-03 14:07 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-08-03 14:07 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-08-03 14:07 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-08-03 14:07 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-08-03 14:07 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-08-03 14:07 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-08-03 14:07 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-08-03 14:07 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-08-03 14:07 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-08-03 14:07 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-08-03 14:07 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-08-03 14:07 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-08-03 14:07 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-08-03 14:07 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-08-03 14:07 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-08-03 14:07 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-08-03 14:07 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-08-03 14:07 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-08-03 14:07 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-08-03 14:07 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-03 14:07 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-03 14:07 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-08-03 14:07 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-08-03 14:07 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-08-03 14:07 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-08-03 14:07 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-08-03 14:07 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-08-03 14:07 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-08-03 14:07 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-15 08:37 - 2014-08-15 07:23 - 00019756 _____ () C:\Users\ING\Desktop\FRST.txt
2014-08-15 08:36 - 2014-08-12 17:14 - 00000000 ____D () C:\FRST
2014-08-15 08:30 - 2011-09-05 19:28 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000UA.job
2014-08-15 08:29 - 2013-12-13 17:54 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-15 08:22 - 2011-09-05 21:18 - 01547637 _____ () C:\Windows\WindowsUpdate.log
2014-08-15 08:13 - 2014-08-03 15:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-15 07:52 - 2012-07-21 18:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-15 07:49 - 2014-08-15 07:49 - 00001093 _____ () C:\Users\ING\Desktop\Continue Live Installation.lnk
2014-08-15 07:25 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-15 07:25 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-15 07:21 - 2014-08-15 07:21 - 02100224 _____ (Farbar) C:\Users\ING\Desktop\FRST64(1).exe
2014-08-15 07:20 - 2014-08-12 15:13 - 00000000 ____D () C:\Users\ING\AppData\Local\CrashDumps
2014-08-15 07:20 - 2013-03-21 00:29 - 00003220 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3404179652-3976374348-2591870498-1000
2014-08-15 07:20 - 2013-01-03 14:09 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000
2014-08-15 07:19 - 2014-08-07 21:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-15 07:19 - 2013-12-13 17:54 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-15 07:17 - 2014-08-08 17:03 - 00001008 _____ () C:\Windows\setupact.log
2014-08-15 07:17 - 2011-10-19 03:02 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-08-15 07:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-14 15:49 - 2011-09-05 19:29 - 00002366 _____ () C:\Users\ING\Desktop\Google Chrome.lnk
2014-08-14 15:45 - 2014-08-04 12:10 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000
2014-08-14 15:45 - 2014-05-09 18:00 - 00003198 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3404179652-3976374348-2591870498-1000
2014-08-14 12:30 - 2011-09-05 19:28 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000Core.job
2014-08-14 07:46 - 2014-08-14 07:46 - 588518084 _____ () C:\Windows\MEMORY.DMP
2014-08-14 07:34 - 2014-08-14 07:34 - 00001224 _____ () C:\Users\ING\Documents\ark.txt
2014-08-14 07:27 - 2014-08-14 07:26 - 00380416 _____ () C:\Users\ING\Downloads\jkuos856.exe
2014-08-12 17:15 - 2014-08-12 17:15 - 00031937 _____ () C:\Users\ING\Downloads\Addition.txt
2014-08-12 17:15 - 2014-08-12 17:14 - 00055934 _____ () C:\Users\ING\Downloads\FRST.txt
2014-08-12 17:11 - 2014-08-12 17:11 - 02099712 _____ (Farbar) C:\Users\ING\Downloads\FRST64.exe
2014-08-12 14:00 - 2014-08-12 14:00 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-12 14:00 - 2014-08-12 14:00 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-12 13:59 - 2014-08-12 13:58 - 04817496 _____ () C:\Users\ING\Desktop\RogueKiller.exe
2014-08-12 13:02 - 2014-08-12 13:02 - 14349744 _____ (Malwarebytes Corp.) C:\Users\ING\Downloads\mbar-1.07.0.1012.exe
2014-08-12 12:57 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-11 12:06 - 2012-07-24 21:38 - 00000000 ____D () C:\Users\ING\Documents\accts
2014-08-09 12:34 - 2014-08-06 12:09 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-08-09 12:20 - 2014-08-09 09:28 - 00003039 _____ () C:\Users\ING\Documents\hotsauces.txt
2014-08-08 17:03 - 2014-08-08 17:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-08 12:17 - 2014-08-08 12:17 - 00001938 _____ () C:\Users\ING\Documents\cc_20140808_121731.reg
2014-08-08 12:11 - 2013-04-08 08:52 - 00000000 ____D () C:\Users\ING\AppData\Roaming\BitTorrent
2014-08-08 12:04 - 2014-08-06 10:52 - 00000000 ____D () C:\Users\ING\AppData\Roaming\device
2014-08-08 10:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-07 22:09 - 2014-08-06 10:52 - 00000000 ____D () C:\Users\ING\AppData\Roaming\serv
2014-08-07 21:49 - 2014-08-07 21:49 - 00000000 ____D () C:\Users\ING\AppData\Roaming\SUPERAntiSpyware.com
2014-08-07 21:48 - 2014-08-07 21:48 - 00001815 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-07 21:48 - 2014-08-07 21:48 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-07 21:48 - 2014-08-07 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-07 21:46 - 2014-08-07 21:46 - 18676504 _____ (SUPERAntiSpyware) C:\Users\ING\Downloads\SUPERAntiSpyware (1).exe
2014-08-07 19:40 - 2014-08-07 19:36 - 112030456 _____ (Microsoft Corporation) C:\Users\ING\Downloads\msert.exe
2014-08-07 12:34 - 2014-08-06 12:09 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-08-06 12:57 - 2014-08-06 12:57 - 00010754 _____ () C:\Users\ING\Documents\cc_20140806_125705.reg
2014-08-06 12:54 - 2014-08-06 12:54 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Oracle
