PUP.Optional.FrostwireTB.A

[mof]

Hello,

 

I updated free MBytes and did a scan and its detecting two of these in my registry ;

 

PUP.Optional.FrostwireTB.A

 

I since read that this can be caused by ask.com and i did a search in my start menu and its showing ask.com in my - old Firefox data, which i deleted to recycle bin , but a scan is still showing those 2 items in my registry. I have no signs of Frostwire in control panel. I cant seem to get a log file to look at on this new MBytes. I've got a little Acer Aspire One so maybe i cant see the buttons to access the scan logs?

 

I havent been able to find out if this is a dangerous threat from past threads on here, so is it just a mild one?

 

Hoping someone can help.

 

Thanks

[mof]

As yet i have not quarantined them.

[Naathim]

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat

Before we start please note the following:

• Analysis and research take some time, also sometimes real life gets in the way, please be patient.
• Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
• Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
• Paste the logs in your posts, attachments make my work harder and more complicated.
• Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
• Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight!

Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Scan with Malwarebytes' Anti-Malware

Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.

• First of all select update.
• Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
• Click the Scan tab, choose Threat Scan is checked and click Scan Now.
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click the Scan Log.
• At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.

• Right-click on icon and select Run as Administrator to start the tool.

  > XP users click run after receipt of Windows Security Warning - Open File.

  > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

• When the tool opens click Yes to disclaimer.
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

[mof]

OK, i've done another scan, but i'm abit of a dummy with this stuff so can someone tell me how i can reduce the Scanning Log History window so i can click the export button on my small screen?  I've tried using Alt - keys but no joy.

 

Also i saved the log via another route but i'm getting the - Windows can't open this file, File Mbytes lnk....windows needs to know what....

 

Thanks

[Naathim]

OK, please skip Malwarebytes for now. Post me FRST & Addition logfiles.

[mof]

OK, thanks alot.

 

Here's the FRST text ;

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-08-2014 03
Ran by Windows7 (administrator) on WINDOWS7-PC0451 on 25-08-2014 14:52:30
Running from C:\Users\Windows7\Downloads
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions Inc.) C:\Program Files\Common Files\Comodo\launcher_service.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Comodo\Dragon\dragon_updater.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1225944 2014-03-26] (COMODO)
HKLM\...\Run: [tvncontrol] => "C:\Program Files\Common Files\Comodo\tvnserver.exe" -controlservice -slave
HKLM\...\Run: [GfxServiceInstall] => C:\Windows\system32\GfxCUIServiceInstall.vbs [131 2011-12-13] ()
HKU\S-1-5-21-1019755614-1115449502-2846687370-1000\...\Run: [Google Update] => C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-26] (Google Inc.)
HKU\S-1-5-21-1019755614-1115449502-2846687370-1000\...\MountPoints2: {254a8ba5-6d27-11e1-88a1-806e6f6e6963} - E:\DistinguishOS.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.msn.iplay.com/?o=shp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3ACF29619115CD01
SearchScopes: HKCU - DefaultScope {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
SearchScopes: HKCU - {B95F384F-95AF-421B-888C-62E2C1578DC7} URL = http://websearch.ask.com/redirect?client=ie&tb=AVR-IDW&o=APN10023&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=LL&apn_dtid=YYYYYYYYKH&apn_uid=a36a044b-1ae2-4364-b286-ab81904ce6bd&apn_sauid=949B7BBE-E3EF-469C-A00B-CB8ABC32C729
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 172.16.251.77
Tcpip\..\Interfaces\{069CFF82-4582-4A00-8B4B-8B1A96EEC289}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{20E49E18-726A-45BB-ADC3-0B0F9817C16A}: [NameServer] 156.154.70.22,156.154.71.22

FireFox:
========
FF ProfilePath: C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\myvh82o2.default-1354460765415
FF Homepage: https://encrypted.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: PrivDog - C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\myvh82o2.default-1354460765415\Extensions\PrivDog@AdTrustMedia.com [2014-06-20]

