Jump to content

Recommended Posts

I have contracted the "Department of Justice" version of the ukash trojan. I am using Win 7 64 bit. I get the popup even in safe mode with networking so I could not use any online scanners. I tried using a Kaspersky rescue disc but it said the database was corrupted and would not run. I can not see any .lnk files.

 

I ran FRST64 in safe mode. I got the popup while it was scanning but I waited until I thought it was done and then shut down. The two logs it created are below (FRST.txt and Addition.txt).

 

I greatly appreciate any help. I am at a loss.

 

Thank you!

Alan

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by Alan (administrator) on ALANS_COMPUTER on 18-10-2014 01:59:54
Running from e:\
Loaded Profile: Alan (Available profiles: Alan & ntp)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\cmd.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-06] (Realtek Semiconductor)
HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [7144960 2013-08-02] (Broadcom Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [151552 2013-06-29] (IvoSoft)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [AVP] => F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [PowerDVD13Agent] => F:\Program Files\CyberLink\PowerDVD13\PowerDVD13\PowerDVD13Agent.exe [517144 2014-03-26] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => F:\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [Dimension4] => F:\Program Files\Dimension 4\D4.exe
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => F:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe [350144 2012-03-27] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC)
HKLM-x32\...\Run: [QuickTime Task] => F:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3833325554-700451505-2708980065-1000\...\Run: [DriverMax_RESTART] => F:\Program Files\Innovative Solutions\DriverMax\drivermax.exe [7328632 2013-10-28] (Innovative Solutions)
HKU\S-1-5-21-3833325554-700451505-2708980065-1000\...\Run: [AnyDVD] => F:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-10-01] (SlySoft, Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/advanced_search
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> F:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> F:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> F:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> F:\Program Files\Java\jre7\bin\ssv.dll No File
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> F:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default
FF Homepage: hxxp://www.google.com/advanced_search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> F:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> F:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> F:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> F:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> F:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> F:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> F:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: EPUBReader - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-08-23]
FF Extension: Anti-Porn Pro - The Best Anti-Porn Addon! - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\azhang@cloudacl.com.xpi [2014-07-02]
FF Extension: Classic Theme Restorer - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-02]
FF Extension: Classic Toolbar Buttons - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\CSTBB@NArisT2_Noia4dev.xpi [2014-05-02]
FF Extension: Ghostery - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\firefox@ghostery.com.xpi [2013-08-17]
FF Extension: Qute 5++ - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\Qute5pp@magicp.jp.xpi [2014-06-29]
FF Extension: Simple White - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\Simple@White.Theme.xpi [2014-06-29]
FF Extension: Status-4-Evar - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\status4evar@caligonstudios.com.xpi [2013-08-14]
FF Extension: Tangofox about:home - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\tangofox-abouthome@haven667.xpi [2014-08-02]
FF Extension: Tangofox PDF.js - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\tangofox-pdf.js@haven667.xpi [2014-08-02]
FF Extension: Tangofox - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\Tangofox@haven667.xpi [2014-06-29]
FF Extension: Troubleshooter - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\troubleshooter@mozilla.org.xpi [2014-05-02]
FF Extension: LittleFox - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}.xpi [2014-06-29]
FF Extension: Stylish - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-05-03]
FF Extension: oldbar - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}.xpi [2014-05-03]
FF Extension: New Tab Homepage - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2014-05-03]
FF Extension: Switch to Tab no more - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\{7edcdfc0-3056-11e0-91fa-0800200c9a66}.xpi [2014-03-03]
FF Extension: Adblock Plus - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-14]
FF Extension: Tab Mix Plus - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-08-14]
FF Extension: Firefox 2, the theme, reloaded - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}.xpi [2013-08-14]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\FFExt\url_advisor@kaspersky.com [2013-08-04]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\FFExt\virtual_keyboard@kaspersky.com [2013-08-04]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\FFExt\content_blocker@kaspersky.com [2013-08-04]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\FFExt\anti_banner@kaspersky.com [2013-08-04]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\FFExt\online_banking@kaspersky.com [2013-08-04]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\ChromeExt\urladvisor.crx [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\ChromeExt\online_banking_chrome.crx [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\ChromeExt\content_blocker_chrome.crx [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\ChromeExt\virtkbd.crx [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\ChromeExt\ab.crx [2013-05-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
S2 AVP; F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
S2 CyberLink PowerDVD 13 Media Server Monitor Service; F:\Program Files\CyberLink\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2014-03-26] (CyberLink)
S2 CyberLink PowerDVD 13 Media Server Service; F:\Program Files\CyberLink\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [327432 2014-03-26] (CyberLink)
S2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc)
S2 FoxitCloudUpdateService; F:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMScheduler; F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 NTP; F:\Program Files\NTP\bin\ntpd.exe [573840 2012-08-15] ()
S2 ppped; F:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe [1013696 2012-03-27] (Cyber Power Systems, Inc.)
S2 ScsiAccess; F:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe [181312 2013-08-04] () [File not signed]
S2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5834752 2013-08-02] (Broadcom Corporation) [File not signed]
S2 Dimension4; F:\Program Files\Dimension 4\D4.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-03] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-20] (Broadcom Corporation.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-08-04] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-02] (Kaspersky Lab ZAO)
S1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-10-18] ()
U5 UnlockerDriver5; F:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; F:\Program Files\CyberLink\PowerDVD13\PowerDVD13\Common\NavFilter\000.fcl [32456 2014-03-26] (CyberLink Corp.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-18 05:48 - 2014-10-18 02:00 - 00000000 ____D () C:\FRST
2014-10-18 01:32 - 2014-10-18 01:32 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-18 01:32 - 2014-10-18 01:32 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-18 01:23 - 2014-10-18 01:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-17 23:24 - 2014-10-17 23:24 - 00000000 ____D () C:\ProgramData\F-Secure
2014-10-17 19:47 - 2014-10-17 19:47 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-10-17 16:19 - 2014-10-17 16:19 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\21769
2014-10-16 19:14 - 2014-10-16 19:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-30 18:03 - 2014-09-30 18:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\17B81A7D.sys
2014-09-30 17:35 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 17:35 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-26 23:30 - 2014-09-26 23:30 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\13841
2014-09-26 23:28 - 2014-09-26 23:28 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\13452
2014-09-24 19:38 - 2014-10-17 23:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 18:10 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-24 18:10 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-24 18:10 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-24 18:10 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-24 18:10 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-24 18:10 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-24 18:10 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-24 18:10 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-24 18:10 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-24 18:10 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-24 18:10 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-24 18:10 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-23 16:06 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 16:06 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-20 21:12 - 2014-09-20 21:12 - 00000000 ____D () C:\Users\Public\Foxit Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-18 01:34 - 2009-07-14 01:13 - 00782110 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-18 01:29 - 2014-04-10 18:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-18 01:29 - 2013-08-02 20:37 - 01298432 _____ () C:\Windows\WindowsUpdate.log
2014-10-18 01:29 - 2009-07-14 00:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-18 01:29 - 2009-07-14 00:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-18 01:25 - 2013-08-04 15:33 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-18 01:24 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-18 01:24 - 2009-07-14 00:51 - 00067152 _____ () C:\Windows\setupact.log
2014-10-17 23:15 - 2013-09-08 12:19 - 00000000 ____D () C:\Users\ntp
2014-10-17 23:14 - 2014-08-09 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-17 23:14 - 2013-08-14 17:01 - 00000000 ____D () C:\Users\Alan\AppData\Local\Cyberlink SoftDMA
2014-10-17 23:14 - 2013-08-04 20:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-17 23:14 - 2013-08-02 20:37 - 00000000 ____D () C:\Users\Alan
2014-10-17 23:14 - 2011-04-12 04:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-17 23:14 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-17 23:14 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-17 23:14 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-10-17 23:13 - 2013-08-26 19:36 - 00000000 __RHD () C:\MSOCache
2014-10-17 23:13 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-10-17 21:22 - 2013-08-17 13:58 - 00000000 ____D () C:\Users\Alan\AppData\Local\QuickPar
2014-10-16 19:14 - 2013-09-10 21:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-04 09:36 - 2009-07-14 01:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-26 15:54 - 2009-07-14 00:45 - 00445400 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-25 17:16 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache

Some content of TEMP:
====================
C:\Users\Alan\AppData\Local\Temp\AskSLib.dll
C:\Users\Alan\AppData\Local\Temp\Checkupdate.exe
C:\Users\Alan\AppData\Local\Temp\COMAP.EXE
C:\Users\Alan\AppData\Local\Temp\DivXSetup.exe
C:\Users\Alan\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Alan\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Alan\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Alan\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Alan\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Alan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Alan\AppData\Local\Temp\mpegc.dll
C:\Users\Alan\AppData\Local\Temp\nsbB49.tmp.exe
C:\Users\Alan\AppData\Local\Temp\nso4B26.tmp.exe
C:\Users\Alan\AppData\Local\Temp\ose00000.exe
C:\Users\Alan\AppData\Local\Temp\safeguard.exe
C:\Users\Alan\AppData\Local\Temp\tmp2589.exe
C:\Users\Alan\AppData\Local\Temp\vlc-2.1.2-win64.exe
C:\Users\Alan\AppData\Local\Temp\_isA581.exe
C:\Users\Alan\AppData\Local\Temp\_isC985.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll
[2010-11-20 23:24] - [2014-03-04 05:16] - 0867840 ____A (Microsoft Corporation) 5CAEE8D557275CF5B5DC75ABC625114B

C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014
Ran by Alan at 2014-10-18 02:00:15
Running from e:\
Boot Mode: Safe Mode (minimal)
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Agent Ransack x64 (HKLM\...\{58C0AC50-8FA1-4A95-AEC6-5B2727E5CC6A}) (Version: 7.0.820.1 - Mythicsoft Ltd)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{2748FDE2-7BA8-1D20-11A2-FF01CEB009A5}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.2.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Beyond Compare Version 2.5 (HKLM-x32\...\BC2_is1) (Version:  - Scooter Software)
BluFab 9.1.3.5 (17/03/2014) (HKLM-x32\...\BluFab 9_is1) (Version:  - BluFab Software Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.5.3200 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.196.16 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Classic Shell (HKLM\...\{FEA1590B-540A-41FC-A95C-664493C82A21}) (Version: 3.6.8 - IvoSoft)
CoffeeCup HTML Editor (HKLM-x32\...\CoffeeCup HTML Editor) (Version:  - )
CompuPic Pro (HKLM-x32\...\CompuPic Pro) (Version:  - )
CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.4131_47226 - CyberLink Corp.)
CyberLink MediaEspresso 6.7 (x32 Version: 6.7.4131_47226 - CyberLink Corp.) Hidden
CyberLink PowerDVD 13 (HKLM-x32\...\InstallShield_{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}) (Version: 13.0.3919.58 - CyberLink Corp.)
CyberLink PowerDVD 13 (x32 Version: 13.0.3919.58 - CyberLink Corp.) Hidden
CyberPower PowerPanel Personal Edition 1.3.3 (HKLM-x32\...\{972F23F4-F293-4074-853D-125A59EB356D}) (Version: 1.3.3 - Cyber Power Systems, Inc.)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 3 - Illustrate)
dBpoweramp FLAC Codec (HKLM-x32\...\dBpoweramp FLAC Codec) (Version: Release 14 (FLAC 1.2.1) - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 13 - Illustrate)
dBpoweramp Ogg Vorbis aoTuV Encoder (HKLM-x32\...\dBpoweramp Ogg Vorbis aoTuV Encoder) (Version: R6 aoTuV b6.03 - Illustrate)
dBpoweramp Ogg Vorbis Codec (HKLM-x32\...\dBpoweramp Ogg Vorbis Codec) (Version: Release 22 (Vorbis v1.3.3) - Illustrate)
dBpoweramp Windows Media Audio 10 Codec (HKLM-x32\...\dBpoweramp Windows Media Audio 10 Codec) (Version: Release 7 - Illustrate)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9719DFA1-7CB0-422E-98AE-C77FD3426BE8}) (Version:  - Microsoft)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
DriverMax 7 (HKLM-x32\...\DMX5_is1) (Version: 7.21.0.141 - Innovative Solutions)
DVDFab 9.1.6.8 (13/09/2014) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Forté Agent (HKLM-x32\...\Forte Agent) (Version:  - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.3.815 - Foxit Corporation)
GrabIt 1.7.2 Beta 6 (build 1008) (HKLM-x32\...\GrabIt_is1) (Version:  - Ilan Shemes)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Network Connections 17.3.63.0 (HKLM\...\PROSetDX) (Version: 17.3.63.0 - Intel)
Intel® Network Connections 17.3.63.0 (Version: 17.3.63.0 - Intel) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Ipswitch WS_FTP Pro (HKLM-x32\...\WS_FTP Pro) (Version:  - )
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
K-Lite Mega Codec Pack 10.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.0 - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1014 - Marvell)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)
Network Time Protocol (HKLM-x32\...\NTP) (Version: 4.2.6p5@london-o-lpv - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.7 - Power Software Ltd)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{8260F0BF-F234-41FC-AB11-218A9925F77B}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{7A4AB8E1-C091-4BD3-B308-844BA6EE752A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{DF1B7B95-4A86-4605-A628-556394B5580A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{3033838D-15E0-4199-8CBD-A7F2057AE653}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881039) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C675FC43-E413-49A7-B3DC-44967B4FE22D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881081) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{3BE27413-9FFE-4AB1-9013-344E111E718F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{39D9DAC1-16A7-430A-B2F3-4D3D000454D0}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{18C53DCB-FA98-4A7B-BC2E-6DA30D4E4901}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUSR_{6E2862B8-C10A-4FD0-9B82-8D9761301AAA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CC0535B0-340B-4740-A63D-DBBE389DC83A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CC0535B0-340B-4740-A63D-DBBE389DC83A}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2837632) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{97183E08-6B06-40F1-80A9-585C4AEF98F1}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.3200 - Broadcom Corporation)
WinHTTrack Website Copier 3.47-27 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.47.27 - HTTrack)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