2014-08-06 12:54 - 2014-08-06 12:09 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-08-06 12:52 - 2014-08-06 11:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-06 12:51 - 2014-08-06 12:51 - 00005647 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-06 12:51 - 2012-07-20 22:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-06 12:47 - 2011-05-05 11:38 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-08-06 12:46 - 2011-12-03 17:55 - 00038194 _____ () C:\Windows\Irremote.ini
2014-08-06 12:46 - 2011-12-03 17:55 - 00000000 ____D () C:\Users\Public\WinTV
2014-08-06 12:43 - 2014-08-06 12:43 - 00003814 _____ () C:\Users\ING\Documents\cc_20140806_124301.reg
2014-08-06 12:38 - 2012-07-29 04:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-06 12:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\security
2014-08-06 12:34 - 2014-08-06 12:09 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-08-06 12:34 - 2014-08-06 12:09 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-08-06 12:34 - 2014-08-06 12:09 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-08-06 12:10 - 2014-08-06 12:09 - 00000324 _____ () C:\Users\ING\AppData\Roaming\aps.uninstall.scan.results
2014-08-06 12:08 - 2014-08-06 12:08 - 00591056 _____ (ClickMeIn Limited) C:\Users\ING\AppData\Local\nsx1367.tmp
2014-08-06 10:59 - 2014-08-06 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-06 10:58 - 2014-08-06 10:58 - 00000000 ____D () C:\Users\ING\AppData\Local\Packages
2014-08-06 10:58 - 2014-08-06 10:58 - 00000000 ____D () C:\ProgramData\858d75a5186e3022
2014-08-06 10:57 - 2014-08-06 10:57 - 00000464 __RSH () C:\ProgramData\ntuser.pol
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Google
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator
2014-08-06 10:57 - 2014-08-06 10:56 - 00000000 ____D () C:\Users\ING\AppData\Roaming\VOPackage
2014-08-06 10:57 - 2011-09-05 19:28 - 00000000 ____D () C:\Users\ING\AppData\Local\Google
2014-08-06 10:57 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-06 10:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-06 10:56 - 2014-08-06 10:56 - 00000000 ____D () C:\ProgramData\StepAppIt
2014-08-06 10:56 - 2014-08-06 10:55 - 00000000 ____D () C:\ProgramData\InstallMate
2014-08-06 06:59 - 2011-09-06 23:14 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Skype
2014-08-05 20:41 - 2014-08-05 20:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-05 16:11 - 2014-08-05 16:11 - 00000000 ____D () C:\kingstonk
2014-08-05 15:50 - 2014-08-05 15:50 - 00000000 ____D () C:\Users\ING\Documents\Garmin
2014-08-05 15:49 - 2014-08-05 15:42 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Garmin
2014-08-05 15:44 - 2014-08-05 15:44 - 00000000 ____D () C:\Users\ING\AppData\Local\Garmin
2014-08-05 15:44 - 2014-08-05 15:41 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-05 15:42 - 2014-08-05 15:42 - 00000000 ____D () C:\Program Files\DIFX
2014-08-05 15:42 - 2014-08-05 15:41 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-05 15:42 - 2014-08-05 15:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-05 15:41 - 2014-08-05 15:41 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-08-05 15:41 - 2014-08-05 15:41 - 00001895 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-08-05 15:41 - 2014-08-05 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-05 15:37 - 2014-08-05 15:35 - 36347672 _____ (Garmin Ltd or its subsidiaries) C:\Users\ING\Downloads\GarminExpress.exe
2014-08-05 15:06 - 2014-08-05 15:06 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-05 15:06 - 2014-08-05 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-05 15:06 - 2014-08-05 15:05 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-05 15:06 - 2014-08-05 15:05 - 00000000 ____D () C:\Program Files\iTunes
2014-08-05 15:06 - 2014-08-05 15:05 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-05 15:05 - 2014-08-05 15:05 - 00000000 ____D () C:\Program Files\iPod
2014-08-04 21:06 - 2011-09-06 23:14 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-04 21:06 - 2011-09-06 23:14 - 00000000 ____D () C:\ProgramData\Skype
2014-08-04 13:22 - 2014-08-04 13:22 - 00032218 _____ () C:\Users\ING\Documents\cc_20140804_132229.reg
2014-08-04 13:20 - 2012-07-22 07:44 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-04 13:20 - 2012-07-22 07:44 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-03 19:54 - 2012-07-24 21:41 - 00000000 ____D () C:\Users\ING\Documents\gcumcDocs
2014-08-03 19:42 - 2014-08-03 19:42 - 01383387 _____ () C:\Users\ING\Downloads\myyellowstoneitinerary.zip
2014-08-03 16:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-03 15:06 - 2014-08-03 15:06 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebyte.lnk
2014-08-03 15:06 - 2014-08-03 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-03 15:06 - 2014-08-03 15:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-03 15:06 - 2011-09-05 19:49 - 00000000 ____D () C:\Users\ING\AppData\Roaming\Malwarebytes
2014-08-03 15:06 - 2011-09-05 19:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-03 15:06 - 2011-09-05 19:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-03 15:00 - 2009-07-14 00:45 - 00337840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-03 14:59 - 2013-03-21 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-03 14:59 - 2013-03-21 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-03 14:58 - 2014-05-06 14:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-03 14:58 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-03 14:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-03 14:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-08-03 14:13 - 2013-08-14 23:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-03 14:11 - 2013-03-21 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-03 13:52 - 2012-07-21 18:09 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-03 13:52 - 2012-07-21 18:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-03 13:52 - 2011-11-05 15:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-03 12:25 - 2011-09-05 19:28 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000UA
2014-08-03 12:25 - 2011-09-05 19:28 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000Core
2014-08-03 12:24 - 2013-12-13 17:54 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-03 12:24 - 2013-12-13 17:54 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-25 12:55 - 2014-08-06 12:51 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-25 12:49 - 2014-08-06 12:51 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-25 12:49 - 2014-08-06 12:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-25 12:49 - 2014-08-06 12:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 09:34

