Jump to content

Recommended Posts

been reading posts here, note the answers are individually given so thought I had best start a new post.

Windows 7 desktop. Malwarebytes Pro quarantined some files, I agreed to actions. files deleted and told needed to restart. Clicked on agreement. Came back on, windows start logo then black screen with moving cursor.

 

Have tried the following:

  1. System repair - after it said was successful rebooted to black screen
  2. Tried safe mode - runs files then black sceen
  3. Ditto safe mode with networking
  4. Windows installation disk repair - by which time I realised monitor not the problem, must be virus
  5. I have downloaded frst and have frst.txt log and have attached itFRST.txt

Please can someone help me - I do admin for volunteer group and need to be able to use pc

 

thanks in advance!

 

 

Link to post
Share on other sites

  • Replies 65
  • Created
  • Last Reply

Top Posters In This Topic

Hello tasnan49, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important file before proceeding with my instructions. Malware removal can be unpredictable.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page. 
     

======================================================

 

Enter the Recovery Environment as you did before, and run FRST. 

 

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Search

  • Type the following text into the Search: textbox:
    rpcss.dll
  • Click on the Search File(s) button.
  • Upon completion, a log (Search.txt) will be saved to your USB drive.
  • Copy the contents of the log and paste in your next reply.
Link to post
Share on other sites

Hi Adam, I'm Judy and am in Tasmania Australia. Thanks for helping. Have run FRST per instructions and search.txt is below:

Farbar Recovery Scan Tool (x86) Version: 27-10-2014 01
Ran by SYSTEM at 2014-10-29 22:13:44
Running from E:\
Boot Mode: Recovery
 
================== Search: "rpcss.dll" ===================
 
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
[2012-04-21 19:07][2010-11-20 04:21] 0376832 ____A (Microsoft Corporation) 7660F01D3B38ACA1747E397D21D790AF
 
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
[2009-07-13 15:45][2009-07-13 17:16] 0376320 ____A (Microsoft Corporation) B82CD39E336973359D7C9BF911E8E84F
 
C:\Windows\erdnt\cache\rpcss.dll
[2014-01-22 04:15][2010-11-20 04:21] 0376832 ____A (Microsoft Corporation) 7660F01D3B38ACA1747E397D21D790AF
 
X:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
[2009-07-13 15:45][2009-07-13 17:16] 0376320 ____A (Microsoft Corporation) B82CD39E336973359D7C9BF911E8E84F
 
X:\Windows\System32\rpcss.dll
[2009-07-13 15:45][2009-07-13 17:16] 0376320 ____A (Microsoft Corporation) B82CD39E336973359D7C9BF911E8E84F
 
X:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
[2009-07-13 15:45][2009-07-13 17:16] 0376320 ____A (Microsoft Corporation) B82CD39E336973359D7C9BF911E8E84F
 
X:\Windows\System32\rpcss.dll
[2009-07-13 15:45][2009-07-13 17:16] 0376320 ____A (Microsoft Corporation) B82CD39E336973359D7C9BF911E8E84F
 
=== End Of Search ===
Link to post
Share on other sites

Please do the following, Judy. 

 

xlK5Hdb.png FRST Recovery Environment Script

  • Using your clean PC, press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startHKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [262656 2010-11-20] (Microsoft Corporation)HKU\removevirus\...\Run: [mskhet] => "C:\Windows\System32\rundll32.exe" "C:\Users\JUDY\AppData\Roaming\mskhet.dll",set_tRNS <===== ATTENTIONC:\Users\JUDY\AppData\Roaming\mskhet.dllC:\Users\JUDY\AppData\Local\Temp\ytaiesmt.exeReplace: C:\Windows\erdnt\cache\rpcss.dll C:\Windows\System32\rpcss.dllend
  • Click FileSave As and type fixlist.txt as the File Name.
  • Save the file to your USB drive.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Enter the Recovery Environment just as you did before.
  • Run FRST just as you did before.
  • Click the Fix button once.
  • A log (Fixlog.txt) will be created on your USB drive.
  • Boot into Windows. 
  • Copy the contents of Fixlog.txt and paste in your next reply. 
Link to post
Share on other sites

did what you said,  booted into Windows, took a long time to load, even after login, now I'm in, says  Malwarebytes realtime protection is disabled clicking Fix Now does not work, not game to scan now or reboot as that is what happened before