Chrome:
=======
CHR HomePage: https://encrypted.google.com/
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (Google Wallet) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-29]
CHR StartMenuInternet: Google Chrome - C:\Users\Windows7\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 CLPSLauncher; C:\Program Files\Common Files\Comodo\launcher_service.exe [70352 2012-11-01] (Comodo Security Solutions Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-17] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-26] (COMODO)
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-03-14] (Macrovision Europe Ltd.) [File not signed]
S4 GeekBuddyRSP; C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe [1467088 2012-10-31] (Comodo Security Solutions, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BTOWSFF; C:\Windows\system32\Drivers\BTOWSFF.sys [26432 2012-12-18] (Toolwiz.com)
R0 BTOWSVF; C:\Windows\System32\Drivers\BTOWSVF.sys [49856 2012-12-18] (Toolwiz.com)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2012-12-04] (Windows ® Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2014-04-17] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [607168 2014-04-17] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2014-04-17] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [92656 2014-04-17] (COMODO)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [254056 2011-05-30] (Realtek Semiconductor Corp.)
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 14:52 - 2014-08-25 14:53 - 00009852 _____ () C:\Users\Windows7\Downloads\FRST.txt
2014-08-25 14:50 - 2014-08-25 14:52 - 00000000 ____D () C:\FRST
2014-08-25 14:48 - 2014-08-25 14:48 - 01095168 _____ (Farbar) C:\Users\Windows7\Downloads\FRST.exe
2014-08-25 12:10 - 2014-05-14 23:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-25 12:10 - 2014-05-14 23:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-25 12:10 - 2014-05-14 23:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-25 12:10 - 2014-05-14 23:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-25 12:09 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-25 12:09 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-24 15:32 - 2014-08-25 13:12 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 15:32 - 2014-08-24 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-24 15:31 - 2014-08-24 15:32 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-24 15:31 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-24 15:31 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-14 20:05 - 2014-07-01 05:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 20:05 - 2014-03-10 04:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 20:04 - 2014-06-06 13:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 20:04 - 2014-03-10 04:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 20:20 - 2014-07-14 08:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 20:20 - 2014-06-16 08:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 20:20 - 2014-06-16 08:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-13 20:20 - 2014-06-16 08:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-13 20:19 - 2014-08-01 06:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 20:19 - 2014-07-25 20:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 20:19 - 2014-07-25 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 20:19 - 2014-07-25 20:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 20:19 - 2014-07-25 19:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 20:19 - 2014-07-25 19:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 20:19 - 2014-07-25 19:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 20:19 - 2014-07-25 19:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 20:19 - 2014-07-25 19:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 20:19 - 2014-07-25 19:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 20:19 - 2014-07-25 19:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 20:19 - 2014-07-25 19:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 20:19 - 2014-07-25 19:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 20:19 - 2014-07-25 19:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 20:19 - 2014-07-25 19:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 20:19 - 2014-07-25 19:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 20:19 - 2014-07-25 18:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 20:19 - 2014-07-25 18:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 20:19 - 2014-07-25 18:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 20:19 - 2014-07-25 18:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 20:19 - 2014-07-25 18:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 20:19 - 2014-07-25 18:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 20:19 - 2014-07-25 18:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 20:19 - 2014-07-25 18:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 20:19 - 2014-07-25 18:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 20:19 - 2014-07-25 18:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 20:19 - 2014-07-25 18:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 20:19 - 2014-07-25 17:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 20:19 - 2014-07-25 17:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 20:19 - 2014-07-25 17:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 20:16 - 2014-07-16 09:47 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 20:16 - 2014-07-16 09:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 20:16 - 2014-07-16 08:47 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 20:16 - 2014-06-03 16:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 20:16 - 2014-06-03 16:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 20:16 - 2014-06-03 16:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 20:16 - 2014-06-03 16:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 20:14 - 2014-07-09 08:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 20:14 - 2014-07-09 08:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 20:14 - 2014-07-09 08:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 20:14 - 2014-07-09 08:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 20:14 - 2014-07-09 08:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 20:14 - 2014-07-09 05:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 20:14 - 2014-06-25 08:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 14:53 - 2014-08-25 14:52 - 00009852 _____ () C:\Users\Windows7\Downloads\FRST.txt
2014-08-25 14:52 - 2014-08-25 14:50 - 00000000 ____D () C:\FRST
2014-08-25 14:48 - 2014-08-25 14:48 - 01095168 _____ (Farbar) C:\Users\Windows7\Downloads\FRST.exe
2014-08-25 14:45 - 2012-12-19 21:11 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2014-08-25 14:26 - 2012-06-26 00:09 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000UA.job
2014-08-25 13:26 - 2012-06-26 00:09 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000Core.job
2014-08-25 13:12 - 2014-08-24 15:32 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-25 12:11 - 2012-04-09 14:56 - 01975840 _____ () C:\Windows\WindowsUpdate.log
2014-08-25 12:11 - 2009-07-14 11:34 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-25 12:11 - 2009-07-14 11:34 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-25 12:05 - 2012-04-26 13:04 - 00121791 _____ () C:\Windows\setupact.log
2014-08-25 12:05 - 2009-07-14 11:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-24 21:59 - 2012-04-18 01:35 - 01753408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-24 16:39 - 2012-12-18 18:31 - 00000000 ___HD () C:\Toolwiz
2014-08-24 15:32 - 2014-08-24 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-24 15:32 - 2014-08-24 15:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-24 15:32 - 2012-05-06 23:53 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-24 15:32 - 2012-05-06 23:53 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Malwarebytes
2014-08-24 15:31 - 2012-05-06 23:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-24 15:31 - 2012-05-06 23:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-08-17 22:35 - 2012-06-26 00:16 - 00002390 _____ () C:\Users\Windows7\Desktop\Google Chrome.lnk
2014-08-17 22:06 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-14 20:20 - 2012-03-14 07:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 20:18 - 2013-08-23 10:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 20:11 - 2009-10-14 16:57 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-03 12:04 - 2012-03-14 07:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-01 06:16 - 2014-08-13 20:19 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-29 12:26 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-26 21:01 - 2012-11-29 22:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 16:06 - 2012-11-29 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

Some content of TEMP:
====================
C:\Users\Windows7\AppData\Local\Temp\GUR6F74.exe
C:\Users\Windows7\AppData\Local\Temp\GUR7177.exe
C:\Users\Windows7\AppData\Local\Temp\GUR7290.exe
C:\Users\Windows7\AppData\Local\Temp\install_flashplayer14x32au_mssd_aaa_aih.exe
C:\Users\Windows7\AppData\Local\Temp\install_flashplayer14x32_mssd_aaa_aih.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-21 23:00

==================== End Of Log ============================

 

 

 

 

And the Addition text ;