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2014
Ran by ING at 2014-08-15 08:37:42
Running from C:\Users\ING\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‎Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.00 - Canon Inc.)
Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG3200 series User Registration (HKLM-x32\...\Canon MG3200 series User Registration) (Version:  - Canon Inc.‎)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digital Cable Advisor (HKLM\...\{07ECF9FC-BB47-4325-8345-7BFEC708DDD7}) (Version: 1.0.0.0 - Microsoft Corporation)
Elevated Installer (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Garmin Express (HKLM-x32\...\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - Christian Kindahl)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2345 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LibreOffice 4.1 Help Pack (English (United States)) (HKLM-x32\...\{8A9813D3-562E-49A8-A67F-8FF6616CC699}) (Version: 4.1.5.3 - The Document Foundation)
LibreOffice 4.1.5.3 (HKLM-x32\...\{E77773E5-944A-453F-97F3-46767AE0A253}) (Version: 4.1.5.3 - The Document Foundation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.50.862.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.50.859.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.50.861.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6334 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13348 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SlingPlayer (HKLM-x32\...\InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}) (Version: 2.0.4522 - Sling Media)
SlingPlayer (x32 Version: 2.0.4522 - Sling Media) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1128 - SUPERAntiSpyware.com)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2309 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0474 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0186 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
USB PC Camera VC305 (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0305}) (Version: 1.45.060824 - Vimicro Corporation)
VLC media player 1.1.9 (HKLM-x32\...\VLC media player) (Version: 1.1.9 - VideoLAN)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3404179652-3976374348-2591870498-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\ING\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3404179652-3976374348-2591870498-1000_Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 -> C:\Windows\system32\webcheck.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3404179652-3976374348-2591870498-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ING\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