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-10-2014 01
Ran by SYSTEM at 2014-10-30 00:11:38 Run:1
Running from e:\
Boot Mode: Recovery
 
==============================================
 
Content of fixlist:
*****************
start
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [262656 2010-11-20] (Microsoft Corporation)
HKU\removevirus\...\Run: [mskhet] => "C:\Windows\System32\rundll32.exe" "C:\Users\JUDY\AppData\Roaming\mskhet.dll",set_tRNS <===== ATTENTION
C:\Users\JUDY\AppData\Roaming\mskhet.dll
C:\Users\JUDY\AppData\Local\Temp\ytaiesmt.exe
Replace: C:\Windows\erdnt\cache\rpcss.dll C:\Windows\System32\rpcss.dll
end
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [262656 2010-11-20] (Microsoft Corporation) => Value not found.
HKU\removevirus\Software\Microsoft\Windows\CurrentVersion\Run\\mskhet => value deleted successfully.
"C:\Users\JUDY\AppData\Roaming\mskhet.dll" => File/Directory not found.
C:\Users\JUDY\AppData\Local\Temp\ytaiesmt.exe => Moved successfully.
Could not find C:\Windows\System32\rpcss.dll
C:\Windows\erdnt\cache\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
 
==== End of Fixlog ====
Link to post
Share on other sites

Good progress, Judy. 

Please proceed with the following. 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) and save the file to your Desktop.
  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the file in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • TDSSKiller log (attached)
Link to post
Share on other sites

ok here we are

 

 
 