01-10-2014 23:53:59 Windows Update
09-10-2014 22:35:39 Scheduled Checkpoint
16-10-2014 23:13:43 Installed Java 7 Update 71

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-24 16:26 - 2014-09-21 14:53 - 01766795 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.securepics.ebaystatic.com
127.0.0.1 securepics.ebaystatic.com
127.0.0.1 hdxsx.com
127.0.0.1 www.hd-adult.com
127.0.0.1 hd-adult.com
127.0.0.1 www.zbporn.com
127.0.0.1 zbporn.com
127.0.0.1 www.0dayporno.com
127.0.0.1 0dayporno.com
127.0.0.1 vegasmovs.com
127.0.0.1 pornodeldia.blogspot.com
127.0.0.1 www.forhertube.com
127.0.0.1 forhertube.com
127.0.0.1 adultscanner.com
127.0.0.1 sextubez.xxx
127.0.0.1 www.myvidster.com
127.0.0.1 myvidster.com
127.0.0.1 pornstube8.com
127.0.0.1 www.flyflv.com
127.0.0.1 flyflv.com
127.0.0.1 www.propercensored.com
127.0.0.1 propercensored.com
127.0.0.1 www.bigtitavenue.com
127.0.0.1 bigtitavenue.com
127.0.0.1 www.hotshame.com
127.0.0.1 hotshame.com
127.0.0.1 www.pornalized.com
127.0.0.1 pornalized.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0760E4EF-AE49-434D-8F00-670EC8DFF085} - System32\Tasks\{D0DDE195-AFFB-4398-A698-F3F9060C5CB9} => F:\ARCADE\TRIPEAKS.EXE [1991-09-11] ()
Task: {10A07D98-F02D-4FE0-AD1C-38CBBCDAEAE7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {1A27480A-1F8A-4D8C-8AFE-4919170E22AC} - System32\Tasks\{2F2BBA6A-1E04-44D3-A373-418854F769E0} => F:\ARCADE\TRIPEAKS.EXE [1991-09-11] ()
Task: {2DF4A695-E829-4335-9E4F-5E67BF98234E} - System32\Tasks\DeviceDetector => F:\Program Files\CyberLink\MediaEspresso\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-05-31] (CyberLink)
Task: {3F8A452E-99BF-49DF-85B8-BCE1BADBD583} - System32\Tasks\{837E4EDA-0168-4EBE-86E5-92B2403B2877} => F:\ARCADE\TRIPEAKS.EXE [1991-09-11] ()
Task: {401D238C-503F-4443-AF79-60D8C731516D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {42CC65D5-5027-40D5-9A02-461608D40369} - System32\Tasks\{1FF45E89-BCF0-41C1-BB00-95E7A6B64334} => F:\ARCADE\TRIPEAKS.EXE [1991-09-11] ()
Task: {4ABDC547-9D06-444F-B036-32C86999FE46} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {6F499B2C-21B4-44BF-B557-CA662F307A4C} - System32\Tasks\{7302546D-CD6D-46AD-9AA4-725FC1D375BC} => F:\ARCADE\TRIPEAKS.EXE [1991-09-11] ()
Task: {85AA7A6A-666F-4263-85E6-B336828285A4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {88592EB0-27EC-47CF-8663-8E82FB6A8CF4} - System32\Tasks\{CB29CC7E-58CB-41BC-8FD8-1AC557F43C39} => F:\ARCADE\TRIPEAKS.EXE [1991-09-11] ()
Task: {D41236AD-6D4D-48D4-8BBC-71171C4C8857} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {D8483B64-38FD-4CE2-A013-40B085C4A434} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {DAC24191-65EE-4996-90BB-CB6EE70403A9} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {E0DB64AB-21B7-41A8-9950-371D9024A1CF} - System32\Tasks\{839C466A-7428-46BC-8BE9-B36F7EB4E934} => F:\ARCADE\TRIPEAKS.EXE [1991-09-11] ()
Task: {E6760A14-E266-4166-AB53-74900ADF173E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)

 

Link to post
Share on other sites

Hello mailalan, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page. 
     

======================================================
 
Rather than work in Safe Mode, we can enter the Recovery Environment where the malware cannot load. 
 
Note: You require access to a clean PC and USB drive
 
STEP 1
ypeNg1J.png Panda USB Vaccine

  • Using a clean PC, please download Panda USB Vaccine and save the file to your Desktop.
  • Double-click USBVaccineSetup.exe to install the programme.
  • Read and accept the license agreement, then click Next.
  • Upon completion of the setup, ensure Launch Panda USB Vaccine is checked and click Finish.
  • Click the Vaccinate Computer button. It should now show a green checkmark and confirm Computer vaccinated
  • Hold down the Shift key on your keyboard and insert your USB flash/external drive.
  • When the name of the drive appears in the Panda USB Vaccine dialog box, click the Vaccinate USB drive(s) button.
  • Exit the programme when done.

-- Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.
 
 
STEP 2
xlK5Hdb.png FRST Recovery Environment Scan


Note: Please print off these instructions, or ensure you have access to them using a different device.

  • Insert your USB drive into your clean PC.
  • Please download Farbar Recovery Scan Tool (x64) to your USB drive using your clean PC.
  • Insert the USB drive into the infected PC
  • Enter the Recovery Environment by choosing one of the options below. 
     

Option #1: Enter Recovery Environment (Windows 7/Vista)

  • Restart the infected computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select your the keyboard language settings, and then click Next.
  • Select the operating system you wish to repair, and then click Next.
  • Select your user account, and then click Next.
     

Option #2: Enter Recovery Environment (Windows Installation Disc)

  • Insert your Windows installation disc.
  • Restart your computer.
  • Configure your infected PC to boot from CD/DVD. Instructions on how to do this can be found here.
  • If prompted, press any key to start Windows from the installation disc.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the Operating System you want to repair, and then click Next.
  • Select your user account, and then click Next.
     

Advanced Boot Options Menu

  • Select Command Prompt.
  • In the command window type notepad and press Enter on your keyboard.
  • Notepad will open. Click File followed by Open
  • Click Computer, write down your USB drive letter on a piece of paper and close Notepad.
  • Type: x:\frst64.exe in the command window. 
    • Note: Replace letter x with the drive letter of your USB drive you wrote down earlier.
  • Press Enter on your keyboard. The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Click Scan.
  • A log (FRST.txt) will be saved to your USB drive. Proceed with STEP 3 before exiting FRST and the Recovery Environment.
     

STEP 3
xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Search

  • Return to FRST. Type the following text into the Search: textbox:
    User32.dll
  • Click on the Search File(s) button.
  • Upon completion, a log (Search.txt) will be saved to your USB drive.
  • Remove your USB drive and insert into your clean PC
  • Using your clean PC, open Windows Explorer and navigate to your USB drive. Copy the contents of both FRST.txt and Search.txt and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Search.txt
Link to post
Share on other sites