01-08-2014 21:12:24 Scheduled Checkpoint
03-08-2014 18:08:56 Windows Update
05-08-2014 19:40:28 Garmin Express
05-08-2014 19:41:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
06-08-2014 14:59:12 Installed Java 7 Update 45
06-08-2014 16:50:37 Installed Java 7 Update 67
07-08-2014 12:24:46 Windows Update
11-08-2014 16:02:18 Windows Update
15-08-2014 11:32:52 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2DCD1A16-DAAD-4E51-86E4-9F88807E571B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {31D25B00-0DCA-4E52-8844-B862C29CC04A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000UA => C:\Users\ING\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-05] (Google Inc.)
Task: {365E8FD4-8542-4B03-A41A-9387F4421057} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3404179652-3976374348-2591870498-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {47C2658C-6B56-4EA9-9E11-E537A7B96A95} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-23] ()
Task: {4DB5900A-DBE1-4257-8D24-66BCD657D703} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-03] (Adobe Systems Incorporated)
Task: {59127C13-25A0-4C16-B23E-6794FB448474} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {674793A1-25E4-4E2E-A337-C89CD122B4C1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {6AACC4C3-6477-4C5B-A4EF-3C73CE8A1C6A} - System32\Tasks\{72613726-4937-4B5B-8451-608BB51E0CBC} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {72E14497-9524-48B0-879E-6BC2C4F310C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-13] (Google Inc.)
Task: {7354FC8F-BB36-4F8B-8057-19AF2CB29B30} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {751895AF-ABF9-4CC0-BCCF-18E2EC1B91BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-13] (Google Inc.)
Task: {8F70D501-A758-4F14-BDAF-A708E7B5AA96} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {99BE10D9-EC3A-4191-A884-43E7AFD8C2A2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3404179652-3976374348-2591870498-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D06EBEF7-629D-4D87-A24F-6025FC75CE90} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3404179652-3976374348-2591870498-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D570F5DE-C89A-4620-90A1-9A856AECE04C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {DA3FB8FE-D487-4435-89CA-F515323FD6D2} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {DB555FB1-5EC3-4689-A7FE-0D2ADA46B099} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3404179652-3976374348-2591870498-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E6726401-1AA0-42B5-BF05-35C2B50AE1B6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000Core => C:\Users\ING\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-05] (Google Inc.)
Task: {E908A772-E8FB-4989-A658-698EAD1B154E} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {EC010500-E16B-4EF1-AA68-8F6DE6ACC2F1} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000Core.job => C:\Users\ING\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3404179652-3976374348-2591870498-1000UA.job => C:\Users\ING\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-08-06 10:57 - 2014-08-06 10:57 - 00073728 _____ () C:\Users\ING\AppData\Roaming\VOPackage\VOsrv.exe
2011-05-05 10:55 - 2011-03-26 15:29 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-08-05 20:41 - 2014-08-05 20:41 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-05-22 16:11 - 2013-05-22 16:11 - 00031744 ____N () C:\Users\ING\AppData\Local\Temp\is45637729\1895091_stp\HardwareInfoLib.dll
2014-02-25 10:55 - 2014-02-25 10:55 - 00151040 ____N () C:\Users\ING\AppData\Local\Temp\is45637729\1895244_stp\RAM.dll
2014-05-07 15:46 - 2014-05-07 15:46 - 00204288 ____N () C:\Users\ING\AppData\Local\Temp\is45637729\1895153_stp\icc.dll
2014-04-08 15:37 - 2014-04-08 15:37 - 00643948 ____N () C:\Users\ING\AppData\Local\Temp\is45637729\1895153_stp\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\ING\Downloads\noname (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\ING\Downloads\noname.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/15/2014 08:36:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PhotoScreensaver.scr version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 550