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:24-08-2014 03
Ran by Windows7 at 2014-08-25 14:54:29
Running from C:\Users\Windows7\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Antivirus (Enabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Belarc Advisor 8.3 (HKLM\...\Belarc Advisor) (Version: 8.3.0.0 - Belarc Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO)
COMODO Internet Security (HKLM\...\{0E9AFD45-C3BA-41D1-B54B-495A22CB3409}) (Version: 6.0.64131.2674 - COMODO Security Solutions Inc.)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
GeekBuddy (HKLM\...\{E21161DD-05A2-42ED-A0EC-9C1393F51A64}) (Version: 4.2.39 - Comodo Security Solutions Inc)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
IncredibleCharts Pro (HKLM\...\{134959C1-E63F-11D5-87EF-444553540000}_is1) (Version:  - Vizhon Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.14.8.1075 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 8.1.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.1.0 - )
Launch Manager (HKLM\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6374 - Realtek Semiconductor Corp.)
Skype™ 6.1 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
System Requirements Lab for Intel (HKLM\...\{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}) (Version: 4.5.11.0 - Husdawg, LLC)
Toolwiz TimeFreeze (HKLM\...\Toolwiz TimeFreeze) (Version: 1.9.5.0 - Toolwiz  TimeFreeze Installer)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Chrome\Application\36.0.1985.143\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.129\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{7F902AD4-FC6A-4B2F-8B8D-B6DD4E329B76}\InprocServer32 -> C:\Users\Windows7\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~1.DLL No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{A0359AE6-F410-4425-A975-684AAB785ABD}\InprocServer32 -> C:\Users\Windows7\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAB~1.DLL No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:04 - 2009-06-11 04:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00DC7E16-89B5-4245-9B3C-6C8BFD9704F0} - System32\Tasks\{FD68C697-2D0B-4B1B-B90C-57A604C43B3B} => C:\Program Files\IncredibleCharts\IncredibleCharts.exe [2013-02-12] (Vizhon Corporation)
Task: {0387B9D1-4E60-4643-91BE-005386E45D04} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-17] (COMODO)
Task: {095DE48F-38F7-434B-8BFB-AECF9580BB5A} - System32\Tasks\{BDDCD7BA-A5CE-4631-9CF1-5ABAAFE1EF0A} => Chrome.exe
Task: {0976758C-BA74-4A39-8C94-43BDF43F78C9} - System32\Tasks\{196824D3-2774-489E-9CDA-A8776FED4F57} => C:\Users\Windows7\Downloads\chromeinstall-6u31.exe
Task: {377BF363-EDEF-4F60-A1E5-418668CB39AE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000UA => C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-26] (Google Inc.)
Task: {3AED34C0-BAA0-4756-B52F-1FDD8922BBEF} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-17] (COMODO)
Task: {3D162033-352F-4F51-9629-946D9F6F2278} - System32\Tasks\{02564FEB-EF2F-4A1F-AC7B-1BE691A9D7BC} => C:\Program Files\Webcam Surveyor\WebcamSurveyor.exe
Task: {48EAD3B8-50FA-495E-9686-486CBD891161} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1019755614-1115449502-2846687370-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {582D04C5-CDE0-4F59-B70B-4A30EF176035} - System32\Tasks\{7C8D1434-9E9D-49D5-A17B-8AB9CB2FAF24} => C:\Users\Windows7\Downloads\chromeinstall-6u31.exe
Task: {7B8B5B16-772B-4B01-9C03-D8442BC2C828} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000Core => C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-26] (Google Inc.)
Task: {7D5F454B-F1AA-41F4-850E-4F226CC03EC2} - System32\Tasks\{AAAF41DC-AB2B-4569-9118-08E94B73BD40} => C:\Users\Windows7\Downloads\chromeinstall-6u31.exe
Task: {898EB11A-A09D-4F46-8C8F-C3DF97A7B81C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-19] (Adobe Systems Incorporated)
Task: {95E4C016-0E35-450C-BBD2-0C7C32AE7AFF} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-17] (COMODO)
Task: {9C0AF01A-7B65-44C0-9563-E45B5E5128CF} - System32\Tasks\{30069AE9-1E89-4A1F-93DA-0CE78FCB7233} => C:\Program Files\Comodo\COMODO Internet Security\virtkiosk.exe [2014-03-26] (COMODO)
Task: {A8AADD31-41C7-47DA-B30A-1007826EBC64} - System32\Tasks\{0EA6EEA9-4464-4AB3-B4CD-4FAF9CC119E2} => C:\Program Files\Webcam Surveyor\WebcamSurveyor.exe
Task: {B9BA3E9C-5954-46D8-A373-ED58D6E7BE8D} - System32\Tasks\{9F56BFF6-D0F1-459D-9779-C5058C852F94} => C:\Program Files\Webcam Surveyor\WebcamSurveyor.exe
Task: {C09229A0-CFB6-4001-895B-421E86799355} - System32\Tasks\{83A23A5C-F9E5-41AF-A2C0-DCFA00FD1AC7} => Chrome.exe
Task: {C5A8F035-1000-4879-8221-BA38667C7017} - System32\Tasks\{70EAC6C4-59D4-4F6D-8F4E-1DF4189D7A93} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-03-26] (COMODO)
Task: {E74166DF-5B13-4C42-9E25-892765ED0361} - System32\Tasks\{F61B268C-4825-4742-A897-480626F3DE01} => C:\Program Files\Webcam Surveyor\WebcamSurveyor.exe
Task: {F70655EE-809E-457E-B3C0-48E7434BFCCF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1019755614-1115449502-2846687370-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {F73A1D73-80E4-4F3D-99AD-489C12A21289} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-17] (COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000Core.job => C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000UA.job => C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-21 17:22 - 2014-05-21 17:22 - 02135232 _____ () C:\Program Files\Comodo\Dragon\dragon_updater.exe
2012-04-15 14:53 - 2014-08-03 12:04 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-08-17 21:34 - 2014-08-17 21:34 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\97d6b17ed342f72bdf559a51f37ca929\IsdiInterop.ni.dll
2012-03-13 08:25 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-12-14 20:46 - 2013-04-16 00:39 - 00070352 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5547042D
AlternateDataStreams: C:\ProgramData\TEMP:A1D3FEF0
AlternateDataStreams: C:\ProgramData\TEMP:ADE16379
AlternateDataStreams: C:\ProgramData\TEMP:B881EAB4

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: GeekBuddyRSP => 2
MSCONFIG\Services: Live Updater Service => 2
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: WinDefend => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: GfxServiceInstall => C:\Windows\system32\GfxCUIServiceInstall.vbs
MSCONFIG\startupreg: Google Update => "C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LManager => C:\Program Files\Launch Manager\LManager.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PrivDogService => "C:\Program Files\AdTrustMedia\PrivDog\1.7.0.12\trustedadssvc.exe"
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Toolwiz TimeFreeze => "C:\Program Files\Toolwiz TimeFreeze\ToolwizTimeFreezeGUI.exe" -autorun

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/25/2014 01:04:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xf78
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/24/2014 10:41:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xdac
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/24/2014 04:36:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xa14
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (05/06/2014 07:56:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cmdagent.exe, version: 7.0.55655.4142, time stamp: 0x534ee613
Faulting module name: cmdurlflt.dll, version: 7.0.53315.4132, time stamp: 0x5331c96a
Exception code: 0xc0000417
Fault offset: 0x001b105e
Faulting process id: 0x394
Faulting application start time: 0xcmdagent.exe0
Faulting application path: cmdagent.exe1
Faulting module path: cmdagent.exe2
Report Id: cmdagent.exe3

Error: (03/04/2014 03:41:45 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070003

Error: (02/15/2014 01:06:48 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1704. An installation for Microsoft .NET Framework 4 Extended is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (11/26/2013 00:27:38 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (2532) An attempt to open the file "C:\Users\Windows7\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/25/2013 07:49:21 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (3004) An attempt to open the file "C:\Users\Windows7\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/18/2013 07:23:46 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (2976) An attempt to open the file "C:\Users\Windows7\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/14/2013 08:36:56 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (1576) An attempt to open the file "C:\Users\Windows7\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (08/25/2014 00:06:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
SBRE

Error: (08/25/2014 00:19:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UPnP Device Host service failed to start due to the following error:
%%1069

Error: (08/25/2014 00:19:11 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/25/2014 00:19:11 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (08/24/2014 09:59:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
SBRE

Error: (08/24/2014 09:59:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:38:36 PM on ‎8/‎24/‎2014 was unexpected.