LastRegBack: 2014-10-26 00:12
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-10-2014
Ran by JUDY at 2014-10-30 01:34:41
Running from C:\Users\JUDY\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: System Shield (Enabled - Up to date) {3030810C-E2AC-B12D-8BB1-B1B8C0193798}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: System Shield (Enabled - Up to date) {8B5160E8-C496-BEA3-B101-8ACABB9E7D25}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (HKLM\...\Adobe_7e74552a59eaf9fafd13f90894ac9bd) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AUSkey software 1.4.4 (HKLM\...\{24D37B30-83B4-46A7-A691-30F2FCEAE58E}) (Version: 1.4.4 - ABR)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
AVSDK5 (Version: 5.4.11 - CYREN Inc.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (Version: 13.31.1038.0 - Logitech) Hidden
Cashbook Complete (HKLM\...\Cashbook Complete) (Version:  - )
CCScore (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKCU\...\Dropbox) (Version: 2.11.29 - Dropbox, Inc.)
EasyRotator Wizard (HKLM\...\com.dwuser.erwizard.EasyRotatorWizard) (Version: 1.0.124 - Magnetic Marketing Corp)
EasyRotator Wizard (Version: 1.0.124 - Magnetic Marketing Corp) Hidden
eM Client (HKLM\...\{8A33684C-A2EF-4A49-A4A9-BD6EF80EC12A}) (Version: 6.0.21040.0 - eM Client Inc.)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESSBrwr (Version: 7.00.0000.0003 - EASTMAN KODAK Company) Hidden
ESSCDBK (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESScore (Version: 7.00.0000.0008 - EASTMAN KODAK Company) Hidden
ESSgui (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSini (Version: 7.00.0000.0003 - EASTMAN KODAK Company) Hidden
ESSPCD (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSSONIC (Version: 6.4.0000.0001 - EASTMAN KODAK Company) Hidden
ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
e-tax 2013 (HKLM\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.7.491 - Australian Taxation Office)
e-tax 2014 (HKLM\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.10.788 - Australian Taxation Office)
Fences 2 (HKLM\...\Fences 22.01) (Version: 2.01 - Stardock Corporation)
fflink (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
FileZilla Client 3.9.0.5 (HKLM\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
Fotosizer 2.08 (HKLM\...\Fotosizer) (Version: 2.08.0.545 - Fotosizer.com)
GanttProject (HKLM\...\GanttProject) (Version:  - )
GIMP 2.6.12-2 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.12 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Drive (HKLM\...\{56D4499E-AC3E-4B8D-91C9-C700C148C44B}) (Version: 1.13.5782.599 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Internode Monthly Usage Meter 8.2a (HKLM\...\Internode Monthly Usage Meter_is1) (Version:  - )
iolo technologies' System Mechanic Professional (HKLM\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 14.0.1 - iolo technologies, LLC)
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
kgcbase (Version: 5.03.0000.0004 - EASTMAN KODAK Company) Hidden
Kobo (HKLM\...\Kobo) (Version: 3.0.4 - Kobo Inc.)
Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
Korean Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5670-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Lyrics Plugin for Windows Media Player (HKLM\...\{43002AE2-4093-49E0-A03D-990EE184C568}) (Version: 0.4 - Lyrics Plugin)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MariusSoft Bulk Image Resizer (HKLM\...\{DE563E12-A92C-4547-A3E4-D93D744164D7}) (Version: 1.0.0 - MariusSoft LLC)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
netbrdg (Version: 7.00.0000.0003 - EASTMAN KODAK Company) Hidden
OfotoXMI (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
OverDrive Media Console (HKLM\...\{D647F06F-2908-487E-9CDA-DE52148CBF49}) (Version: 3.2.10 - OverDrive, Inc.)
PASSAGE 3 (English version) (HKLM\...\P3E) (Version:  - )
Password Generator (remove only) (HKCU\...\Password Generator) (Version:  - WinCatalog.com)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
Project Viewer 2010 SP1 (HKLM\...\{E0993C3B-5CCB-4160-A9CE-86604DAC20BE}) (Version: 17.3.0 - Viewer Central)
PSPad editor (HKLM\...\PSPad editor_is1) (Version:  - Jan Fiala)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SFR (Version: 7.00.0000.0004 - Eastman Kodak Company) Hidden
SHASTA (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
SKINXSDK (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
Snap.Do (HKLM\...\{F33C8209-E8E0-49C8-8D7E-363CD346C801}) (Version: 11.117.1.19710 - ReSoft Ltd.) <==== ATTENTION
staticcr (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
System Mechanic 14 Professional (Version: 14.0.1 - ) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
tooltips (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Manager for SweetPacks 1.1 (HKLM\...\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}) (Version: 1.1.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
Videora iPod Converter 6 (HKLM\...\Videora iPod Converter) (Version: 6 - Red Kawa)
VPRINTOL (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
WD SmartWare (HKLM\...\{A6813E19-244A-476E-8AE5-A1176739EEE5}) (Version: 1.6.0.25 - Western Digital)
Web Assistant 2.0.0.445 (HKLM\...\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1) (Version:  - IB) <==== ATTENTION
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WIRELESS (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
WOW Slider (HKLM\...\WOW Slider_is1) (Version:  - )
XAMPP 1.7.7 (HKLM\...\xampp) (Version:  - )
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo!7 Messenger (HKLM\...\Yahoo!7 Messenger) (Version:  - Yahoo! Inc.)
YouTube Downloader App 3.00 (HKLM\...\YouTube Downloader App) (Version: 3.00 - Regensoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{20C62CA0-15DA-101B-B9A8-444553540000}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{20C62CAB-15DA-101B-B9A8-444553540000}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6FBA474B-43AC-11CE-9A0E-00AA0062BB4C}\InprocServer32 -> C:\Windows\system32\sysinfo.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BB1AE0D0-634E-11CF-8996-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BB1AE0D1-634E-11CF-8996-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