Start Time: 01cfb880538d078a

Termination Time: 0

Application Path: C:\Windows\system32\PhotoScreensaver.scr

Report Id: c743ff11-2478-11e4-a090-8c89a52c3a25

Error: (08/15/2014 08:14:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/15/2014 07:19:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VM305_STI.EXE, version: 4.3.625.61, time stamp: 0x42f311f6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0061ffc8
Faulting process id: 0x3d8
Faulting application start time: 0xVM305_STI.EXE0
Faulting application path: VM305_STI.EXE1
Faulting module path: VM305_STI.EXE2
Report Id: VM305_STI.EXE3

Error: (08/15/2014 07:19:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2014 03:47:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2014 03:45:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VM305_STI.EXE, version: 4.3.625.61, time stamp: 0x42f311f6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00620038
Faulting process id: 0xfb0
Faulting application start time: 0xVM305_STI.EXE0
Faulting application path: VM305_STI.EXE1
Faulting module path: VM305_STI.EXE2
Report Id: VM305_STI.EXE3

Error: (08/14/2014 11:56:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2014 11:55:26 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Vimicro because of this error.

Program: Vimicro
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (08/14/2014 11:55:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VM305_STI.EXE, version: 4.3.625.61, time stamp: 0x42f311f6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000096
Fault offset: 0x00620038
Faulting process id: 0xa90
Faulting application start time: 0xVM305_STI.EXE0
Faulting application path: VM305_STI.EXE1
Faulting module path: VM305_STI.EXE2
Report Id: VM305_STI.EXE3

Error: (08/14/2014 07:15:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/15/2014 07:20:01 AM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (08/15/2014 07:20:01 AM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/

Error: (08/15/2014 07:20:01 AM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (08/15/2014 07:20:01 AM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/

Error: (08/14/2014 03:46:10 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (08/14/2014 03:46:10 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/

Error: (08/14/2014 03:46:10 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (08/14/2014 03:46:10 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/

Error: (08/14/2014 11:55:32 AM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (08/14/2014 11:55:32 AM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/2811996591/


Microsoft Office Sessions:
=========================
Error: (08/15/2014 08:36:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: PhotoScreensaver.scr6.1.7601.1751455001cfb880538d078a0C:\Windows\system32\PhotoScreensaver.scrc743ff11-2478-11e4-a090-8c89a52c3a25

Error: (08/15/2014 08:14:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (08/15/2014 07:19:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: VM305_STI.EXE4.3.625.6142f311f6unknown0.0.0.000000000c00000050061ffc83d801cfb87ad1a96544C:\Windows\VM305_STI.EXEunknown1231cfdb-246e-11e4-a090-8c89a52c3a25