Error: (08/24/2014 02:58:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
SBRE

Error: (08/24/2014 02:57:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:38:36 AM on ‎8/‎24/‎2014 was unexpected.

Error: (08/24/2014 01:38:07 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
SBRE

Error: (08/24/2014 01:37:57 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:37:22 PM on ‎8/‎23/‎2014 was unexpected.


Microsoft Office Sessions:
=========================
Error: (08/25/2014 01:04:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdf7801cfc02347da6350C:\Program Files\Malwarebytes Anti-Malware\mbam.exeC:\Program Files\Malwarebytes Anti-Malware\MSVCR100.dlla46a6f86-2c1d-11e4-80ac-047d7b506afe

Error: (08/24/2014 10:41:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fddac01cfbfac0a812473C:\Program Files\Malwarebytes Anti-Malware\mbam.exeC:\Program Files\Malwarebytes Anti-Malware\MSVCR100.dll0c5484ad-2ba5-11e4-ab91-047d7b506afe

Error: (08/24/2014 04:36:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fda1401cfbf75f8b3729dC:\Program Files\Malwarebytes Anti-Malware\mbam.exeC:\Program Files\Malwarebytes Anti-Malware\MSVCR100.dll17d7d50b-2b72-11e4-abf8-047d7b506afe

Error: (05/06/2014 07:56:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cmdagent.exe7.0.55655.4142534ee613cmdurlflt.dll7.0.53315.41325331c96ac0000417001b105e39401cf6914bfbff403C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\Program Files\COMODO\COMODO Internet Security\cmdurlflt.dllcb491a5d-d51d-11e3-8f27-047d7b506afe

Error: (03/04/2014 03:41:45 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070003
mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (02/15/2014 01:06:48 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1704. An installation for Microsoft .NET Framework 4 Extended is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/26/2013 00:27:38 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost2532C:\Users\Windows7\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (11/25/2013 07:49:21 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost3004C:\Users\Windows7\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (11/18/2013 07:23:46 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost2976C:\Users\Windows7\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (11/14/2013 08:36:56 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost1576C:\Users\Windows7\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.


CodeIntegrity Errors:
===================================
  Date: 2013-05-10 11:51:26.256
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Atom CPU N2800 @ 1.86GHz
Percentage of memory in use: 53%
Total physical RAM: 2036.3 MB
Available physical RAM: 941.5 MB
Total Pagefile: 6108.9 MB
Available Pagefile: 4749.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:65.97 GB) NTFS
Drive d: () (Fixed) (Total:197.99 GB) (Free:195.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 92128D69)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=198 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[Naathim]

OK, please do thi scan - but the scan only!

 

Scan with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• Follow the prompts and click Scan.
• Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.

Please include the contents of that file in your reply.
Do not click Clean unless told!

[mof]

Cheers.

 

OK, ADW is showing - ''Pending. Please uncheck elements you dont want to remove''. So i think that means the scan is finished so i've copied the text file here;

 

 

 

 

 

# AdwCleaner v3.308 - Report created 25/08/2014 at 15:34:36
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Windows7 - WINDOWS7-PC0451
# Running from : C:\Users\Windows7\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Users\Windows7\AppData\Local\apn

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\myvh82o2.default-1354460765415\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2234 octets] - [25/08/2014 15:34:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2294 octets] ##########
 

[Naathim]

OK, let's run Clean now.


Fix with AdwCleaner

Please re-run AdwCleaner.

• Right-click on icon and select Run as Administrator to start the tool.
• Follow the prompts and click Scan.
• When finished, please click Clean.
• Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please include the contents of that file in your reply.

[mof]

I ran the scan again and clicked clean and here is the report ;

 

 

 

# AdwCleaner v3.308 - Report created 25/08/2014 at 16:11:05
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Windows7 - WINDOWS7-PC0451
# Running from : C:\Users\Windows7\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Windows7\AppData\Local\apn

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\myvh82o2.default-1354460765415\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2374 octets] - [25/08/2014 15:34:36]
AdwCleaner[R1].txt - [2434 octets] - [25/08/2014 16:08:28]
AdwCleaner[s0].txt - [2391 octets] - [25/08/2014 16:11:05]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2451 octets] ##########
 

[Naathim]

Fine, thank you


Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Follow the prompts and let this process run uninterrupted.
• This scan can take a while, depending on your System specs.
• Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.


Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

• Right-click on icon and select Run as Administrator to start the tool.
  > XP users click run after receipt of Windows Security Warning - Open File.
  > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

[mof]

Just posting the text file from JRT before i reboot and do another FRST scan (to follow).