21-10-2014 09:36:54 Windows Update
24-10-2014 18:27:59 Windows Update
25-10-2014 13:00:33 Windows Backup
28-10-2014 19:29:04 Windows Update
29-10-2014 13:20:15 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 21:23 - 2014-01-22 23:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {21F2886D-9563-41E3-B8C5-95BDB221CDC5} - System32\Tasks\SDMsgUpdate (Local) => C:\Program Files\SmartDraw CI\Messages\SDNotify.exe [2012-08-14] ()
Task: {3674A452-9074-4D18-87C3-FC55398DB483} - System32\Tasks\HP AR Program Upload - 9bcc7fd55bd04f98b9848c21cb4fee10f8d5d3240f3c44208ada20b20a7f0d85 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {386DF063-9C35-431D-8683-E9DAE84E9651} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files\SmartDraw CI\Messages\SDNotify.exe [2012-08-14] ()
Task: {391BB1EF-867C-4839-9B8C-396910A5E44D} - System32\Tasks\HP AR Program Upload - 6f2b85e691014a32b2dbda37ff2ee6c4a392746e39ef41818d4e9e816a03fa2d => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {4340CFFD-14FB-4CE8-B7EC-49515E9964EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-26] (Adobe Systems Incorporated)
Task: {46BCAA68-631E-4472-88AA-CD63784E78D4} - \BrowserSafeguard Update Task No Task File <==== ATTENTION
Task: {4BB46668-3F6B-409D-8DB3-94333546E251} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {745039D9-7BF1-41E3-97D2-5B60E330E2DB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {75E37D6C-CBC4-493F-B1B7-483D95D6B643} - System32\Tasks\HP AR Program Upload - 6a1b909d73cf47668c635d1b70c737f0df200fce71c9499d8fe5fa4d11bad297 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {7C2A209A-4AFB-4724-B6CD-66C82A14B26D} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {9A8E8E42-C684-45C0-9DCD-FF01AAC4010E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {AAA198E8-4C59-41D6-A68D-0D6BCBB3FEB5} - System32\Tasks\iolo Process Governor => C:\Program Files\iolo\System Mechanic Professional\iologovernor.exe [2014-08-13] (iolo technologies, LLC)
Task: {BF0BDD64-C447-4609-A36B-1B1CA457F183} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.)
Task: {CD262629-5463-42A9-8239-3C2F3552F4DB} - System32\Tasks\HP AR Program Upload - af41b27368bd45959bdc19a601e84794810127de4b2249b3be3a20b59b9b1845 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {D0604AD8-A356-494A-B4B5-97352F740746} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {D099DA58-58F1-493F-ACC4-4A3D663E8A8B} - \Windows Update Check - 0x127402C5 No Task File <==== ATTENTION
Task: {D947123D-86E4-49CF-8F49-F98144E956F7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F0AA8786-B93A-4845-B679-48E9B7228712} - System32\Tasks\eM Client Database Backup => C:\Program Files\eM Client\DbBackup.exe [2014-10-16] ()
Task: {F1A343BC-AB6D-4640-A1C3-BBB4ACE7B2E9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {F56D68F0-0162-4134-B52C-68906D1D09B3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {FC9F2ABD-785C-4736-B580-7F629C05BDAE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core.job => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA.job => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SDMsgUpdate (Local).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe
Task: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-07 03:44 - 2014-09-07 03:44 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-25 03:41 - 2014-05-25 03:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-25 03:41 - 2014-05-25 03:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2012-04-21 15:00 - 2009-11-16 21:31 - 00069632 _____ () C:\Program Files\PSPad editor\PSPadShell.dll
2014-10-16 12:03 - 2014-10-16 12:03 - 00021504 _____ () C:\Program Files\eM Client\MailClient.Mapi.dll
2014-10-16 12:03 - 2014-10-16 12:03 - 00145408 _____ () C:\Program Files\eM Client\MailClient.Mail.dll
2012-04-26 12:45 - 2001-07-26 16:17 - 00692224 _____ () C:\Program Files\Internode\libeay32.dll
2012-04-26 12:45 - 2001-07-26 16:18 - 00151552 _____ () C:\Program Files\Internode\ssleay32.dll
2013-12-03 00:29 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2013-12-03 00:28 - 2012-05-25 04:25 - 00078336 _____ () C:\Program Files\Yahoo!\Messenger\pcre.dll
2014-10-30 00:29 - 2014-10-22 15:04 - 01042760 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-30 00:29 - 2014-10-22 15:04 - 00211272 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-30 00:29 - 2014-10-22 15:04 - 08910664 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-30 00:29 - 2014-10-22 15:04 - 01681224 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCT_SKMScan => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseqrts => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: vseamps => 2
MSCONFIG\Services: vsedsps => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3679276584-3606042885-2229931398-500 - Administrator - Disabled)
Graham (S-1-5-21-3679276584-3606042885-2229931398-1007 - Administrator - Enabled) => C:\Users\Graham
Guest (S-1-5-21-3679276584-3606042885-2229931398-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3679276584-3606042885-2229931398-1005 - Limited - Enabled)
JUDY (S-1-5-21-3679276584-3606042885-2229931398-1000 - Administrator - Enabled) => C:\Users\JUDY
Public (S-1-5-21-3679276584-3606042885-2229931398-1006 - Limited - Enabled)
removevirus (S-1-5-21-3679276584-3606042885-2229931398-1003 - Administrator - Enabled) => C:\Users\removevirus
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/30/2014 00:15:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/29/2014 00:24:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/29/2014 00:22:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/28/2014 07:05:01 PM) (Source: MsiInstaller) (EventID: 11723) (User: JUDY-PC)
Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationFailed, entry: InstallationFailed, library: C:\Windows\Installer\MSI57F5.tmp
 