Error: (08/15/2014 07:19:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2014 03:47:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2014 03:45:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VM305_STI.EXE4.3.625.6142f311f6unknown0.0.0.000000000c000000500620038fb001cfb7f85bc7b525C:\Windows\VM305_STI.EXEunknown9d08b1ce-23eb-11e4-bb14-8c89a52c3a25

Error: (08/14/2014 11:56:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2014 11:55:26 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Vimicro000000000

Error: (08/14/2014 11:55:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: VM305_STI.EXE4.3.625.6142f311f6unknown0.0.0.000000000c000009600620038a9001cfb7d81965ed25C:\Windows\VM305_STI.EXEunknown67d270ad-23cb-11e4-a171-8c89a52c3a25

Error: (08/14/2014 07:15:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 31%
Total physical RAM: 8103.95 MB
Available physical RAM: 5511.34 MB
Total Pagefile: 16206.07 MB
Available Pagefile: 13604.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:833.66 GB) (Free:390.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: EB128DA8)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=834 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=05)

==================== End Of Log ============================

Link to post
Share on other sites

Going over your logs I noticed that you have BitTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

fixlist.txt

Link to post
Share on other sites

Could not find BitTorrent in Add/Remove Programs to uninstall.

 

Could not see nor download fixlist.txt. Had to download fixlist.txt on another computer and transferred to this desktop to run.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-08-2014
Ran by ING at 2014-08-15 10:30:49 Run:1
Running from C:\Users\ING\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {E908A772-E8FB-4989-A658-698EAD1B154E} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {EC010500-E16B-4EF1-AA68-8F6DE6ACC2F1} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {7354FC8F-BB36-4F8B-8057-19AF2CB29B30} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF HKCU\...\Firefox\Extensions: [{BF3CC464-7D6D-3AB7-38B3-069F211EB58B}] - C:\Program Files (x86)\ver3click-n-mark\176.xpi
FF Extension: WebSlingPlayer - C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2012-05-09]
FF Extension: CostMin - C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\Extensions\0nd-gfgo@flm-bjur.net [2014-08-06]
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {54522C96-46E9-48EA-82B5-9C1E5A230C31} URL =
SearchScopes: HKCU - {54522C96-46E9-48EA-82B5-9C1E5A230C31} URL =
ProxyServer: http=127.0.0.1:13945;https=127.0.0.1:13945

R2 servervo; C:\Users\ING\AppData\Roaming\VOPackage\VOsrv.exe [73728 2014-08-06] () [File not signed]
R2 SlingAgentService; C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [94024 2010-11-03] (Sling Media Inc.)

C:\Program Files (x86)\ver3click-n-mark
C:\Program Files (x86)\Sling Media
C:\Users\ING\AppData\Roaming\VOPackage
C:\Program Files (x86)\AnyProtectEx
2014-08-06 12:34 - 2014-08-06 12:09 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-08-06 12:34 - 2014-08-06 12:09 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-08-06 12:34 - 2014-08-06 12:09 - 00002822 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-08-06 12:08 - 2014-08-06 12:08 - 00591056 _____ (ClickMeIn Limited) C:\Users\ING\AppData\Local\nsx1367.tmp
2014-08-06 10:59 - 2014-08-06 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-06 10:58 - 2014-08-06 10:58 - 00000000 ____D () C:\Users\ING\AppData\Local\Packages
2014-08-06 10:58 - 2014-08-06 10:58 - 00000000 ____D () C:\ProgramData\858d75a5186e3022
2014-08-06 10:57 - 2014-08-06 10:57 - 00000464 __RSH () C:\ProgramData\ntuser.pol
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\ING\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Google
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Choo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-08-06 10:57 - 2014-08-06 10:57 - 00000000 ____D () C:\Users\Administrator
2014-08-06 10:57 - 2014-08-06 10:56 - 00000000 ____D () C:\Users\ING\AppData\Roaming\VOPackage
2014-08-06 10:57 - 2011-09-05 19:28 - 00000000 ____D () C:\Users\ING\AppData\Local\Google
2014-08-06 10:57 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-06 10:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-06 10:56 - 2014-08-06 10:56 - 00000000 ____D () C:\ProgramData\StepAppIt
2014-08-06 10:56 - 2014-08-06 10:55 - 00000000 ____D () C:\ProgramData\InstallMate
*****************