Thanks.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by Windows7 on Mon 08/25/2014 at 16:50:08.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B95F384F-95AF-421B-888C-62E2C1578DC7}
Successfully deleted: [Registry Key] "hkey_current_user\software\classes\typelib\{006ad7b2-968a-11de-88c9-5bde55d89593}"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\adtrustmedia"
Successfully deleted: [Folder] "C:\ProgramData\big fish games"



~~~ FireFox

Successfully deleted the following from C:\Users\Windows7\AppData\Roaming\mozilla\firefox\profiles\myvh82o2.default-1354460765415\prefs.js

user_pref("extensions.trusted-ads.TrustAd", "{\"r\":[{\"t\":\"FQDN\",\"r\":\"trustedads.adtrustmedia.com\",\"c\":[{\"i\":\"1\",\"s\":[\"display.clickpoint.com\",\"www.africawi
Emptied folder: C:\Users\Windows7\AppData\Roaming\mozilla\firefox\profiles\myvh82o2.default-1354460765415\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/25/2014 at 17:19:43.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[mof]

FRST scan with Addition scan below it.

Thanks.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-08-2014 03
Ran by Windows7 (administrator) on WINDOWS7-PC0451 on 25-08-2014 17:41:03
Running from C:\Users\Windows7\Downloads
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions Inc.) C:\Program Files\Common Files\Comodo\launcher_service.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Comodo\Dragon\dragon_updater.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1225944 2014-03-26] (COMODO)
HKLM\...\Run: [tvncontrol] => "C:\Program Files\Common Files\Comodo\tvnserver.exe" -controlservice -slave
HKLM\...\Run: [GfxServiceInstall] => C:\Windows\system32\GfxCUIServiceInstall.vbs [131 2011-12-13] ()
HKU\S-1-5-21-1019755614-1115449502-2846687370-1000\...\Run: [Google Update] => C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-26] (Google Inc.)
HKU\S-1-5-21-1019755614-1115449502-2846687370-1000\...\MountPoints2: {254a8ba5-6d27-11e1-88a1-806e6f6e6963} - E:\DistinguishOS.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.msn.iplay.com/?o=shp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3ACF29619115CD01
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 172.16.251.77
Tcpip\..\Interfaces\{069CFF82-4582-4A00-8B4B-8B1A96EEC289}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{20E49E18-726A-45BB-ADC3-0B0F9817C16A}: [NameServer] 156.154.70.22,156.154.71.22

FireFox:
========
FF ProfilePath: C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\myvh82o2.default-1354460765415
FF Homepage: https://encrypted.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: PrivDog - C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\myvh82o2.default-1354460765415\Extensions\PrivDog@AdTrustMedia.com [2014-06-20]

Chrome:
=======
CHR HomePage: https://encrypted.google.com/
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (Google Wallet) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-29]
CHR StartMenuInternet: Google Chrome - C:\Users\Windows7\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 CLPSLauncher; C:\Program Files\Common Files\Comodo\launcher_service.exe [70352 2012-11-01] (Comodo Security Solutions Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-17] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-26] (COMODO)
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-03-14] (Macrovision Europe Ltd.) [File not signed]
S4 GeekBuddyRSP; C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe [1467088 2012-10-31] (Comodo Security Solutions, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BTOWSFF; C:\Windows\system32\Drivers\BTOWSFF.sys [26432 2012-12-18] (Toolwiz.com)
R0 BTOWSVF; C:\Windows\System32\Drivers\BTOWSVF.sys [49856 2012-12-18] (Toolwiz.com)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2012-12-04] (Windows ® Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2014-04-17] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [607168 2014-04-17] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2014-04-17] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [92656 2014-04-17] (COMODO)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [254056 2011-05-30] (Realtek Semiconductor Corp.)
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 17:19 - 2014-08-25 17:19 - 00001641 _____ () C:\Users\Windows7\Desktop\JRT.txt
2014-08-25 16:50 - 2014-08-25 16:50 - 00000000 ____D () C:\Windows\ERUNT
2014-08-25 16:48 - 2014-08-25 16:48 - 01016261 _____ (Thisisu) C:\Users\Windows7\Downloads\JRT.exe
2014-08-25 15:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-08-25 15:34 - 2014-08-25 16:11 - 00000000 ____D () C:\AdwCleaner
2014-08-25 15:30 - 2014-08-25 15:31 - 01364531 _____ () C:\Users\Windows7\Downloads\AdwCleaner.exe
2014-08-25 14:54 - 2014-08-25 15:04 - 00033702 _____ () C:\Users\Windows7\Downloads\Addition.txt
2014-08-25 14:52 - 2014-08-25 17:41 - 00009242 _____ () C:\Users\Windows7\Downloads\FRST.txt
2014-08-25 14:50 - 2014-08-25 17:41 - 00000000 ____D () C:\FRST
2014-08-25 14:48 - 2014-08-25 14:48 - 01095168 _____ (Farbar) C:\Users\Windows7\Downloads\FRST.exe
2014-08-25 12:10 - 2014-05-14 23:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-25 12:10 - 2014-05-14 23:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-25 12:10 - 2014-05-14 23:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-25 12:10 - 2014-05-14 23:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-25 12:09 - 2014-05-14 23:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-25 12:09 - 2014-05-14 23:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-25 12:09 - 2014-05-14 23:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-25 12:09 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-25 12:09 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-24 15:32 - 2014-08-25 13:12 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 15:32 - 2014-08-24 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-24 15:31 - 2014-08-24 15:32 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-24 15:31 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-24 15:31 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-14 20:05 - 2014-07-01 05:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 20:05 - 2014-03-10 04:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 20:04 - 2014-06-06 13:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 20:04 - 2014-03-10 04:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 20:20 - 2014-07-14 08:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 20:20 - 2014-06-16 08:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 20:20 - 2014-06-16 08:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-13 20:20 - 2014-06-16 08:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-13 20:19 - 2014-08-01 06:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 20:19 - 2014-07-25 20:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 20:19 - 2014-07-25 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 20:19 - 2014-07-25 20:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 20:19 - 2014-07-25 19:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 20:19 - 2014-07-25 19:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 20:19 - 2014-07-25 19:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 20:19 - 2014-07-25 19:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 20:19 - 2014-07-25 19:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 20:19 - 2014-07-25 19:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 20:19 - 2014-07-25 19:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 20:19 - 2014-07-25 19:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 20:19 - 2014-07-25 19:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 20:19 - 2014-07-25 19:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 20:19 - 2014-07-25 19:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 20:19 - 2014-07-25 19:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 20:19 - 2014-07-25 18:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 20:19 - 2014-07-25 18:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 20:19 - 2014-07-25 18:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 20:19 - 2014-07-25 18:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 20:19 - 2014-07-25 18:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 20:19 - 2014-07-25 18:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 20:19 - 2014-07-25 18:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 20:19 - 2014-07-25 18:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 20:19 - 2014-07-25 18:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 20:19 - 2014-07-25 18:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 20:19 - 2014-07-25 18:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 20:19 - 2014-07-25 17:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 20:19 - 2014-07-25 17:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 20:19 - 2014-07-25 17:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 20:16 - 2014-07-16 09:47 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 20:16 - 2014-07-16 09:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 20:16 - 2014-07-16 08:47 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 20:16 - 2014-06-03 16:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 20:16 - 2014-06-03 16:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 20:16 - 2014-06-03 16:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 20:16 - 2014-06-03 16:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 20:14 - 2014-07-09 08:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 20:14 - 2014-07-09 08:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 20:14 - 2014-07-09 08:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 20:14 - 2014-07-09 08:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 20:14 - 2014-07-09 08:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 20:14 - 2014-07-09 05:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 20:14 - 2014-06-25 08:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 17:41 - 2014-08-25 14:52 - 00009242 _____ () C:\Users\Windows7\Downloads\FRST.txt
2014-08-25 17:41 - 2014-08-25 14:50 - 00000000 ____D () C:\FRST
2014-08-25 17:40 - 2009-07-14 11:34 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-25 17:40 - 2009-07-14 11:34 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-25 17:37 - 2012-04-09 14:56 - 01992579 _____ () C:\Windows\WindowsUpdate.log
2014-08-25 17:34 - 2012-04-26 13:04 - 00121903 _____ () C:\Windows\setupact.log
2014-08-25 17:34 - 2009-07-14 11:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-25 17:33 - 2012-12-19 21:11 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2014-08-25 17:26 - 2012-06-26 00:09 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000UA.job
2014-08-25 17:19 - 2014-08-25 17:19 - 00001641 _____ () C:\Users\Windows7\Desktop\JRT.txt
2014-08-25 16:50 - 2014-08-25 16:50 - 00000000 ____D () C:\Windows\ERUNT
2014-08-25 16:48 - 2014-08-25 16:48 - 01016261 _____ (Thisisu) C:\Users\Windows7\Downloads\JRT.exe
2014-08-25 16:14 - 2012-04-18 01:35 - 01753408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 16:13 - 2012-06-05 19:12 - 00078440 _____ () C:\Windows\PFRO.log
2014-08-25 16:11 - 2014-08-25 15:34 - 00000000 ____D () C:\AdwCleaner
2014-08-25 15:31 - 2014-08-25 15:30 - 01364531 _____ () C:\Users\Windows7\Downloads\AdwCleaner.exe
2014-08-25 15:04 - 2014-08-25 14:54 - 00033702 _____ () C:\Users\Windows7\Downloads\Addition.txt
2014-08-25 14:48 - 2014-08-25 14:48 - 01095168 _____ (Farbar) C:\Users\Windows7\Downloads\FRST.exe
2014-08-25 13:26 - 2012-06-26 00:09 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000Core.job
2014-08-25 13:12 - 2014-08-24 15:32 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 16:39 - 2012-12-18 18:31 - 00000000 ___HD () C:\Toolwiz
2014-08-24 15:32 - 2014-08-24 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-24 15:32 - 2014-08-24 15:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-24 15:32 - 2012-05-06 23:53 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-24 15:32 - 2012-05-06 23:53 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Malwarebytes
2014-08-24 15:31 - 2012-05-06 23:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-24 15:31 - 2012-05-06 23:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-08-17 22:35 - 2012-06-26 00:16 - 00002390 _____ () C:\Users\Windows7\Desktop\Google Chrome.lnk
2014-08-17 22:06 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-14 20:20 - 2012-03-14 07:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 20:18 - 2013-08-23 10:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 20:11 - 2009-10-14 16:57 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-03 12:04 - 2012-03-14 07:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-01 06:16 - 2014-08-13 20:19 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-29 12:26 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-26 21:01 - 2012-11-29 22:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 16:06 - 2012-11-29 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

Some content of TEMP:
====================
C:\Users\Windows7\AppData\Local\Temp\GUR6F74.exe
C:\Users\Windows7\AppData\Local\Temp\GUR7177.exe
C:\Users\Windows7\AppData\Local\Temp\GUR7290.exe
C:\Users\Windows7\AppData\Local\Temp\install_flashplayer14x32au_mssd_aaa_aih.exe
C:\Users\Windows7\AppData\Local\Temp\install_flashplayer14x32_mssd_aaa_aih.exe
C:\Users\Windows7\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-21 23:00

==================== End Of Log ============================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:24-08-2014 03
Ran by Windows7 at 2014-08-25 17:42:33
Running from C:\Users\Windows7\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Antivirus (Enabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Belarc Advisor 8.3 (HKLM\...\Belarc Advisor) (Version: 8.3.0.0 - Belarc Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO)
COMODO Internet Security (HKLM\...\{0E9AFD45-C3BA-41D1-B54B-495A22CB3409}) (Version: 6.0.64131.2674 - COMODO Security Solutions Inc.)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
GeekBuddy (HKLM\...\{E21161DD-05A2-42ED-A0EC-9C1393F51A64}) (Version: 4.2.39 - Comodo Security Solutions Inc)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
IncredibleCharts Pro (HKLM\...\{134959C1-E63F-11D5-87EF-444553540000}_is1) (Version:  - Vizhon Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.14.8.1075 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 8.1.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.1.0 - )
Launch Manager (HKLM\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6374 - Realtek Semiconductor Corp.)