Error: (10/28/2014 07:05:00 PM) (Source: MsiInstaller) (EventID: 11723) (User: JUDY-PC)
Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationComplete, entry: InstallationComplete, library: C:\Windows\Installer\MSI53EF.tmp
 
Error: (10/28/2014 02:53:16 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422
 
Error: (10/28/2014 02:53:16 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422
 
Error: (10/26/2014 02:58:48 PM) (Source: Chrome) (EventID: 1) (User: JUDY-PC)
Description: Chrome has encountered a fatal error.
ver=38.0.2125.104;lang=;guid=37CEA14469C349329A55BE0554D0AFA8;is_machine=0;oop=1;upload=1;minidump=C:\Users\JUDY\AppData\Local\Google\CrashReports\082d3734-7d83-457e-9dca-cb00ce7db10a.dmp
 
Error: (10/26/2014 00:40:41 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/26/2014 00:37:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (10/30/2014 01:34:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: 
%%1058
 
Error: (10/30/2014 01:34:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: 
%%1058
 
Error: (10/30/2014 01:33:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: 
%%1058
 
Error: (10/30/2014 01:30:33 AM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (10/30/2014 01:10:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: 
%%1058
 
Error: (10/30/2014 01:03:35 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: 
%%1058
 
Error: (10/30/2014 01:02:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: 
%%1058
 
Error: (10/30/2014 01:00:40 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: 
%%1058
 
Error: (10/30/2014 00:59:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: 
%%1058
 
Error: (10/30/2014 00:59:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: 
%%1058
 
 
Microsoft Office Sessions:
=========================
Error: (02/20/2013 10:50:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 58 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/20/2013 10:32:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 884 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error: (09/20/2012 11:39:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2836 seconds with 1380 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-04-11 12:50:08.371
  Description: Code Integrity is unable to verify the image integrity of the file \Device\CdRom0\HitmanPro.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:08:27.523
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:08:27.507
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:08:27.507
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:08:27.492
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:08:27.492
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:04:49.404
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:04:49.404
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:04:49.388
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:04:49.388
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core2 Duo CPU E7200 @ 2.53GHz
Percentage of memory in use: 61%
Total physical RAM: 3326.18 MB
Available physical RAM: 1295.14 MB
Total Pagefile: 6650.64 MB
Available Pagefile: 3997.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.73 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:149.01 GB) (Free:63.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 166E37A8)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