Hi Adam, Thank you very much for your help! My name is Alan. I have followed your instructions and pasted the logs below:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-10-2014 01
Ran by SYSTEM on MININT-32N177H on 18-10-2014 08:39:43
Running from g:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-05] (Realtek Semiconductor)
HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [7144960 2013-08-02] (Broadcom Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [151552 2013-06-29] (IvoSoft)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [AVP] => "F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\avp.exe"
HKLM-x32\...\Run: [PowerDVD13Agent] => "F:\Program Files\CyberLink\PowerDVD13\PowerDVD13\PowerDVD13Agent.exe"
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => "F:\iTunes\iTunesHelper.exe"
HKLM-x32\...\Run: [Dimension4] => F:\Program Files\Dimension 4\D4.exe
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => F:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-27] (DivX, LLC)
HKLM-x32\...\Run: [QuickTime Task] => "F:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\Alan\...\Run: [DriverMax_RESTART] => "F:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -RESTART
HKU\Alan\...\Run: [AnyDVD] => "F:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
S2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5834752 2013-08-02] (Broadcom Corporation)
S2 AVP; "F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\avp.exe" -r [X]
S2 CyberLink PowerDVD 13 Media Server Monitor Service; "F:\Program Files\CyberLink\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe" [X]
S2 CyberLink PowerDVD 13 Media Server Service; "F:\Program Files\CyberLink\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe" [X]
S2 Dimension4; F:\Program Files\Dimension 4\D4.exe [X]
S2 FoxitCloudUpdateService; F:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [X]
S2 MBAMScheduler; "F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [X]
S2 NTP; F:\Program Files\NTP\bin\ntpd.exe -U 3 -M -g -c "F:\Program Files\NTP\etc\ntp.conf"
S2 ppped; "F:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe" [X]
S2 ScsiAccess; F:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
S3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-02] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-20] (Broadcom Corporation.)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-10] (Kaspersky Lab ZAO)
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-10] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-08-04] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-02] (Kaspersky Lab ZAO)
S1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-10-17] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; \??\F:\Program Files\CyberLink\PowerDVD13\PowerDVD13\Common\NavFilter\000.fcl [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-18 01:48 - 2014-10-17 22:00 - 00000000 ____D () C:\FRST
2014-10-17 21:32 - 2014-10-17 21:32 - 00037624 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-10-17 21:32 - 2014-10-17 21:32 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-17 21:23 - 2014-10-17 21:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-17 19:24 - 2014-10-17 19:24 - 00000000 ____D () C:\ProgramData\F-Secure
2014-10-17 17:30 - 2014-10-17 18:10 - 00000000 ___HD () C:\Users\Public\Documents\Report
2014-10-17 15:47 - 2014-10-17 15:47 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-10-17 12:19 - 2014-10-17 12:19 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\21769
2014-10-16 15:14 - 2014-10-16 15:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-30 14:03 - 2014-09-30 14:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\17B81A7D.sys
2014-09-30 13:35 - 2014-09-24 18:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2014-09-30 13:35 - 2014-09-24 17:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-26 19:30 - 2014-09-26 19:30 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\13841
2014-09-26 19:28 - 2014-09-26 19:28 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\13452
2014-09-24 15:38 - 2014-10-17 19:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 14:10 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDYAK.DLL
2014-09-24 14:10 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDTAT.DLL
2014-09-24 14:10 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDRU1.DLL
2014-09-24 14:10 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDBASH.DLL
2014-09-24 14:10 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\KBDRU.DLL
2014-09-24 14:10 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-24 14:10 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-24 14:10 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-24 14:10 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-24 14:10 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-24 14:10 - 2014-07-08 14:38 - 00419992 _____ () C:\Windows\System32\locale.nls
2014-09-24 14:10 - 2014-07-08 14:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-23 12:06 - 2014-09-09 14:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-09-23 12:06 - 2014-09-09 13:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-20 17:12 - 2014-09-20 17:12 - 00000000 ____D () C:\Users\Public\Foxit Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-17 22:02 - 2009-07-13 21:13 - 00782110 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-10-17 21:29 - 2014-04-10 14:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-10-17 21:29 - 2013-08-02 16:37 - 01298432 _____ () C:\Windows\WindowsUpdate.log
2014-10-17 21:29 - 2009-07-13 20:45 - 00022064 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-17 21:29 - 2009-07-13 20:45 - 00022064 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-17 21:25 - 2013-08-04 11:33 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-17 21:24 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-17 21:24 - 2009-07-13 20:51 - 00067152 _____ () C:\Windows\setupact.log
2014-10-17 19:15 - 2013-09-08 08:19 - 00000000 ____D () C:\users\ntp
2014-10-17 19:14 - 2013-08-14 13:01 - 00000000 ____D () C:\Users\Alan\AppData\Local\Cyberlink SoftDMA
2014-10-17 19:14 - 2013-08-04 16:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-17 19:14 - 2013-08-02 16:37 - 00000000 ____D () C:\users\Alan
2014-10-17 19:14 - 2011-04-12 00:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-17 19:14 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-10-17 19:14 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-17 19:14 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-10-17 19:13 - 2013-08-26 15:36 - 00000000 __RHD () C:\MSOCache
2014-10-17 19:13 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-10-17 17:22 - 2013-08-17 09:58 - 00000000 ____D () C:\Users\Alan\AppData\Local\QuickPar
2014-10-16 15:14 - 2013-09-10 17:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-04 05:36 - 2009-07-13 21:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-26 11:54 - 2009-07-13 20:45 - 00445400 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-09-25 13:16 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache

Some content of TEMP:
====================
C:\Users\Alan\AppData\Local\Temp\AskSLib.dll
C:\Users\Alan\AppData\Local\Temp\Checkupdate.exe
C:\Users\Alan\AppData\Local\Temp\COMAP.EXE
C:\Users\Alan\AppData\Local\Temp\DivXSetup.exe
C:\Users\Alan\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Alan\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Alan\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Alan\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Alan\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Alan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Alan\AppData\Local\Temp\mpegc.dll
C:\Users\Alan\AppData\Local\Temp\nsbB49.tmp.exe
C:\Users\Alan\AppData\Local\Temp\nso4B26.tmp.exe
C:\Users\Alan\AppData\Local\Temp\ose00000.exe
C:\Users\Alan\AppData\Local\Temp\safeguard.exe
C:\Users\Alan\AppData\Local\Temp\tmp2589.exe
C:\Users\Alan\AppData\Local\Temp\vlc-2.1.2-win64.exe
C:\Users\Alan\AppData\Local\Temp\_isA581.exe
C:\Users\Alan\AppData\Local\Temp\_isC985.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll
[2010-11-20 19:24] - [2014-03-04 01:16] - 0867840 ____A (Microsoft Corporation) 5CAEE8D557275CF5B5DC75ABC625114B

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-10-01 15:54:05
Restore point made on: 2014-10-09 14:35:45
Restore point made on: 2014-10-16 15:13:48

==================== Memory info ===========================

Percentage of memory in use: 5%
Total physical RAM: 32707.95 MB
Available physical RAM: 30869.94 MB
Total Pagefile: 32706.15 MB
Available Pagefile: 30855.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:169.3 GB) NTFS
Drive d: (Data Drive) (Fixed) (Total:3725.9 GB) (Free:504.26 GB) NTFS
Drive g: () (Removable) (Total:7.52 GB) (Free:7.51 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 1C03F516)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3726 GB) (Disk ID: 1BA9D433)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)

LastRegBack: 2014-10-16 13:28

==================== End Of Log ============================

Farbar Recovery Scan Tool (x64) Version: 18-10-2014 01
Ran by SYSTEM at 2014-10-18 08:41:57
Running from g:\
Boot Mode: Recovery

================== Search Files: "User32.dll" =============

C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010-11-20 19:24][2010-11-20 19:24] 0833024 ____A (Microsoft Corporation) 5E0DB2D8B2750543CD2EBB9EA8E6CDD3

C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[2010-11-20 19:24][2010-11-20 19:24] 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B

C:\Windows\SysWOW64\user32.dll
[2010-11-20 19:24][2014-03-04 01:16] 0867840 ____A (Microsoft Corporation) 5CAEE8D557275CF5B5DC75ABC625114B

C:\Windows\System32\user32.dll
[2010-11-20 19:24][2010-11-20 19:24] 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B

X:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[2010-11-20 01:50][2010-11-20 05:27] 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B

X:\Windows\System32\user32.dll
[2010-11-20 01:50][2010-11-20 05:27] 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B

====== End Of Search ======

Link to post
Share on other sites

Hello Alan, 

 

Please do the following, and attempt to boot into Windows normally once done. 

 

xlK5Hdb.png FRST Recovery Environment Script

  • Using your clean PC, press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start2014-10-17 12:19 - 2014-10-17 12:19 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\217692014-09-26 19:30 - 2014-09-26 19:30 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\138412014-09-26 19:28 - 2014-09-26 19:28 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\13452C:\Users\Alan\AppData\Local\Temp\AskSLib.dllC:\Users\Alan\AppData\Local\Temp\Checkupdate.exeC:\Users\Alan\AppData\Local\Temp\COMAP.EXEC:\Users\Alan\AppData\Local\Temp\DivXSetup.exeC:\Users\Alan\AppData\Local\Temp\dllnt_dump.dllC:\Users\Alan\AppData\Local\Temp\Foxit Reader Updater.exeC:\Users\Alan\AppData\Local\Temp\Foxit Updater.exeC:\Users\Alan\AppData\Local\Temp\gcapi_dll.dllC:\Users\Alan\AppData\Local\Temp\gtapi_signed.dllC:\Users\Alan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\Alan\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exeC:\Users\Alan\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exeC:\Users\Alan\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exeC:\Users\Alan\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exeC:\Users\Alan\AppData\Local\Temp\mpegc.dllC:\Users\Alan\AppData\Local\Temp\nsbB49.tmp.exeC:\Users\Alan\AppData\Local\Temp\nso4B26.tmp.exeC:\Users\Alan\AppData\Local\Temp\ose00000.exeC:\Users\Alan\AppData\Local\Temp\safeguard.exeC:\Users\Alan\AppData\Local\Temp\tmp2589.exeC:\Users\Alan\AppData\Local\Temp\vlc-2.1.2-win64.exeC:\Users\Alan\AppData\Local\Temp\_isA581.exeC:\Users\Alan\AppData\Local\Temp\_isC985.exeFolder: C:\Users\Public\Documents\ReportReplace: C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll C:\Windows\SysWOW64\User32.dllend
  • Click FileSave As and type fixlist.txt as the File Name.
  • Save the file to your USB drive.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Enter the Recovery Environment just as you did before.
  • Run FRST just as you did before.
  • Click the Fix button once.
  • A log (Fixlog.txt) will be created on your USB drive.
  • Attempt to boot normally into Windows. Does the PC boot normally?
  • Copy the contents of Fixlog.txt and paste in your next reply (either using the infected PC or clean PC).
Link to post
Share on other sites

Hi Adam, Thank you very much for the fixlist. I followed your instructions and the fixlog is pasted below.

 

When I attempted to boot normally I got two error messages saying that the applications Drivermax.exe and AnyDVD.exe could not load. I also noticed that Malwarebytes Pro and Kaspersky antivirus did not start. I tried to open internet explorer and a window would open for a moment and then just close. So I cannot open Internet Explorer. So the PC boots up but is not working normally.

 

Alan

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-10-2014 01
Ran by SYSTEM at 2014-10-18 17:21:11 Run:1
Running from g:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
start
2014-10-17 12:19 - 2014-10-17 12:19 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\21769
2014-09-26 19:30 - 2014-09-26 19:30 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\13841
2014-09-26 19:28 - 2014-09-26 19:28 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\13452
C:\Users\Alan\AppData\Local\Temp\AskSLib.dll
C:\Users\Alan\AppData\Local\Temp\Checkupdate.exe
C:\Users\Alan\AppData\Local\Temp\COMAP.EXE
C:\Users\Alan\AppData\Local\Temp\DivXSetup.exe
C:\Users\Alan\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Alan\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Alan\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Alan\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Alan\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Alan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Alan\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Alan\AppData\Local\Temp\mpegc.dll
C:\Users\Alan\AppData\Local\Temp\nsbB49.tmp.exe
C:\Users\Alan\AppData\Local\Temp\nso4B26.tmp.exe
C:\Users\Alan\AppData\Local\Temp\ose00000.exe
C:\Users\Alan\AppData\Local\Temp\safeguard.exe
C:\Users\Alan\AppData\Local\Temp\tmp2589.exe
C:\Users\Alan\AppData\Local\Temp\vlc-2.1.2-win64.exe
C:\Users\Alan\AppData\Local\Temp\_isA581.exe
C:\Users\Alan\AppData\Local\Temp\_isC985.exe
Folder: C:\Users\Public\Documents\Report
Replace: C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll C:\Windows\SysWOW64\User32.dll
end
*****************

C:\Users\Alan\AppData\Roaming\21769 => Moved successfully.
C:\Users\Alan\AppData\Roaming\13841 => Moved successfully.
C:\Users\Alan\AppData\Roaming\13452 => Moved successfully.
C:\Users\Alan\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\Alan\AppData\Local\Temp\Checkupdate.exe => Moved successfully.
C:\Users\Alan\AppData\Local\Temp\COMAP.EXE => Moved successfully.
C:\Users\Alan\AppData\Local\Temp\DivXSetup.exe => Moved successfully.
C:\Users\Alan\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Alan\AppData\Local\Temp\Foxit Reader Updater.exe => Moved successfully.
C:\Users\Alan\AppData\Local\Temp\Foxit Updater.exe => Moved successfully.
C:\Users\Alan\AppData\Local\Temp\gcapi_dll.dll => Moved successfully.
C:\Users\Alan\AppData\Local\Temp\gtapi_signed.dll => Moved successfully.
C:\Users\Alan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Alan\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\Alan\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
C:\Users\Alan\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Alan\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe => Moved successfully.
C:\Users\Alan\AppData\Local\Temp\mpegc.dll => Moved successfully.
C:\Users\Alan\AppData\Local\Temp\nsbB49.tmp.exe => Moved successfully.
C:\Users\Alan\AppData\Local\Temp\nso4B26.tmp.exe => Moved successfully.
C:\Users\Alan\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Alan\AppData\Local\Temp\safeguard.exe => Moved successfully.
C:\Users\Alan\AppData\Local\Temp\tmp2589.exe => Moved successfully.
C:\Users\Alan\AppData\Local\Temp\vlc-2.1.2-win64.exe => Moved successfully.
C:\Users\Alan\AppData\Local\Temp\_isA581.exe => Moved successfully.
C:\Users\Alan\AppData\Local\Temp\_isC985.exe => Moved successfully.