C:\Windows\Tasks\APSnotifierPP1.job => Moved successfully.
C:\Windows\Tasks\APSnotifierPP2.job => Moved successfully.
C:\Windows\Tasks\APSnotifierPP3.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E908A772-E8FB-4989-A658-698EAD1B154E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E908A772-E8FB-4989-A658-698EAD1B154E}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC010500-E16B-4EF1-AA68-8F6DE6ACC2F1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC010500-E16B-4EF1-AA68-8F6DE6ACC2F1}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7354FC8F-BB36-4F8B-8057-19AF2CB29B30}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7354FC8F-BB36-4F8B-8057-19AF2CB29B30}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\{BF3CC464-7D6D-3AB7-38B3-069F211EB58B} => value deleted successfully.
C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} => Moved successfully.
C:\Users\ING\AppData\Roaming\Mozilla\Firefox\Profiles\gv5dpixu.default\Extensions\0nd-gfgo@flm-bjur.net => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{54522C96-46E9-48EA-82B5-9C1E5A230C31}" => Key deleted successfully.
"HKCR\CLSID\{54522C96-46E9-48EA-82B5-9C1E5A230C31}" => Key not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
servervo => Service stopped successfully.
servervo => Service deleted successfully.
SlingAgentService => Service stopped successfully.
SlingAgentService => Service deleted successfully.
"C:\Program Files (x86)\ver3click-n-mark" => File/Directory not found.
C:\Program Files (x86)\Sling Media => Moved successfully.
C:\Users\ING\AppData\Roaming\VOPackage => Moved successfully.
"C:\Program Files (x86)\AnyProtectEx" => File/Directory not found.
"C:\Windows\System32\Tasks\APSnotifierPP1" => File/Directory not found.
"C:\Windows\System32\Tasks\APSnotifierPP3" => File/Directory not found.
"C:\Windows\System32\Tasks\APSnotifierPP2" => File/Directory not found.
C:\Users\ING\AppData\Local\nsx1367.tmp => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java => Moved successfully.
C:\Users\ING\AppData\Local\Packages => Moved successfully.
C:\ProgramData\858d75a5186e3022 => Moved successfully.
C:\ProgramData\ntuser.pol => Moved successfully.
C:\Users\ING\AppData\Local\Torch => Moved successfully.
C:\Users\ING\AppData\Local\Comodo => Moved successfully.
C:\Users\ING\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Torch => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Google => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Comodo => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\HomeGroupUser$ => Moved successfully.
C:\Users\Guest\AppData\Local\Torch => Moved successfully.
C:\Users\Guest\AppData\Local\Google => Moved successfully.
C:\Users\Guest\AppData\Local\Comodo => Moved successfully.
C:\Users\Guest\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\Choo\AppData\Local\Torch => Moved successfully.
C:\Users\Choo\AppData\Local\Google => Moved successfully.
C:\Users\Choo\AppData\Local\Comodo => Moved successfully.
C:\Users\Choo\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\Choo => Moved successfully.
C:\Users\Administrator\AppData\Local\Torch => Moved successfully.
C:\Users\Administrator\AppData\Local\Google => Moved successfully.
C:\Users\Administrator\AppData\Local\Comodo => Moved successfully.
C:\Users\Administrator\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\Administrator => Moved successfully.
"C:\Users\ING\AppData\Roaming\VOPackage" => File/Directory not found.
C:\Users\ING\AppData\Local\Google => Moved successfully.
C:\Windows\system32\GroupPolicy => Moved successfully.
C:\Windows\SysWOW64\GroupPolicy => Moved successfully.
C:\ProgramData\StepAppIt => Moved successfully.
C:\ProgramData\InstallMate => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Marius,

 

Malwarebytes did not find any threats.

 

Instead of Restart, I Shutdown the computer and Microsoft proceeded to do 13 Windows7 updates. Launched Malwarebytes again and the History Log does not show any entry for today. The most recent entry was for 6 August, 2014.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.