TDSSKiller.3.0.0.41_30.10.2014_01.50.23_log.txt

Link to post
Share on other sites

thanks Adam. by mistake I attempted to boot to safe mode and run FRST but of course that didn't work and was not what you meant. So computer booted back on, very slow again so that I thought I was back to a black screen again, but eventually it opened though without Windows Explorer working. I have now done what you asked, right clicked FRST and ran as administrator, checked Addition.txt and here are the logs.  Many thanks for your help, it is very appreciated.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2014 01
Ran by JUDY (administrator) on JUDY-PC on 31-10-2014 04:09:37
Running from C:\Users\JUDY\Dropbox\Desktop
Loaded Profile: JUDY (Available profiles: JUDY & removevirus & Graham)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: "https://www.google.com.au/webhp?"
CHR Profile: C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (Web Developer) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2012-04-20]
CHR Extension: (ColorZilla) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2012-11-17]
CHR Extension: (YouTube) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-20]
CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2012-04-20]
CHR Extension: (QR Code Generator) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cicimfkkbejhggfjaabggafffgdnjgjp [2012-08-29]
CHR Extension: (Google Search) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-20]
CHR Extension: (20-20 3D Viewer for Virtual Studio) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbhljkhbideandpbhpinhedfgdhkpdc [2014-01-11]
CHR Extension: (Lorem Ipsum Generator) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpfoncmmihgkooacnplecaopcefceam [2012-08-29]
CHR Extension: (Google Earth The Instant Way) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpifhlbldgbpgcgpcmiakanpghoddbme [2012-05-12]
CHR Extension: (The QR Code Generator) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2012-08-29]
CHR Extension: (Hola Better Internet) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-09-01]
CHR Extension: (Pin It Button) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-10-24]
CHR Extension: (New Tab Redirect) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2014-08-14]
CHR Extension: (ManageWP) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfehlfmidmihiohmobbfnbpgkckijbjj [2012-08-06]
CHR Extension: (HTML5 Web Development IDE) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kheidghjolippfddjfloeinafjkcgcic [2012-11-17]
CHR Extension: (Google Maps) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2012-05-12]
CHR Extension: (Google Wallet) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (SEO for Chrome) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2012-04-20]
CHR Extension: (Gmail) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-20]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JUDY\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-04]
CHR StartMenuInternet: Google Chrome - C:\Users\JUDY\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S4 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S4 vToolbarUpdater11.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-10] ()
S2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1150368 2012-04-24] (Western Digital )
S4 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [247704 2012-04-11] (Western Digital)
S4 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [185856 2012-05-24] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.)
S3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.)
R3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [22176 2012-01-18] (Logitech Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-12-03] (EldoS Corporation)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [28256 2014-08-13] (EldoS Corporation)
R1 SCT_SKMScan; C:\Windows\System32\DRIVERS\sct_skmscan.sys [33096 2012-10-12] (Sophos Limited)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-01-15] ()
S0 bdgw; System32\drivers\gjavkl.sys [X]
S3 catchme; \??\C:\Users\JUDY\AppData\Local\Temp\catchme.sys [X]
S1 FileDisk; No ImagePath
S0 kdcmo; System32\drivers\ejrh.sys [X]
S3 massfilter_hs; \??\C:\Windows\system32\drivers\massfilter_hs.sys [X]
S0 tqqe; System32\drivers\hpue.sys [X]
S3 zghsdiag; system32\DRIVERS\zghsdiag.sys [X]
S3 zghsmdm; system32\DRIVERS\zghsmdm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-30 19:11 - 2010-11-20 23:21 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-10-30 11:11 - 2014-10-31 04:09 - 00000000 ____D () C:\FRST
2014-10-30 01:46 - 2014-10-30 01:46 - 00000097 _____ () C:\Users\JUDY\Desktop\FRST.txt
2014-10-30 00:55 - 2014-10-30 00:56 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\JUDY\Desktop\tdsskiller.exe
2014-10-30 00:54 - 2014-10-30 01:46 - 00044517 _____ () C:\Users\JUDY\Desktop\Addition.txt
2014-10-30 00:49 - 2014-10-30 00:49 - 01105408 _____ (Farbar) C:\Users\JUDY\Desktop\FRST.exe
2014-10-29 19:19 - 2014-10-29 19:24 - 00000000 ____D () C:\.Trash-999
2014-10-28 19:02 - 2014-10-28 19:02 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Mahjong Games
2014-10-28 19:01 - 2014-10-28 19:01 - 00225504 _____ () C:\Users\JUDY\Downloads\FreeMahjongGamesSetup-N8mdJBEcO.exe
2014-10-28 14:53 - 2014-10-28 14:53 - 00000000 ____D () C:\Users\JUDY\AppData\Local\{A323528A-2121-4BB8-B742-20C0B4681180}
2014-10-27 13:05 - 2014-10-27 13:05 - 00056376 _____ () C:\Users\JUDY\.recently-used.xbel
2014-10-26 15:24 - 2014-10-26 15:26 - 25491968 _____ () C:\Users\JUDY\Desktop\Steamfest 2014 - Exhibits & Stall Holders (Mick Smith's conflicted copy 2014-03-05).xls
2014-10-21 15:17 - 2014-10-21 15:17 - 00000000 ____D () C:\Users\JUDY\Documents\Red Kawa