========================= Folder: C:\Users\Public\Documents\Report ========================

2014-10-17 18:10 - 2014-10-17 22:02 - 0003265 _____ () C:\Users\Public\Documents\Report\index.html
2014-10-17 18:10 - 2014-10-17 18:10 - 0456782 _____ () C:\Users\Public\Documents\Report\pic.jpg

====== End of Folder: ======

C:\Windows\SysWOW64\User32.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll copied successfully to C:\Windows\SysWOW64\User32.dll

==== End of Fixlog ====

Link to post
Share on other sites

Hello, 

 

Your FRST RE log indicates those programmes are damaged.

I need to see a complete set of logs, so please do the following.  

 

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
Link to post
Share on other sites

When I right clicked and chose "run as administrator" the program window was blank at first and the title bar said "not responding". When it did eventually come up I clicked scan and during the scan I got a popup that said "mod_frst.ext - Application Error" and "unable to start correctly". The scan did finish however and the two resulting logs are posted below:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-10-2014 01
Ran by Alan (administrator) on ALANS_COMPUTER on 18-10-2014 17:46:37
Running from F:\Users\Alan\Desktop
Loaded Profile: Alan (Available profiles: Alan & ntp)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(CyberLink) F:\Program Files\CyberLink\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() F:\Program Files\Photodex\CompuPicPro\scsiaccess.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-06] (Realtek Semiconductor)
HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [7144960 2013-08-02] (Broadcom Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [151552 2013-06-29] (IvoSoft)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [AVP] => F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [PowerDVD13Agent] => F:\Program Files\CyberLink\PowerDVD13\PowerDVD13\PowerDVD13Agent.exe [517144 2014-03-26] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => F:\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [Dimension4] => F:\Program Files\Dimension 4\D4.exe
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => F:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe [350144 2012-03-27] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC)
HKLM-x32\...\Run: [QuickTime Task] => F:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3833325554-700451505-2708980065-1000\...\Run: [DriverMax_RESTART] => F:\Program Files\Innovative Solutions\DriverMax\drivermax.exe [7328632 2013-10-28] (Innovative Solutions)
HKU\S-1-5-21-3833325554-700451505-2708980065-1000\...\Run: [AnyDVD] => F:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-10-01] (SlySoft, Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/advanced_search
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> F:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> F:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> F:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> F:\Program Files\Java\jre7\bin\ssv.dll No File
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> F:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default
FF Homepage: hxxp://www.google.com/advanced_search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> F:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> F:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> F:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> F:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> F:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> F:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> F:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: EPUBReader - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-08-23]
FF Extension: Anti-Porn Pro - The Best Anti-Porn Addon! - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\azhang@cloudacl.com.xpi [2014-07-02]
FF Extension: Classic Theme Restorer - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-02]
FF Extension: Classic Toolbar Buttons - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\CSTBB@NArisT2_Noia4dev.xpi [2014-05-02]
FF Extension: Ghostery - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\firefox@ghostery.com.xpi [2013-08-17]
FF Extension: Qute 5++ - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\Qute5pp@magicp.jp.xpi [2014-06-29]
FF Extension: Simple White - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\Simple@White.Theme.xpi [2014-06-29]
FF Extension: Status-4-Evar - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\status4evar@caligonstudios.com.xpi [2013-08-14]
FF Extension: Tangofox about:home - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\tangofox-abouthome@haven667.xpi [2014-08-02]
FF Extension: Tangofox PDF.js - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\tangofox-pdf.js@haven667.xpi [2014-08-02]
FF Extension: Tangofox - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\Tangofox@haven667.xpi [2014-06-29]
FF Extension: Troubleshooter - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\troubleshooter@mozilla.org.xpi [2014-05-02]
FF Extension: LittleFox - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}.xpi [2014-06-29]
FF Extension: Stylish - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-05-03]
FF Extension: oldbar - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}.xpi [2014-05-03]
FF Extension: New Tab Homepage - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2014-05-03]
FF Extension: Switch to Tab no more - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\{7edcdfc0-3056-11e0-91fa-0800200c9a66}.xpi [2014-03-03]
FF Extension: Adblock Plus - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-14]
FF Extension: Tab Mix Plus - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-08-14]
FF Extension: Firefox 2, the theme, reloaded - F:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\sd33hcoo.default\Extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}.xpi [2013-08-14]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\FFExt\url_advisor@kaspersky.com [2013-08-04]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\FFExt\virtual_keyboard@kaspersky.com [2013-08-04]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\FFExt\content_blocker@kaspersky.com [2013-08-04]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\FFExt\anti_banner@kaspersky.com [2013-08-04]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\FFExt\online_banking@kaspersky.com [2013-08-04]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\ChromeExt\urladvisor.crx [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\ChromeExt\online_banking_chrome.crx [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\ChromeExt\content_blocker_chrome.crx [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\ChromeExt\virtkbd.crx [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\ChromeExt\ab.crx [2013-05-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
S2 AVP; F:\Documents and Settings\All Users\Application Data\Kaspersky Lab\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 CyberLink PowerDVD 13 Media Server Monitor Service; F:\Program Files\CyberLink\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2014-03-26] (CyberLink)
S2 CyberLink PowerDVD 13 Media Server Service; F:\Program Files\CyberLink\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [327432 2014-03-26] (CyberLink)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc)
S2 FoxitCloudUpdateService; F:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMScheduler; F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 NTP; F:\Program Files\NTP\bin\ntpd.exe [573840 2012-08-15] ()
S2 ppped; F:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe [1013696 2012-03-27] (Cyber Power Systems, Inc.)
R2 ScsiAccess; F:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe [181312 2013-08-04] () [File not signed]
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5834752 2013-08-02] (Broadcom Corporation) [File not signed]
S2 Dimension4; F:\Program Files\Dimension 4\D4.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-03] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-20] (Broadcom Corporation.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-08-04] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-02] (Kaspersky Lab ZAO)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-10-18] ()
U5 UnlockerDriver5; F:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; F:\Program Files\CyberLink\PowerDVD13\PowerDVD13\Common\NavFilter\000.fcl [32456 2014-03-26] (CyberLink Corp.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-18 17:22 - 2014-10-18 17:22 - 00000000 _____ () C:\Windows\SysWOW64\Trace.log
2014-10-18 05:48 - 2014-10-18 17:46 - 00000000 ____D () C:\FRST
2014-10-18 01:32 - 2014-10-18 01:32 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-18 01:32 - 2014-10-18 01:32 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-18 01:23 - 2014-10-18 01:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-17 23:24 - 2014-10-17 23:24 - 00000000 ____D () C:\ProgramData\F-Secure
2014-10-17 19:47 - 2014-10-17 19:47 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-10-16 19:14 - 2014-10-16 19:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-30 18:03 - 2014-09-30 18:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\17B81A7D.sys
2014-09-30 17:35 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 17:35 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-24 19:38 - 2014-10-17 23:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 18:10 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-24 18:10 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-24 18:10 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-24 18:10 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-24 18:10 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-24 18:10 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-24 18:10 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-24 18:10 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-24 18:10 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-24 18:10 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-24 18:10 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-24 18:10 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-23 16:06 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 16:06 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-20 21:12 - 2014-09-20 21:12 - 00000000 ____D () C:\Users\Public\Foxit Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-18 17:44 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-18 17:44 - 2009-07-14 00:51 - 00067264 _____ () C:\Windows\setupact.log
2014-10-18 17:31 - 2013-08-02 20:37 - 01307076 _____ () C:\Windows\WindowsUpdate.log
2014-10-18 17:30 - 2009-07-14 00:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-18 17:30 - 2009-07-14 00:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-18 17:26 - 2009-07-14 01:13 - 00782110 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-18 01:29 - 2014-04-10 18:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-18 01:25 - 2013-08-04 15:33 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-17 23:15 - 2013-09-08 12:19 - 00000000 ____D () C:\Users\ntp
2014-10-17 23:14 - 2014-08-09 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-17 23:14 - 2013-08-14 17:01 - 00000000 ____D () C:\Users\Alan\AppData\Local\Cyberlink SoftDMA
2014-10-17 23:14 - 2013-08-04 20:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-17 23:14 - 2013-08-02 20:37 - 00000000 ____D () C:\Users\Alan
2014-10-17 23:14 - 2011-04-12 04:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-17 23:14 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-17 23:14 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-17 23:14 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-10-17 23:13 - 2013-08-26 19:36 - 00000000 __RHD () C:\MSOCache
2014-10-17 23:13 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-10-17 21:22 - 2013-08-17 13:58 - 00000000 ____D () C:\Users\Alan\AppData\Local\QuickPar
2014-10-16 19:14 - 2013-09-10 21:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-04 09:36 - 2009-07-14 01:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-26 15:54 - 2009-07-14 00:45 - 00445400 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-25 17:16 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 17:28

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2014 01
Ran by Alan at 2014-10-18 17:46:56
Running from F:\Users\Alan\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Agent Ransack x64 (HKLM\...\{58C0AC50-8FA1-4A95-AEC6-5B2727E5CC6A}) (Version: 7.0.820.1 - Mythicsoft Ltd)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{2748FDE2-7BA8-1D20-11A2-FF01CEB009A5}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.2.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Beyond Compare Version 2.5 (HKLM-x32\...\BC2_is1) (Version:  - Scooter Software)
BluFab 9.1.3.5 (17/03/2014) (HKLM-x32\...\BluFab 9_is1) (Version:  - BluFab Software Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.5.3200 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.196.16 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Classic Shell (HKLM\...\{FEA1590B-540A-41FC-A95C-664493C82A21}) (Version: 3.6.8 - IvoSoft)
CoffeeCup HTML Editor (HKLM-x32\...\CoffeeCup HTML Editor) (Version:  - )
CompuPic Pro (HKLM-x32\...\CompuPic Pro) (Version:  - )
CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.4131_47226 - CyberLink Corp.)
CyberLink MediaEspresso 6.7 (x32 Version: 6.7.4131_47226 - CyberLink Corp.) Hidden
CyberLink PowerDVD 13 (HKLM-x32\...\InstallShield_{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}) (Version: 13.0.3919.58 - CyberLink Corp.)
CyberLink PowerDVD 13 (x32 Version: 13.0.3919.58 - CyberLink Corp.) Hidden
CyberPower PowerPanel Personal Edition 1.3.3 (HKLM-x32\...\{972F23F4-F293-4074-853D-125A59EB356D}) (Version: 1.3.3 - Cyber Power Systems, Inc.)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 3 - Illustrate)
dBpoweramp FLAC Codec (HKLM-x32\...\dBpoweramp FLAC Codec) (Version: Release 14 (FLAC 1.2.1) - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 13 - Illustrate)
dBpoweramp Ogg Vorbis aoTuV Encoder (HKLM-x32\...\dBpoweramp Ogg Vorbis aoTuV Encoder) (Version: R6 aoTuV b6.03 - Illustrate)
dBpoweramp Ogg Vorbis Codec (HKLM-x32\...\dBpoweramp Ogg Vorbis Codec) (Version: Release 22 (Vorbis v1.3.3) - Illustrate)
dBpoweramp Windows Media Audio 10 Codec (HKLM-x32\...\dBpoweramp Windows Media Audio 10 Codec) (Version: Release 7 - Illustrate)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9719DFA1-7CB0-422E-98AE-C77FD3426BE8}) (Version:  - Microsoft)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
DriverMax 7 (HKLM-x32\...\DMX5_is1) (Version: 7.21.0.141 - Innovative Solutions)
DVDFab 9.1.6.8 (13/09/2014) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Forté Agent (HKLM-x32\...\Forte Agent) (Version:  - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.3.815 - Foxit Corporation)
GrabIt 1.7.2 Beta 6 (build 1008) (HKLM-x32\...\GrabIt_is1) (Version:  - Ilan Shemes)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Network Connections 17.3.63.0 (HKLM\...\PROSetDX) (Version: 17.3.63.0 - Intel)
Intel® Network Connections 17.3.63.0 (Version: 17.3.63.0 - Intel) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Ipswitch WS_FTP Pro (HKLM-x32\...\WS_FTP Pro) (Version:  - )
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
K-Lite Mega Codec Pack 10.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.0 - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1014 - Marvell)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)
Network Time Protocol (HKLM-x32\...\NTP) (Version: 4.2.6p5@london-o-lpv - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.7 - Power Software Ltd)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{8260F0BF-F234-41FC-AB11-218A9925F77B}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{7A4AB8E1-C091-4BD3-B308-844BA6EE752A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{DF1B7B95-4A86-4605-A628-556394B5580A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{3033838D-15E0-4199-8CBD-A7F2057AE653}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881039) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C675FC43-E413-49A7-B3DC-44967B4FE22D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881081) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{3BE27413-9FFE-4AB1-9013-344E111E718F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{39D9DAC1-16A7-430A-B2F3-4D3D000454D0}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{18C53DCB-FA98-4A7B-BC2E-6DA30D4E4901}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUSR_{6E2862B8-C10A-4FD0-9B82-8D9761301AAA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CC0535B0-340B-4740-A63D-DBBE389DC83A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CC0535B0-340B-4740-A63D-DBBE389DC83A}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2837632) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{97183E08-6B06-40F1-80A9-585C4AEF98F1}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.3200 - Broadcom Corporation)
WinHTTrack Website Copier 3.47-27 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.47.27 - HTTrack)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