Skype™ 6.1 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
System Requirements Lab for Intel (HKLM\...\{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}) (Version: 4.5.11.0 - Husdawg, LLC)
Toolwiz TimeFreeze (HKLM\...\Toolwiz TimeFreeze) (Version: 1.9.5.0 - Toolwiz  TimeFreeze Installer)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Chrome\Application\36.0.1985.143\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.129\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{7F902AD4-FC6A-4B2F-8B8D-B6DD4E329B76}\InprocServer32 -> C:\Users\Windows7\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~1.DLL No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{A0359AE6-F410-4425-A975-684AAB785ABD}\InprocServer32 -> C:\Users\Windows7\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAB~1.DLL No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:04 - 2009-06-11 04:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00DC7E16-89B5-4245-9B3C-6C8BFD9704F0} - System32\Tasks\{FD68C697-2D0B-4B1B-B90C-57A604C43B3B} => C:\Program Files\IncredibleCharts\IncredibleCharts.exe [2013-02-12] (Vizhon Corporation)
Task: {0387B9D1-4E60-4643-91BE-005386E45D04} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-17] (COMODO)
Task: {095DE48F-38F7-434B-8BFB-AECF9580BB5A} - System32\Tasks\{BDDCD7BA-A5CE-4631-9CF1-5ABAAFE1EF0A} => Chrome.exe
Task: {0976758C-BA74-4A39-8C94-43BDF43F78C9} - System32\Tasks\{196824D3-2774-489E-9CDA-A8776FED4F57} => C:\Users\Windows7\Downloads\chromeinstall-6u31.exe
Task: {377BF363-EDEF-4F60-A1E5-418668CB39AE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000UA => C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-26] (Google Inc.)
Task: {3AED34C0-BAA0-4756-B52F-1FDD8922BBEF} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-17] (COMODO)
Task: {3D162033-352F-4F51-9629-946D9F6F2278} - System32\Tasks\{02564FEB-EF2F-4A1F-AC7B-1BE691A9D7BC} => C:\Program Files\Webcam Surveyor\WebcamSurveyor.exe
Task: {48EAD3B8-50FA-495E-9686-486CBD891161} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1019755614-1115449502-2846687370-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {582D04C5-CDE0-4F59-B70B-4A30EF176035} - System32\Tasks\{7C8D1434-9E9D-49D5-A17B-8AB9CB2FAF24} => C:\Users\Windows7\Downloads\chromeinstall-6u31.exe
Task: {7B8B5B16-772B-4B01-9C03-D8442BC2C828} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000Core => C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-26] (Google Inc.)
Task: {7D5F454B-F1AA-41F4-850E-4F226CC03EC2} - System32\Tasks\{AAAF41DC-AB2B-4569-9118-08E94B73BD40} => C:\Users\Windows7\Downloads\chromeinstall-6u31.exe
Task: {898EB11A-A09D-4F46-8C8F-C3DF97A7B81C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-19] (Adobe Systems Incorporated)
Task: {95E4C016-0E35-450C-BBD2-0C7C32AE7AFF} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-17] (COMODO)
Task: {9C0AF01A-7B65-44C0-9563-E45B5E5128CF} - System32\Tasks\{30069AE9-1E89-4A1F-93DA-0CE78FCB7233} => C:\Program Files\Comodo\COMODO Internet Security\virtkiosk.exe [2014-03-26] (COMODO)
Task: {A8AADD31-41C7-47DA-B30A-1007826EBC64} - System32\Tasks\{0EA6EEA9-4464-4AB3-B4CD-4FAF9CC119E2} => C:\Program Files\Webcam Surveyor\WebcamSurveyor.exe
Task: {B9BA3E9C-5954-46D8-A373-ED58D6E7BE8D} - System32\Tasks\{9F56BFF6-D0F1-459D-9779-C5058C852F94} => C:\Program Files\Webcam Surveyor\WebcamSurveyor.exe
Task: {C09229A0-CFB6-4001-895B-421E86799355} - System32\Tasks\{83A23A5C-F9E5-41AF-A2C0-DCFA00FD1AC7} => Chrome.exe
Task: {C5A8F035-1000-4879-8221-BA38667C7017} - System32\Tasks\{70EAC6C4-59D4-4F6D-8F4E-1DF4189D7A93} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-03-26] (COMODO)
Task: {E74166DF-5B13-4C42-9E25-892765ED0361} - System32\Tasks\{F61B268C-4825-4742-A897-480626F3DE01} => C:\Program Files\Webcam Surveyor\WebcamSurveyor.exe
Task: {F70655EE-809E-457E-B3C0-48E7434BFCCF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1019755614-1115449502-2846687370-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {F73A1D73-80E4-4F3D-99AD-489C12A21289} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-17] (COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000Core.job => C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1019755614-1115449502-2846687370-1000UA.job => C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-21 17:22 - 2014-05-21 17:22 - 02135232 _____ () C:\Program Files\Comodo\Dragon\dragon_updater.exe
2012-12-14 20:46 - 2013-04-16 00:39 - 00070352 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2012-04-15 14:53 - 2014-08-03 12:04 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-08-17 21:34 - 2014-08-17 21:34 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\97d6b17ed342f72bdf559a51f37ca929\IsdiInterop.ni.dll
2012-03-13 08:25 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5547042D
AlternateDataStreams: C:\ProgramData\TEMP:A1D3FEF0
AlternateDataStreams: C:\ProgramData\TEMP:ADE16379
AlternateDataStreams: C:\ProgramData\TEMP:B881EAB4

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: GeekBuddyRSP => 2
MSCONFIG\Services: Live Updater Service => 2
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: WinDefend => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: GfxServiceInstall => C:\Windows\system32\GfxCUIServiceInstall.vbs
MSCONFIG\startupreg: Google Update => "C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LManager => C:\Program Files\Launch Manager\LManager.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PrivDogService => "C:\Program Files\AdTrustMedia\PrivDog\1.7.0.12\trustedadssvc.exe"
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Toolwiz TimeFreeze => "C:\Program Files\Toolwiz TimeFreeze\ToolwizTimeFreezeGUI.exe" -autorun

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/25/2014 05:40:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 24.8.2014.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5e4

Start Time: 01cfc050b6a7297a

Termination Time: 15

Application Path: C:\Users\Windows7\Downloads\FRST.exe

Report Id: 2c6a20d0-2c44-11e4-9c81-047d7b506afe


System errors:
=============
Error: (08/25/2014 05:34:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
SBRE


Microsoft Office Sessions:
=========================
Error: (08/25/2014 05:40:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe24.8.2014.35e401cfc050b6a7297a15C:\Users\Windows7\Downloads\FRST.exe2c6a20d0-2c44-11e4-9c81-047d7b506afe


CodeIntegrity Errors:
===================================
  Date: 2013-05-10 11:51:26.256
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Atom CPU N2800 @ 1.86GHz
Percentage of memory in use: 51%
Total physical RAM: 2036.3 MB
Available physical RAM: 983.45 MB
Total Pagefile: 6108.9 MB
Available Pagefile: 4892.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:66.05 GB) NTFS
Drive d: () (Fixed) (Total:197.99 GB) (Free:195.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 92128D69)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=198 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[Naathim]

Scan with VirusTotal

Please go to VirusTotal.

• Click Choose File and locate the following file:

  C:\Windows\system32\Drivers\sfi.dat  

• Click Scan it!.
• If you receive the following notification: File already analysed click Reanalyse.

Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply.

[mof]

Here's the URL. thnx.

 