2014-10-21 15:17 - 2014-10-21 15:17 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Red Kawa
2014-10-21 13:33 - 2014-10-21 13:33 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Regensoft
2014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\Users\JUDY\Documents\Regensoft
2014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Regensoft
2014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\Program Files\Regensoft
2014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\Program Files\AviSynth 2.5
2014-10-21 13:27 - 2014-10-21 13:27 - 00002156 _____ () C:\Users\Public\Desktop\Videora iPod Converter.lnk
2014-10-21 13:27 - 2014-10-21 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Kawa
2014-10-21 13:27 - 2014-10-21 13:27 - 00000000 ____D () C:\Program Files\Red Kawa
2014-10-16 07:50 - 2014-10-16 07:50 - 01054912 _____ (Adobe) C:\Users\JUDY\Desktop\install_flashplayer15x32au_ltr5x32d_awc_aih.exe
2014-10-15 18:27 - 2014-06-27 12:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-15 17:51 - 2014-09-18 12:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 17:51 - 2014-06-25 12:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-15 17:51 - 2014-06-24 13:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-15 17:50 - 2014-09-25 12:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-15 17:50 - 2014-09-05 12:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 17:50 - 2014-08-01 22:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-15 17:50 - 2014-07-09 12:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-15 17:50 - 2014-07-09 09:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-15 17:49 - 2014-09-10 08:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-15 17:35 - 2014-09-29 11:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 17:32 - 2014-09-04 16:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 17:31 - 2014-07-17 12:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 17:31 - 2014-07-17 12:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 17:31 - 2014-07-17 12:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 17:31 - 2014-07-17 12:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 17:31 - 2014-07-17 12:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 17:31 - 2014-07-17 12:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 17:30 - 2014-07-17 12:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 17:30 - 2014-07-17 12:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 17:29 - 2014-10-07 13:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 17:29 - 2014-09-26 09:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 17:29 - 2014-09-26 09:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 17:29 - 2014-09-26 09:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 17:29 - 2014-09-26 09:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 17:29 - 2014-09-26 09:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 17:29 - 2014-09-19 12:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 17:29 - 2014-09-19 12:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 17:29 - 2014-09-19 12:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 17:29 - 2014-09-19 12:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 17:29 - 2014-09-19 12:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 17:29 - 2014-09-19 12:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 17:29 - 2014-09-19 12:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 17:29 - 2014-09-19 11:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 17:29 - 2014-09-19 11:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 17:29 - 2014-09-19 11:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 17:29 - 2014-09-19 11:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 17:29 - 2014-09-19 11:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 17:29 - 2014-09-19 11:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 17:29 - 2014-09-19 11:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 17:29 - 2014-09-19 11:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 17:29 - 2014-09-19 11:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 17:29 - 2014-09-19 11:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 17:29 - 2014-09-19 11:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 17:29 - 2014-09-19 11:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 17:29 - 2014-09-19 11:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 17:29 - 2014-09-19 11:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 17:29 - 2014-09-19 10:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 17:29 - 2014-09-19 10:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 17:29 - 2014-09-19 10:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 17:29 - 2014-06-19 09:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 17:29 - 2014-06-19 09:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 17:29 - 2014-06-19 09:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 17:28 - 2014-09-13 12:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 17:28 - 2014-08-29 12:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 17:27 - 2014-07-07 12:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 17:27 - 2014-07-07 12:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 17:27 - 2014-07-07 12:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 17:27 - 2014-06-28 11:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 17:27 - 2014-06-28 11:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 17:27 - 2014-06-28 11:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 17:26 - 2014-08-19 13:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 17:26 - 