01-10-2014 23:53:59 Windows Update
09-10-2014 22:35:39 Scheduled Checkpoint
16-10-2014 23:13:43 Installed Java 7 Update 71

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-24 16:26 - 2014-09-21 14:53 - 01766795 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.securepics.ebaystatic.com
127.0.0.1 securepics.ebaystatic.com
127.0.0.1 hdxsx.com
127.0.0.1 www.hd-adult.com
127.0.0.1 hd-adult.com
127.0.0.1 www.zbporn.com
127.0.0.1 zbporn.com
127.0.0.1 www.0dayporno.com
127.0.0.1 0dayporno.com
127.0.0.1 vegasmovs.com
127.0.0.1 pornodeldia.blogspot.com
127.0.0.1 www.forhertube.com
127.0.0.1 forhertube.com
127.0.0.1 adultscanner.com
127.0.0.1 sextubez.xxx
127.0.0.1 www.myvidster.com
127.0.0.1 myvidster.com
127.0.0.1 pornstube8.com
127.0.0.1 www.flyflv.com
127.0.0.1 flyflv.com
127.0.0.1 www.propercensored.com
127.0.0.1 propercensored.com
127.0.0.1 www.bigtitavenue.com
127.0.0.1 bigtitavenue.com
127.0.0.1 www.hotshame.com
127.0.0.1 hotshame.com
127.0.0.1 www.pornalized.com
127.0.0.1 pornalized.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0760E4EF-AE49-434D-8F00-670EC8DFF085} - System32\Tasks\{D0DDE195-AFFB-4398-A698-F3F9060C5CB9} => F:\ARCADE\TRIPEAKS.EXE [1991-09-11] ()
Task: {10A07D98-F02D-4FE0-AD1C-38CBBCDAEAE7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {1A27480A-1F8A-4D8C-8AFE-4919170E22AC} - System32\Tasks\{2F2BBA6A-1E04-44D3-A373-418854F769E0} => F:\ARCADE\TRIPEAKS.EXE [1991-09-11] ()
Task: {2DF4A695-E829-4335-9E4F-5E67BF98234E} - System32\Tasks\DeviceDetector => F:\Program Files\CyberLink\MediaEspresso\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-05-31] (CyberLink)
Task: {3F8A452E-99BF-49DF-85B8-BCE1BADBD583} - System32\Tasks\{837E4EDA-0168-4EBE-86E5-92B2403B2877} => F:\ARCADE\TRIPEAKS.EXE [1991-09-11] ()
Task: {401D238C-503F-4443-AF79-60D8C731516D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {42CC65D5-5027-40D5-9A02-461608D40369} - System32\Tasks\{1FF45E89-BCF0-41C1-BB00-95E7A6B64334} => F:\ARCADE\TRIPEAKS.EXE [1991-09-11] ()
Task: {4ABDC547-9D06-444F-B036-32C86999FE46} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {6F499B2C-21B4-44BF-B557-CA662F307A4C} - System32\Tasks\{7302546D-CD6D-46AD-9AA4-725FC1D375BC} => F:\ARCADE\TRIPEAKS.EXE [1991-09-11] ()
Task: {85AA7A6A-666F-4263-85E6-B336828285A4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {88592EB0-27EC-47CF-8663-8E82FB6A8CF4} - System32\Tasks\{CB29CC7E-58CB-41BC-8FD8-1AC557F43C39} => F:\ARCADE\TRIPEAKS.EXE [1991-09-11] ()
Task: {D41236AD-6D4D-48D4-8BBC-71171C4C8857} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {D8483B64-38FD-4CE2-A013-40B085C4A434} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {DAC24191-65EE-4996-90BB-CB6EE70403A9} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {E0DB64AB-21B7-41A8-9950-371D9024A1CF} - System32\Tasks\{839C466A-7428-46BC-8BE9-B36F7EB4E934} => F:\ARCADE\TRIPEAKS.EXE [1991-09-11] ()
Task: {E6760A14-E266-4166-AB53-74900ADF173E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)

==================== Loaded Modules (whitelisted) =============

2014-07-27 11:41 - 2014-07-27 11:41 - 08892576 _____ () F:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () F:\Program Files\Unlocker\UnlockerCOM.dll
2013-08-14 10:53 - 2005-12-01 18:29 - 00081408 _____ () F:\Program Files\Beyond Compare 2\BCShellEx64.dll
2013-08-04 16:27 - 2013-08-04 16:27 - 00181312 _____ () F:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3833325554-700451505-2708980065-500 - Administrator - Disabled)
Alan (S-1-5-21-3833325554-700451505-2708980065-1000 - Administrator - Enabled) => C:\Users\Alan
Guest (S-1-5-21-3833325554-700451505-2708980065-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3833325554-700451505-2708980065-1002 - Limited - Enabled)
ntp (S-1-5-21-3833325554-700451505-2708980065-1003 - Limited - Enabled) => C:\Users\ntp

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/18/2014 05:45:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2014 05:24:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2014 02:00:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2014 01:42:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2014 01:32:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2014 01:26:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2014 01:25:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ntpd.exe, version: 0.0.0.0, time stamp: 0x50165a39
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00001388
Faulting process id: 0x1380
Faulting application start time: 0xntpd.exe0
Faulting application path: ntpd.exe1
Faulting module path: ntpd.exe2
Report Id: ntpd.exe3

Error: (10/18/2014 01:25:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000095
Fault offset: 0x7efa26f4
Faulting process id: 0x978
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/18/2014 01:25:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iusb3mon.exe, version: 1.0.0.120, time stamp: 0x4fb9eda9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xc88
Faulting application start time: 0xiusb3mon.exe0
Faulting application path: iusb3mon.exe1
Faulting module path: iusb3mon.exe2
Report Id: iusb3mon.exe3

Error: (10/18/2014 00:10:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (10/18/2014 05:46:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Intel® Management and Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error:
%%1053

Error: (10/18/2014 05:46:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Management and Security Application Local Management Service service failed to start due to the following error:
%%1053

Error: (10/18/2014 05:46:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application Local Management Service service to connect.

Error: (10/18/2014 05:46:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Management and Security Application Local Management Service service failed to start due to the following error:
%%1053

Error: (10/18/2014 05:46:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application Local Management Service service to connect.

Error: (10/18/2014 05:46:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Rapid Storage Technology service failed to start due to the following error:
%%1053

Error: (10/18/2014 05:46:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.

Error: (10/18/2014 05:46:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

Error: (10/18/2014 05:44:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (10/18/2014 05:44:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {06622D85-6856-4460-8DE1-A81921B41C4B}

Microsoft Office Sessions:
=========================
Error: (10/18/2014 05:45:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2014 05:24:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2014 02:00:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2014 01:42:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2014 01:32:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2014 01:26:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2014 01:25:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ntpd.exe0.0.0.050165a39unknown0.0.0.000000000c000000500001388138001cfea93e7753f3aF:\Program Files\NTP\bin\ntpd.exeunknown2e3095cf-5687-11e4-8711-60a44c4e4152

Error: (10/18/2014 01:25:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000957efa26f497801cfea93dae97ae1C:\Windows\SysWoW64\svchost.exeunknown254436bc-5687-11e4-8711-60a44c4e4152

Error: (10/18/2014 01:25:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iusb3mon.exe1.0.0.1204fb9eda9unknown0.0.0.000000000c000000500000000c8801cfea93dcf2c83dC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeunknown23a02b2e-5687-11e4-8711-60a44c4e4152

Error: (10/18/2014 00:10:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2014-10-18 17:44:11.549
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-18 17:31:22.854
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-18 17:22:43.422
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-18 01:25:01.188
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-17 23:16:42.658
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-17 23:14:53.845
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-17 22:55:47.485
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-17 22:23:29.898
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-17 20:09:23.988
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-17 19:54:42.238
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 6%
Total physical RAM: 32707.95 MB
Available physical RAM: 30426.48 MB
Total Pagefile: 65414.09 MB
Available Pagefile: 63016.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:169.3 GB) NTFS
Drive e: () (Removable) (Total:7.52 GB) (Free:7.51 GB) FAT32
Drive f: (Data Drive) (Fixed) (Total:3725.9 GB) (Free:504.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 1C03F516)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3726 GB) (Disk ID: 1BA9D433)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)

==================== End Of Log ============================

Link to post
Share on other sites

I rebooted and got the same two error popups for Drivermax and AnyDVD.exe.

Malwarebytes Pro and Kaspersky do not load at startup as they should do.

I cannot open any program. Every program I try to open gives an error popup saying "The application failed to start correctly."

 

- Alan

Link to post
Share on other sites

OK. Nothing we've done thus far would be the cause of this issue. We've removed folders related to the ransomware/temp files and replaced the System File patched by the malware. 
 
It's possible the malware has caused issues not visible in your latest logs (which are clean), or there are issues unrelated to malware at hand. 
 
Lets start with the following, and see if these checks run. 
 
STEP 1
MgeHyNE.png CHKDSK

  • Note: If you have a Solid State Drive (SSD), do not run CHKDSK. Skip STEP 1, and proceed with STEP 2.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    @echo offcmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\chkdskquery.txt"notepad %userprofile%\Desktop\chkdskquery.txtdel %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file chkdsk.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate chkdsk.bat lmRDSkT.png (W8/7/Vista) on your DesktopRight-click the icon and click AVOiBNU.jpg Run as administrator.
  • CHKDSK may take up to an hour to complete. Allow the programme to run uninterrupted, and do not use your computer during the process.  
  • Upon completion, a log (chkdskquery.txt) will open on your Desktop. Please copy the contents of the log and paste in your next reply.
     