https://www.virustotal.com/en/file/0b1159d6a9f41e3d85d2b9f36c8186106446a43bba7c26c4063748baf0029f04/analysis/1408966432/

[mof]

sfi.dat file might be related to my Comodo AV??

 

http://forums.mydigitallife.info/threads/17361-Beware-system-restore-issue-with-comodo-antivirus

[Naathim]

I know, but it also can make confusion. The purpose for scanning was to get other people, who will be researching logs, that the file was previously scanned and it is safe

 

What are the current issues you are facing?

[mof]

No real user issues......as far as i know.

I'm mostly concerned about my passwords and sensitive info on a couple of sites.

Is it a serious infection or mild, or has it now been removed?

Thanks for this.

[Naathim]

I'm mostly concerned about my passwords and sensitive info on a couple of sites.

Is it a serious infection or mild, or has it now been removed?

It is not an infection. It is a program that is considered undesirable or unwanted and far from calling it an infection. Most of these are just apps that are bundled with another installators. In my closing speech there will be a tool provided that should protect you from most of these, however you should always stay focused when installing any new software (especially wneh downloading not from the official vendor's site).

Your passwords should be perfectly safe, but I will ask you to do some more scans to be sure if there isn't anything more lurking here

Fix with Farbar Recovery Scan Tool

 

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Press the + R on your keyboard at the same time. Type Notepad and click OK.

• Copy the entire content of the codebox below and paste into the Notepad document:

  startHKU\S-1-5-21-1019755614-1115449502-2846687370-1000\...\MountPoints2: {254a8ba5-6d27-11e1-88a1-806e6f6e6963} - E:\DistinguishOS.exeFF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.135\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.23.9\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.129\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.145\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.123\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.153\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{7F902AD4-FC6A-4B2F-8B8D-B6DD4E329B76}\InprocServer32 -> C:\Users\Windows7\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~1.DLL No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{A0359AE6-F410-4425-A975-684AAB785ABD}\InprocServer32 -> C:\Users\Windows7\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAB~1.DLL No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.22.3\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.115\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.22.5\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.111\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-1019755614-1115449502-2846687370-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.24.7\psuser.dll No FileHosts:Task: C:\Windows\Tasks\AutoKMS.job => ?AlternateDataStreams: C:\ProgramData\TEMP:5547042DAlternateDataStreams: C:\ProgramData\TEMP:A1D3FEF0AlternateDataStreams: C:\ProgramData\TEMP:ADE16379AlternateDataStreams: C:\ProgramData\TEMP:B881EAB4EmptyTemp:end

• Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.

  > XP users click run after receipt of Windows Security Warning - Open File.

  > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.

Scan with aswMBR

Please download aswMBR by Avast! & Gmer and save it to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on the icon and select Run as Administrator to start the tool.
• Allow virtualisation if offered.
• If you are prompted to download the latest anti-virus definitions from avast!, click No.
• Select Scan.
• Upon completion, you will see Scan finished successfully. Click Save log.

Do NOT click Fix or FixMBR!

A file (MBR.dat) will be created on your desktop. Do NOT click or delete it!

Copy the contents of the logfile ans paste in into your next reply.

Do not forget to re-enable your previously switched-off protection software

Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• Follow onscreen instructions inside the black box. This scan won't take long.
• Soon a notepad document called checkup.txt will open automaticaly.

Please include the content of that document.

[mof]

Naathim,

 

With the FRST tool will it delete all those items in notepad including these ;

 

Hosts:
Task: C:\Windows\Tasks\AutoKMS.job => ?
AlternateDataStreams: C:\ProgramData\TEMP:5547042D
AlternateDataStreams: C:\ProgramData\TEMP:A1D3FEF0
AlternateDataStreams: C:\ProgramData\TEMP:ADE16379
AlternateDataStreams: C:\ProgramData\TEMP:B881EAB4
EmptyTemp:
end

[Naathim]

I don't fully understand. I have instructed FRST to remove them on a purpose

[mof]

I've never used Office and doubt i ever will,but recently bought this laptop new in SE Asia so will removing those files alter my core system for the time being or just additional add on programs like Office?

 

Thanks

[Naathim]

Aaah, I suppose you'd like to hear a little explanation
 
 
Hosts:
 

That command will reset your Hosts file to a fresh version, as your is quite old (2009) and outdated.

 

Task: C:\Windows\Tasks\AutoKMS.job => ?
 

This is only a task file which is orphaned - leads to nowhere. I've added this one to tidy up.

AlternateDataStreams: C:\ProgramData\TEMP:5547042D
AlternateDataStreams: C:\ProgramData\TEMP:A1D3FEF0
AlternateDataStreams: C:\ProgramData\TEMP:ADE16379
AlternateDataStreams: C:\ProgramData\TEMP:B881EAB4
 

These are alternate data streams. You canread about them here. They do not seem legit and I am removing them because they may hide really anything. Also they are attached to temporary locations, which causes me to suspect them.

 

EmptyTemp:
 

This commands simply empties the temporary files to keep your machine tidy.

 

 

I am not here to mess with anything important to your machine, I am here to clean it

[mof]

Thank you sir!

 

I appreciate all your help, it's just to a dummy like me that code looks abit scary.

 

As an example of that, i dont fully understand what i need to do for this bit  ;

 

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

 

 

Also ,I've closed the FRST software. Should i open it again and run the scan and then ''Fix it''?

 

Sorry about the dumb questions.

[Naathim]

Thank you sir!

I appreciate all your help, it's just to a dummy like me that code looks abit scary.

Call me Naat, no sir. I'm just a folk here, like many others

 

As an example of that, i dont fully understand what i need to do for this bit ;

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

FRST needs to be instructed what to remove - that's why we're preparing a file called fixlist prior to running a fix. That file contains specific instructions. What I meant is that the FRST software needs to be in the same location, preferably your desktop. It should look like here:

 

Also ,I've closed the FRST software. Should i open it again and run the scan and then ''Fix it''?

 

No. Please read my instructions with more focus and be more thorough. I said:

 

• Right-click on icon and select Run as Administrator to start the tool.

  > XP users click run after receipt of Windows Security Warning - Open File.

  > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.

 

 

 

 

Sorry about the dumb questions.

 

There are no silly questions here