STEP 2
MgeHyNE.png System File Checker (SFC)

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    sfc /scannowfindstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcresults.txt"notepad %userprofile%\Desktop\sfcresults.txtdel %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file querysfc.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate querysfc.bat lmRDSkT.png (W8/7/Vista) on your DesktopRight-click the icon and click AVOiBNU.jpg Run as administrator.
  • Upon completion, a log (sfcresults.txt) will open on your Desktop. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • chkdskquery.txt
  • sfcresults.txt
Link to post
Share on other sites

Below is the sfcresults.txt. I did not do the chkdisk as my operating system is on two SSD's in a RAID1 array. All of my programs are on my F: drive on 4 SATA drives which are in a RAID10 array.

 

- Alan

 

2014-10-18 18:40:39, Info                  CSI    00000009 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:39, Info                  CSI    0000000a [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:39, Info                  CSI    0000000c [sR] Verify complete
2014-10-18 18:40:40, Info                  CSI    0000000d [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:40, Info                  CSI    0000000e [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:40, Info                  CSI    00000010 [sR] Verify complete
2014-10-18 18:40:40, Info                  CSI    00000011 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:40, Info                  CSI    00000012 [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:40, Info                  CSI    00000014 [sR] Verify complete
2014-10-18 18:40:40, Info                  CSI    00000015 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:40, Info                  CSI    00000016 [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:40, Info                  CSI    00000018 [sR] Verify complete
2014-10-18 18:40:40, Info                  CSI    00000019 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:40, Info                  CSI    0000001a [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:41, Info                  CSI    0000001c [sR] Verify complete
2014-10-18 18:40:41, Info                  CSI    0000001d [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:41, Info                  CSI    0000001e [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:41, Info                  CSI    00000020 [sR] Verify complete
2014-10-18 18:40:41, Info                  CSI    00000021 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:41, Info                  CSI    00000022 [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:41, Info                  CSI    00000024 [sR] Verify complete
2014-10-18 18:40:41, Info                  CSI    00000025 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:41, Info                  CSI    00000026 [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:41, Info                  CSI    00000028 [sR] Verify complete
2014-10-18 18:40:41, Info                  CSI    00000029 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:41, Info                  CSI    0000002a [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:42, Info                  CSI    0000002c [sR] Verify complete
2014-10-18 18:40:42, Info                  CSI    0000002d [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:42, Info                  CSI    0000002e [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:42, Info                  CSI    00000030 [sR] Verify complete
2014-10-18 18:40:42, Info                  CSI    00000031 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:42, Info                  CSI    00000032 [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:42, Info                  CSI    00000034 [sR] Verify complete
2014-10-18 18:40:43, Info                  CSI    00000035 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:43, Info                  CSI    00000036 [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:43, Info                  CSI    00000038 [sR] Verify complete
2014-10-18 18:40:43, Info                  CSI    00000039 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:43, Info                  CSI    0000003a [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:43, Info                  CSI    0000003c [sR] Verify complete
2014-10-18 18:40:43, Info                  CSI    0000003d [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:43, Info                  CSI    0000003e [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:44, Info                  CSI    00000040 [sR] Verify complete
2014-10-18 18:40:44, Info                  CSI    00000041 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:44, Info                  CSI    00000042 [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:44, Info                  CSI    00000044 [sR] Verify complete
2014-10-18 18:40:44, Info                  CSI    00000045 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:44, Info                  CSI    00000046 [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:44, Info                  CSI    00000048 [sR] Verify complete
2014-10-18 18:40:44, Info                  CSI    00000049 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:44, Info                  CSI    0000004a [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:45, Info                  CSI    0000004c [sR] Verify complete
2014-10-18 18:40:45, Info                  CSI    0000004d [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:45, Info                  CSI    0000004e [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:45, Info                  CSI    00000050 [sR] Verify complete
2014-10-18 18:40:45, Info                  CSI    00000051 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:45, Info                  CSI    00000052 [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:46, Info                  CSI    00000054 [sR] Verify complete
2014-10-18 18:40:46, Info                  CSI    00000055 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:46, Info                  CSI    00000056 [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:46, Info                  CSI    00000058 [sR] Verify complete
2014-10-18 18:40:47, Info                  CSI    00000059 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:47, Info                  CSI    0000005a [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:48, Info                  CSI    0000005d [sR] Verify complete
2014-10-18 18:40:48, Info                  CSI    0000005e [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:48, Info                  CSI    0000005f [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:49, Info                  CSI    00000063 [sR] Verify complete
2014-10-18 18:40:49, Info                  CSI    00000064 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:49, Info                  CSI    00000065 [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:50, Info                  CSI    00000069 [sR] Verify complete
2014-10-18 18:40:50, Info                  CSI    0000006a [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:50, Info                  CSI    0000006b [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:50, Info                  CSI    0000006d [sR] Verify complete
2014-10-18 18:40:51, Info                  CSI    0000006e [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:51, Info                  CSI    0000006f [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:52, Info                  CSI    00000084 [sR] Verify complete
2014-10-18 18:40:52, Info                  CSI    00000085 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:52, Info                  CSI    00000086 [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:54, Info                  CSI    00000098 [sR] Verify complete
2014-10-18 18:40:54, Info                  CSI    00000099 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:54, Info                  CSI    0000009a [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:55, Info                  CSI    0000009c [sR] Verify complete
2014-10-18 18:40:55, Info                  CSI    0000009d [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:55, Info                  CSI    0000009e [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:56, Info                  CSI    000000a0 [sR] Verify complete
2014-10-18 18:40:56, Info                  CSI    000000a1 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:56, Info                  CSI    000000a2 [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:57, Info                  CSI    000000a4 [sR] Verify complete
2014-10-18 18:40:57, Info                  CSI    000000a5 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:57, Info                  CSI    000000a6 [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:58, Info                  CSI    000000a8 [sR] Verify complete
2014-10-18 18:40:58, Info                  CSI    000000a9 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:58, Info                  CSI    000000aa [sR] Beginning Verify and Repair transaction
2014-10-18 18:40:59, Info                  CSI    000000ac [sR] Verify complete
2014-10-18 18:40:59, Info                  CSI    000000ad [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:40:59, Info                  CSI    000000ae [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:01, Info                  CSI    000000b2 [sR] Verify complete
2014-10-18 18:41:01, Info                  CSI    000000b3 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:01, Info                  CSI    000000b4 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:03, Info                  CSI    000000d5 [sR] Verify complete
2014-10-18 18:41:03, Info                  CSI    000000d6 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:03, Info                  CSI    000000d7 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:05, Info                  CSI    000000d9 [sR] Verify complete
2014-10-18 18:41:05, Info                  CSI    000000da [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:05, Info                  CSI    000000db [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:07, Info                  CSI    000000dd [sR] Verify complete
2014-10-18 18:41:07, Info                  CSI    000000de [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:07, Info                  CSI    000000df [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:08, Info                  CSI    000000e3 [sR] Verify complete
2014-10-18 18:41:08, Info                  CSI    000000e4 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:08, Info                  CSI    000000e5 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:09, Info                  CSI    000000e7 [sR] Verify complete
2014-10-18 18:41:09, Info                  CSI    000000e8 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:09, Info                  CSI    000000e9 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:09, Info                  CSI    000000eb [sR] Verify complete
2014-10-18 18:41:09, Info                  CSI    000000ec [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:09, Info                  CSI    000000ed [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:10, Info                  CSI    000000ef [sR] Verify complete
2014-10-18 18:41:10, Info                  CSI    000000f0 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:10, Info                  CSI    000000f1 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:13, Info                  CSI    00000104 [sR] Verify complete
2014-10-18 18:41:13, Info                  CSI    00000105 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:13, Info                  CSI    00000106 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:13, Info                  CSI    00000108 [sR] Verify complete
2014-10-18 18:41:13, Info                  CSI    00000109 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:13, Info                  CSI    0000010a [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:14, Info                  CSI    0000010c [sR] Verify complete
2014-10-18 18:41:14, Info                  CSI    0000010d [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:14, Info                  CSI    0000010e [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:14, Info                  CSI    00000110 [sR] Verify complete
2014-10-18 18:41:15, Info                  CSI    00000111 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:15, Info                  CSI    00000112 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:16, Info                  CSI    00000115 [sR] Verify complete
2014-10-18 18:41:16, Info                  CSI    00000116 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:16, Info                  CSI    00000117 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:19, Info                  CSI    0000011a [sR] Verify complete
2014-10-18 18:41:19, Info                  CSI    0000011b [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:19, Info                  CSI    0000011c [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:19, Info                  CSI    0000011e [sR] Verify complete
2014-10-18 18:41:19, Info                  CSI    0000011f [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:19, Info                  CSI    00000120 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:19, Info                  CSI    00000122 [sR] Verify complete
2014-10-18 18:41:20, Info                  CSI    00000123 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:20, Info                  CSI    00000124 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:21, Info                  CSI    00000126 [sR] Verify complete
2014-10-18 18:41:21, Info                  CSI    00000127 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:21, Info                  CSI    00000128 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:22, Info                  CSI    0000012a [sR] Verify complete
2014-10-18 18:41:22, Info                  CSI    0000012b [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:22, Info                  CSI    0000012c [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:23, Info                  CSI    0000012e [sR] Verify complete
2014-10-18 18:41:23, Info                  CSI    0000012f [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:23, Info                  CSI    00000130 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:26, Info                  CSI    00000148 [sR] Verify complete
2014-10-18 18:41:26, Info                  CSI    00000149 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:26, Info                  CSI    0000014a [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:27, Info                  CSI    0000014c [sR] Verify complete
2014-10-18 18:41:27, Info                  CSI    0000014d [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:27, Info                  CSI    0000014e [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:32, Info                  CSI    00000150 [sR] Verify complete
2014-10-18 18:41:32, Info                  CSI    00000151 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:32, Info                  CSI    00000152 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:33, Info                  CSI    00000154 [sR] Verify complete
2014-10-18 18:41:33, Info                  CSI    00000155 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:33, Info                  CSI    00000156 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:35, Info                  CSI    00000159 [sR] Verify complete
2014-10-18 18:41:35, Info                  CSI    0000015a [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:35, Info                  CSI    0000015b [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:36, Info                  CSI    0000015d [sR] Verify complete
2014-10-18 18:41:36, Info                  CSI    0000015e [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:36, Info                  CSI    0000015f [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:37, Info                  CSI    00000161 [sR] Verify complete
2014-10-18 18:41:37, Info                  CSI    00000162 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:37, Info                  CSI    00000163 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:38, Info                  CSI    00000165 [sR] Verify complete
2014-10-18 18:41:38, Info                  CSI    00000166 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:38, Info                  CSI    00000167 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:39, Info                  CSI    00000169 [sR] Verify complete
2014-10-18 18:41:39, Info                  CSI    0000016a [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:39, Info                  CSI    0000016b [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:40, Info                  CSI    0000016f [sR] Verify complete
2014-10-18 18:41:40, Info                  CSI    00000170 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:40, Info                  CSI    00000171 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:43, Info                  CSI    00000173 [sR] Verify complete
2014-10-18 18:41:43, Info                  CSI    00000174 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:43, Info                  CSI    00000175 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:45, Info                  CSI    00000178 [sR] Verify complete
2014-10-18 18:41:45, Info                  CSI    00000179 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:45, Info                  CSI    0000017a [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:47, Info                  CSI    0000017c [sR] Verify complete
2014-10-18 18:41:47, Info                  CSI    0000017d [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:47, Info                  CSI    0000017e [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:48, Info                  CSI    00000181 [sR] Verify complete
2014-10-18 18:41:48, Info                  CSI    00000182 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:48, Info                  CSI    00000183 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:49, Info                  CSI    00000185 [sR] Verify complete
2014-10-18 18:41:49, Info                  CSI    00000186 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:49, Info                  CSI    00000187 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:51, Info                  CSI    0000018a [sR] Verify complete
2014-10-18 18:41:51, Info                  CSI    0000018b [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:51, Info                  CSI    0000018c [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:52, Info                  CSI    0000018e [sR] Verify complete
2014-10-18 18:41:52, Info                  CSI    0000018f [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:52, Info                  CSI    00000190 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:53, Info                  CSI    00000192 [sR] Verify complete
2014-10-18 18:41:53, Info                  CSI    00000193 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:53, Info                  CSI    00000194 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:54, Info                  CSI    00000196 [sR] Verify complete
2014-10-18 18:41:54, Info                  CSI    00000197 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:54, Info                  CSI    00000198 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:55, Info                  CSI    0000019b [sR] Verify complete
2014-10-18 18:41:55, Info                  CSI    0000019c [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:55, Info                  CSI    0000019d [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:56, Info                  CSI    0000019f [sR] Verify complete
2014-10-18 18:41:56, Info                  CSI    000001a0 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:56, Info                  CSI    000001a1 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:57, Info                  CSI    000001a3 [sR] Verify complete
2014-10-18 18:41:57, Info                  CSI    000001a4 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:57, Info                  CSI    000001a5 [sR] Beginning Verify and Repair transaction
2014-10-18 18:41:58, Info                  CSI    000001a8 [sR] Verify complete
2014-10-18 18:41:58, Info                  CSI    000001a9 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:41:58, Info                  CSI    000001aa [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:00, Info                  CSI    000001ad [sR] Verify complete
2014-10-18 18:42:00, Info                  CSI    000001ae [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:00, Info                  CSI    000001af [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:01, Info                  CSI    000001b2 [sR] Verify complete
2014-10-18 18:42:01, Info                  CSI    000001b3 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:01, Info                  CSI    000001b4 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:02, Info                  CSI    000001b6 [sR] Verify complete
2014-10-18 18:42:02, Info                  CSI    000001b7 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:02, Info                  CSI    000001b8 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:04, Info                  CSI    000001bb [sR] Verify complete
2014-10-18 18:42:04, Info                  CSI    000001bc [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:04, Info                  CSI    000001bd [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:04, Info                  CSI    000001bf [sR] Verify complete
2014-10-18 18:42:04, Info                  CSI    000001c0 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:04, Info                  CSI    000001c1 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:05, Info                  CSI    000001c3 [sR] Verify complete
2014-10-18 18:42:05, Info                  CSI    000001c4 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:05, Info                  CSI    000001c5 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:06, Info                  CSI    000001c7 [sR] Verify complete
2014-10-18 18:42:06, Info                  CSI    000001c8 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:06, Info                  CSI    000001c9 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:07, Info                  CSI    000001cb [sR] Verify complete
2014-10-18 18:42:07, Info                  CSI    000001cc [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:07, Info                  CSI    000001cd [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:08, Info                  CSI    000001cf [sR] Verify complete
2014-10-18 18:42:08, Info                  CSI    000001d0 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:08, Info                  CSI    000001d1 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:09, Info                  CSI    000001d3 [sR] Verify complete
2014-10-18 18:42:09, Info                  CSI    000001d4 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:09, Info                  CSI    000001d5 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:10, Info                  CSI    000001d7 [sR] Verify complete
2014-10-18 18:42:10, Info                  CSI    000001d8 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:10, Info                  CSI    000001d9 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:12, Info                  CSI    000001db [sR] Verify complete
2014-10-18 18:42:12, Info                  CSI    000001dc [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:12, Info                  CSI    000001dd [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:14, Info                  CSI    000001df [sR] Verify complete
2014-10-18 18:42:15, Info                  CSI    000001e0 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:15, Info                  CSI    000001e1 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:15, Info                  CSI    000001e3 [sR] Verify complete
2014-10-18 18:42:15, Info                  CSI    000001e4 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:15, Info                  CSI    000001e5 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:16, Info                  CSI    000001e7 [sR] Verify complete
2014-10-18 18:42:16, Info                  CSI    000001e8 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:16, Info                  CSI    000001e9 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:16, Info                  CSI    000001eb [sR] Verify complete
2014-10-18 18:42:17, Info                  CSI    000001ec [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:17, Info                  CSI    000001ed [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:17, Info                  CSI    000001ef [sR] Verify complete
2014-10-18 18:42:17, Info                  CSI    000001f0 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:17, Info                  CSI    000001f1 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:18, Info                  CSI    000001f3 [sR] Verify complete
2014-10-18 18:42:18, Info                  CSI    000001f4 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:18, Info                  CSI    000001f5 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:19, Info                  CSI    000001f7 [sR] Verify complete
2014-10-18 18:42:19, Info                  CSI    000001f8 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:19, Info                  CSI    000001f9 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:19, Info                  CSI    000001fb [sR] Verify complete
2014-10-18 18:42:19, Info                  CSI    000001fc [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:19, Info                  CSI    000001fd [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:20, Info                  CSI    00000205 [sR] Verify complete
2014-10-18 18:42:21, Info                  CSI    00000206 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:21, Info                  CSI    00000207 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:21, Info                  CSI    00000209 [sR] Verify complete
2014-10-18 18:42:21, Info                  CSI    0000020a [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:21, Info                  CSI    0000020b [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:22, Info                  CSI    0000020d [sR] Verify complete
2014-10-18 18:42:22, Info                  CSI    0000020e [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:22, Info                  CSI    0000020f [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:22, Info                  CSI    00000211 [sR] Verify complete
2014-10-18 18:42:23, Info                  CSI    00000212 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:23, Info                  CSI    00000213 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:23, Info                  CSI    00000215 [sR] Verify complete
2014-10-18 18:42:23, Info                  CSI    00000216 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:23, Info                  CSI    00000217 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:25, Info                  CSI    0000021a [sR] Verify complete
2014-10-18 18:42:25, Info                  CSI    0000021b [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:25, Info                  CSI    0000021c [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:26, Info                  CSI    0000021e [sR] Verify complete
2014-10-18 18:42:27, Info                  CSI    0000021f [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:27, Info                  CSI    00000220 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:27, Info                  CSI    00000222 [sR] Verify complete
2014-10-18 18:42:27, Info                  CSI    00000223 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:27, Info                  CSI    00000224 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:28, Info                  CSI    00000226 [sR] Verify complete
2014-10-18 18:42:29, Info                  CSI    00000227 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:29, Info                  CSI    00000228 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:31, Info                  CSI    0000022d [sR] Verify complete
2014-10-18 18:42:31, Info                  CSI    0000022e [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:31, Info                  CSI    0000022f [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:32, Info                  CSI    00000234 [sR] Verify complete
2014-10-18 18:42:33, Info                  CSI    00000235 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:33, Info                  CSI    00000236 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:34, Info                  CSI    00000239 [sR] Verify complete
2014-10-18 18:42:34, Info                  CSI    0000023a [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:34, Info                  CSI    0000023b [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:35, Info                  CSI    0000023e [sR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"user32.dll" from store
2014-10-18 18:42:36, Info                  CSI    00000248 [sR] Verify complete
2014-10-18 18:42:36, Info                  CSI    00000249 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:36, Info                  CSI    0000024a [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:37, Info                  CSI    00000250 [sR] Verify complete
2014-10-18 18:42:37, Info                  CSI    00000251 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:37, Info                  CSI    00000252 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:38, Info                  CSI    00000254 [sR] Verify complete
2014-10-18 18:42:38, Info                  CSI    00000255 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:38, Info                  CSI    00000256 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:39, Info                  CSI    0000025a [sR] Verify complete
2014-10-18 18:42:39, Info                  CSI    0000025b [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:39, Info                  CSI    0000025c [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:40, Info                  CSI    0000025e [sR] Verify complete
2014-10-18 18:42:40, Info                  CSI    0000025f [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:40, Info                  CSI    00000260 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:41, Info                  CSI    00000285 [sR] Verify complete
2014-10-18 18:42:42, Info                  CSI    00000286 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:42, Info                  CSI    00000287 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:42, Info                  CSI    00000289 [sR] Verify complete
2014-10-18 18:42:42, Info                  CSI    0000028a [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:42, Info                  CSI    0000028b [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:43, Info                  CSI    0000028d [sR] Verify complete
2014-10-18 18:42:43, Info                  CSI    0000028e [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:43, Info                  CSI    0000028f [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:44, Info                  CSI    00000291 [sR] Verify complete
2014-10-18 18:42:44, Info                  CSI    00000292 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:44, Info                  CSI    00000293 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:45, Info                  CSI    000002a1 [sR] Verify complete
2014-10-18 18:42:45, Info                  CSI    000002a2 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:45, Info                  CSI    000002a3 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:46, Info                  CSI    000002a5 [sR] Verify complete
2014-10-18 18:42:46, Info                  CSI    000002a6 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:46, Info                  CSI    000002a7 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:48, Info                  CSI    000002b5 [sR] Verify complete
2014-10-18 18:42:48, Info                  CSI    000002b6 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:48, Info                  CSI    000002b7 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:49, Info                  CSI    000002b9 [sR] Verify complete
2014-10-18 18:42:49, Info                  CSI    000002ba [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:49, Info                  CSI    000002bb [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:49, Info                  CSI    000002bd [sR] Verify complete
2014-10-18 18:42:50, Info                  CSI    000002be [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:50, Info                  CSI    000002bf [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:51, Info                  CSI    000002c2 [sR] Verify complete
2014-10-18 18:42:51, Info                  CSI    000002c3 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:51, Info                  CSI    000002c4 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:51, Info                  CSI    000002c6 [sR] Verify complete
2014-10-18 18:42:51, Info                  CSI    000002c7 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:51, Info                  CSI    000002c8 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:52, Info                  CSI    000002ca [sR] Verify complete
2014-10-18 18:42:52, Info                  CSI    000002cb [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:52, Info                  CSI    000002cc [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:53, Info                  CSI    000002ce [sR] Verify complete
2014-10-18 18:42:53, Info                  CSI    000002cf [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:53, Info                  CSI    000002d0 [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:54, Info                  CSI    000002d9 [sR] Verify complete
2014-10-18 18:42:55, Info                  CSI    000002da [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:55, Info                  CSI    000002db [sR] Beginning Verify and Repair transaction
2014-10-18 18:42:56, Info                  CSI    000002ee [sR] Verify complete
2014-10-18 18:42:56, Info                  CSI    000002ef [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:42:56, Info                  CSI    000002f0 [sR] Beginning Verify and Repair transaction
2014-10-18 18:43:00, Info                  CSI    000002f2 [sR] Verify complete
2014-10-18 18:43:01, Info                  CSI    000002f3 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:43:01, Info                  CSI    000002f4 [sR] Beginning Verify and Repair transaction
2014-10-18 18:43:01, Info                  CSI    000002f6 [sR] Verify complete
2014-10-18 18:43:01, Info                  CSI    000002f7 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:43:01, Info                  CSI    000002f8 [sR] Beginning Verify and Repair transaction
2014-10-18 18:43:02, Info                  CSI    000002fa [sR] Verify complete
2014-10-18 18:43:02, Info                  CSI    000002fb [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:43:02, Info                  CSI    000002fc [sR] Beginning Verify and Repair transaction
2014-10-18 18:43:02, Info                  CSI    00000300 [sR] Verify complete
2014-10-18 18:43:03, Info                  CSI    00000301 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:43:03, Info                  CSI    00000302 [sR] Beginning Verify and Repair transaction
2014-10-18 18:43:03, Info                  CSI    00000304 [sR] Verify complete
2014-10-18 18:43:03, Info                  CSI    00000305 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:43:03, Info                  CSI    00000306 [sR] Beginning Verify and Repair transaction
2014-10-18 18:43:04, Info                  CSI    00000308 [sR] Verify complete
2014-10-18 18:43:04, Info                  CSI    00000309 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:43:04, Info                  CSI    0000030a [sR] Beginning Verify and Repair transaction
2014-10-18 18:43:05, Info                  CSI    0000030c [sR] Verify complete
2014-10-18 18:43:05, Info                  CSI    0000030d [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:43:05, Info                  CSI    0000030e [sR] Beginning Verify and Repair transaction
2014-10-18 18:43:06, Info                  CSI    00000311 [sR] Verify complete
2014-10-18 18:43:06, Info                  CSI    00000312 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:43:06, Info                  CSI    00000313 [sR] Beginning Verify and Repair transaction
2014-10-18 18:43:06, Info                  CSI    00000315 [sR] Verify complete
2014-10-18 18:43:07, Info                  CSI    00000316 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:43:07, Info                  CSI    00000317 [sR] Beginning Verify and Repair transaction
2014-10-18 18:43:07, Info                  CSI    00000319 [sR] Verify complete
2014-10-18 18:43:08, Info                  CSI    0000031a [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:43:08, Info                  CSI    0000031b [sR] Beginning Verify and Repair transaction
2014-10-18 18:43:08, Info                  CSI    0000031d [sR] Verify complete
2014-10-18 18:43:08, Info                  CSI    0000031e [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:43:08, Info                  CSI    0000031f [sR] Beginning Verify and Repair transaction
2014-10-18 18:43:09, Info                  CSI    00000322 [sR] Verify complete
2014-10-18 18:43:09, Info                  CSI    00000323 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:43:09, Info                  CSI    00000324 [sR] Beginning Verify and Repair transaction
2014-10-18 18:43:10, Info                  CSI    00000326 [sR] Verify complete
2014-10-18 18:43:11, Info                  CSI    00000327 [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:43:11, Info                  CSI    00000328 [sR] Beginning Verify and Repair transaction
2014-10-18 18:43:11, Info                  CSI    0000032a [sR] Verify complete
2014-10-18 18:43:11, Info                  CSI    0000032b [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:43:11, Info                  CSI    0000032c [sR] Beginning Verify and Repair transaction
2014-10-18 18:43:12, Info                  CSI    0000032e [sR] Verify complete
2014-10-18 18:43:12, Info                  CSI    0000032f [sR] Verifying 100 (0x0000000000000064) components
2014-10-18 18:43:12, Info                  CSI    00000330 [sR] Beginning Verify and Repair transaction
2014-10-18 18:43:13, Info                  CSI    00000332 [sR] Verify complete
2014-10-18 18:43:13, Info                  CSI    00000333 [sR] Verifying 13 (0x000000000000000d) components
2014-10-18 18:43:13, Info                  CSI    00000334 [sR] Beginning Verify and Repair transaction
2014-10-18 18:43:13, Info                  CSI    00000336 [sR] Verify complete
2014-10-18 18:43:13, Info                  CSI    00000337 [sR] Repairing 1 components
2014-10-18 18:43:13, Info                  CSI    00000338 [sR] Beginning Verify and Repair transaction
2014-10-18 18:43:13, Info                  CSI    0000033a [sR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"user32.dll" from store
2014-10-18 18:43:13, Info                  CSI    0000033c [sR] Repair complete
2014-10-18 18:43:13, Info                  CSI    0000033d [sR] Committing transaction
2014-10-18 18:43:13, Info                  CSI    00000341 [sR] Unable to complete Verify and Repair transaction because some of the files that need to be repaired are in use. A reboot is required to complete this operation.
2014-10-18 18:43:13, Info                  CSI    00000342 [sR] Repairing 1 components
2014-10-18 18:43:13, Info                  CSI    00000343 [sR] Beginning Verify and Repair transaction
2014-10-18 18:43:13, Info                  CSI    00000345 [sR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"user32.dll" from store
2014-10-18 18:43:13, Info                  CSI    00000347 [sR] Repair complete
 

Link to post
Share on other sites

I noticed the user32.dll message in the log and rebooted after running sfc. I got no error messages, Malwarebytes and Kaspersky loaded and I can open programs now. Thank you very much Adam!

 

What else do I need to do to ensure that the PC is completely clean and safe?

Link to post
Share on other sites

Good job. 

Lets check for remnants. 

 

STEP 1
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

 

 

STEP 2
CXrghb6.png Update/Remove Java

  • Download the latest version of j8JVMVP.jpg Java from here (watch out for "Optional Offers" during the update process).
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
  • Note: The programmes below may not be present. If this is the case, please skip to the next step.
    • Java 7 Update 67
  • Follow the prompts, and reboot if necessary. 
     

STEP 3
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Please download the updated Malwarebytes Anti-Malware Free to your Desktop.
  • Double-click mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Launch the programme and click Update.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 4
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something unique such as MyEsetScan.
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did Java update/remove successfully? 
  • MBAM Scan log
  • ESET Online Scan log
Link to post
Share on other sites

I was able to remove and update Java successfully. I used Malwarebytes Premium, which I have installed on this machine, to do the MBAM scan, I hope that's okay.

Below are the MBAM and ESET logs:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/18/2014
Scan Time: 8:03:37 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.18.07
Rootkit Database: v2014.10.17.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Alan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357999
Time Elapsed: 3 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

C:\FRST\Quarantine\C\Users\Alan\AppData\Local\Temp\AskSLib.dll.xBAD    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\FRST\Quarantine\C\Windows\SysWOW64\User32.dll.xBAD    Win32/Bamital.GC trojan
C:\Users\Alan\AppData\Local\Temp\8p5Z6q_l.exe.part    a variant of Win32/DealPly.I potentially unwanted application
C:\Users\Alan\AppData\Local\Temp\fPfGiFmg.exe.part    a variant of Win32/DealPly.I potentially unwanted application
C:\Users\Alan\AppData\Local\Temp\fox1F08.tmp\Foxit Reader Setup.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Alan\AppData\Local\Temp\NeroInstallFiles\NERO20120608083716776\ISSetupPrerequisites\neroAskToolbar\ApnIC.dll    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Alan\AppData\Local\Temp\NeroInstallFiles\NERO20120608083716776\ISSetupPrerequisites\neroAskToolbar\ApnStub.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Alan\AppData\Local\Temp\NeroInstallFiles\NERO20120608083716776\ISSetupPrerequisites\neroAskToolbar\ApnToolbarInstaller.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Alan\AppData\Local\Temp\NeroInstallFiles\NERO20120608083716776\ISSetupPrerequisites\neroAskToolbar\AskToolbarNRO.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Alan\AppData\Local\Temp\NeroInstallFiles\NERO20120608083716776\ISSetupPrerequisites\neroAskToolbar\AskToolbarNRO3.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
F:\Program Files\Install files\DriverMax\drivermax_7_21_cnet_dealply.exe    a variant of Win32/DealPly.I potentially unwanted application
F:\Program Files\Install files\PowerISO\PowerISO5.exe    Win32/OpenCandy potentially unsafe application
F:\Program Files\Install files\Unlocker\Unlocker1.9.2.exe    a variant of Win32/Toolbar.Babylon.E potentially unwanted application

Link to post
Share on other sites

Hello, 
 
Did you run AdwCleaner? 
 
Please provide an update on your computer after carrying out the following steps. Are there any outstanding issues?
 

I was able to remove and update Java successfully. I used Malwarebytes Premium, which I have installed on this machine, to do the MBAM scan, I hope that's okay.

Yes, that's fine. The reason for providing you a download link is because your version of MBAM is outdated. I suggest downloading the updated version on top of your current version.  

 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startF:\Program Files\Install files\DriverMax\drivermax_7_21_cnet_dealply.exeF:\Program Files\Install files\PowerISO\PowerISO5.exeF:\Program Files\Install files\Unlocker\Unlocker1.9.2.exeCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetCMD: bitsadmin /reset /allusersEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
gxJsKn9.png Farbar Service Scanner (FSS)

  • Please download FSS and save the file to your Desktop.
  • Right-Click FSS.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the following items are checked:
    • H5woOOZ.png.
    • TA6BLVm.png.
    • e1PK1mD.png.
    • mQdJltp.png.
    • 7wCHunX.png.
    • wU6iCZ5.png.
  • Click Scan.
  • A log (FSS.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • FSS.txt
  • How is your computer performing?
Link to post
Share on other sites

Oh yes, I did run AdwCleaner. The log for that is below and the Fixlog and FSS log are below that.

The PC seems to be running fine now. I'm not encountering any errors or unusual behavior. If I install the updated version of MBAM over my outdated version, will I lose the premium license?

 

Do you recommend running Windows Defender?

# AdwCleaner v4.000 - Report created 18/10/2014 at 19:47:46
# DB v2014-10-17.9
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Alan - ALANS_COMPUTER
# Running from : F:\Users\Alan\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\END

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 en-US)


*************************

AdwCleaner[R0].txt - [922 octets] - [18/10/2014 19:44:29]
AdwCleaner[s0].txt - [798 octets] - [18/10/2014 19:47:46]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [857 octets] ##########

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-10-2014 01
Ran by Alan at 2014-10-19 11:07:54 Run:2
Running from F:\Users\Alan\Desktop
Loaded Profiles: Alan & ntp (Available profiles: Alan & ntp)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
F:\Program Files\Install files\DriverMax\drivermax_7_21_cnet_dealply.exe
F:\Program Files\Install files\PowerISO\PowerISO5.exe
F:\Program Files\Install files\Unlocker\Unlocker1.9.2.exe
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
end
*****************

F:\Program Files\Install files\DriverMax\drivermax_7_21_cnet_dealply.exe => Moved successfully.
F:\Program Files\Install files\PowerISO\PowerISO5.exe => Moved successfully.
F:\Program Files\Install files\Unlocker\Unlocker1.9.2.exe => Moved successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Subinterface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Reseting Subinterface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 4.6 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Farbar Service Scanner Version: 21-07-2014
Ran by Alan (administrator) on 19-10-2014 at 11:15:26
Running from "F:\Users\Alan\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Link to post
Share on other sites

Hi Alan, 
 

If I install the updated version of MBAM over my outdated version, will I lose the premium license?

No, that won't happen. You can read about the updated version here.

 

Lets update your vulnerable software to reduce the risk of reinfection. 

 

STEP 1
CXrghb6.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 2
zANS9oB.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).

  • Click the Windows Start Button 29Fou9c.jpg and type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the AVOiBNU.jpg Windows User Account Control (UAC) appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 3
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • checkup.txt
Link to post
Share on other sites

Adam, I just wanted to thank you again for all the time you've spent helping me. I very much appreciate it.

 

I updated MBAM, Adobe Flash Player, Firefox and Thunderbird to the latest versions.

 

When I attempted step 2, I got an error message saying that it could not find javacpl or that the path did not exist.

 

The checkup.txt log is below:

 

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Java 8 Update 25  
 Java version out of Date!
 Adobe Flash Player 15.0.0.152  
 Mozilla Firefox (33.0)
 Mozilla Thunderbird (31.2.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 All Users Application Data Kaspersky Lab avp.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Good job!

Subject to no further issues, this concludes our work here. Now for the good news!

 

All Clean!
Congratulations, your computer appears clean!  smile.png
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png
 

 

STEP 1
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • x7D2ig3K.png.pagespeed.ic.x4TC1AK8OX.jpg Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus. 
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) incorporates real-time protection and is designed to run alongside your Anti-Virus. 
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from writing to your HDD unless you approve the file. 
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xsHjS79L.png.pagespeed.ic.n4Sk8_GzZn.jpg Unchecky automatically removes checkmarks for additional software in programme installers, helping you avoid adware and PUPs. 
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website. 

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using Malwarebytes.
 
Safe Surfing.  thumbup.gif
Adam (LiquidTension).

Link to post
Share on other sites

Hi Adam, I have no outstanding issues and I am very happy to have my computer back healthy and running again. Thank you very much for all your help! You are a lifesaver. I can't thank you enough for all your time and effort. Thank you very very much.

 

Best regards,

Alan

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.