2014-08-19 13:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 17:26 - 2014-08-19 13:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 17:26 - 2014-08-19 13:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 17:26 - 2014-08-19 13:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 17:26 - 2014-08-19 12:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 17:26 - 2014-07-07 12:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 17:26 - 2014-07-07 12:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 17:26 - 2014-07-07 12:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 17:26 - 2014-07-07 12:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 17:26 - 2014-07-07 12:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 17:26 - 2014-07-07 12:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 17:26 - 2014-07-07 12:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 18:30 - 2014-10-14 18:30 - 00474271 _____ () C:\Users\JUDY\Desktop\Dimensions.xlsx
2014-10-13 13:25 - 2014-10-30 00:15 - 00000408 _____ () C:\Windows\system32\iolo.ini
2014-10-13 13:10 - 2014-10-13 13:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-10 09:02 - 2014-10-10 09:02 - 00007435 _____ () C:\Users\JUDY\Desktop\2014-June.txt.gz
2014-10-09 20:33 - 2014-10-09 20:33 - 00000000 ____D () C:\Users\JUDY\Desktop\2014+TasTourismAwards+Finalist+Logos
2014-10-09 13:35 - 2014-10-09 13:35 - 00000064 _____ () C:\Users\JUDY\Desktop\Steamfest call tracker.laccdb
2014-10-07 14:44 - 2014-10-07 14:44 - 00000000 ____D () C:\Users\JUDY\NZBDriveCache
2014-10-07 14:37 - 2014-10-07 14:37 - 00000000 ____D () C:\Users\JUDY\AppData\Local\ByteFountain
2014-10-07 14:35 - 2014-10-07 15:00 - 00000000 ____D () C:\Program Files\NZBDrive
2014-10-07 14:35 - 2014-01-08 23:34 - 00051712 _____ () C:\Windows\system32\dokanx.dll
2014-10-07 14:27 - 2014-10-07 14:28 - 05194104 _____ (ByteFountain ) C:\Users\JUDY\Desktop\nzbdrive-setup-1.1.1-win.exe
2014-10-06 16:42 - 2014-10-06 16:43 - 00000000 ____D () C:\Users\JUDY\Desktop\TOSHIBA
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-31 04:04 - 2012-06-11 00:49 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\eM Client
2014-10-31 03:30 - 2014-07-07 23:07 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-31 03:28 - 2012-04-20 22:25 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA.job
2014-10-31 03:00 - 2012-04-20 20:36 - 01623055 _____ () C:\Windows\WindowsUpdate.log
2014-10-31 01:39 - 2012-12-20 11:11 - 00000000 ____D () C:\Users\JUDY\Documents\eM Client
2014-10-30 21:07 - 2012-04-20 20:29 - 00010080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-30 21:07 - 2012-04-20 20:29 - 00010080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-30 21:04 - 2012-04-20 20:43 - 00786474 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-30 21:01 - 2013-12-08 22:31 - 00000478 _____ () C:\Windows\Tasks\SDMsgUpdate (Local).job
2014-10-30 21:01 - 2013-12-08 22:31 - 00000470 _____ () C:\Windows\Tasks\SDMsgUpdate (TE).job
2014-10-30 21:00 - 2014-09-27 22:25 - 00046738 _____ () C:\Windows\setupact.log
2014-10-30 21:00 - 2014-09-16 13:42 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-10-30 21:00 - 2009-07-14 15:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-30 20:59 - 2012-04-20 20:33 - 02521000 _____ () C:\Windows\PFRO.log
2014-10-30 12:34 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-10-30 12:16 - 2013-07-04 01:39 - 00000000 ____D () C:\Program Files\etax2013
2014-10-30 11:15 - 2012-05-09 17:30 - 00000000 ___RD () C:\Users\JUDY\Dropbox
2014-10-30 09:11 - 2012-04-21 14:19 - 00000000 ____D () C:\Users\JUDY\Documents\WEB DESIGN TOOLS
2014-10-30 07:52 - 2014-07-10 11:11 - 00000000 ____D () C:\Users\Graham
2014-10-30 07:52 - 2013-03-26 21:57 - 00000000 ____D () C:\Users\removevirus
2014-10-30 07:52 - 2012-04-21 15:00 - 00000000 ____D () C:\Program Files\PSPad editor
2014-10-30 07:52 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-10-30 07:52 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\registration
2014-10-30 07:21 - 2013-10-24 09:54 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-30 07:21 - 2012-05-09 16:35 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Dropbox
2014-10-30 05:28 - 2012-04-20 22:25 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core.job
2014-10-30 03:24 - 2012-05-20 01:17 - 00000000 ____D () C:\Users\JUDY\AppData\Local\Western_Digital
2014-10-30 00:15 - 2012-04-20 23:18 - 00000392 _____ () C:\Windows\system32\iolo.ini.txt
2014-10-30 00:14 - 2012-04-20 20:30 - 00000000 ____D () C:\Users\JUDY
2014-10-29 09:32 - 2012-04-21 14:45 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\FileZilla
2014-10-27 18:39 - 2012-04-21 15:44 - 00000000 ____D () C:\Windows\system32\config\SM Registry Backup
2014-10-27 13:06 - 2014-09-17 18:04 - 00000000 ____D () C:\Users\JUDY\.gimp-2.6
2014-10-26 22:21 - 2012-04-22 19:52 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\gtk-2.0
2014-10-24 17:19 - 2012-04-21 13:45 - 00000000 ____D () C:\Users\JUDY\Documents\Cashbook Data
2014-10-24 17:19 - 2012-04-21 13:44 - 00000000 ____D () C:\ProgramData\Cashbook Complete
2014-10-23 11:57 - 2014-07-13 19:34 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-tax 2014
2014-10-23 11:57 - 2014-07-13 19:34 - 00000000 ____D () C:\Program Files\etax2014
2014-10-23 09:03 - 2013-07-08 18:15 - 00016896 ___SH () C:\Users\JUDY\Thumbs.db
2014-10-21 16:07 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\PLA
2014-10-17 10:04 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-17 09:56 - 2012-06-11 00:48 - 00000924 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
2014-10-17 09:56 - 2012-06-11 00:48 - 00000000 ____D () C:\Program Files\eM Client
2014-10-15 20:20 - 2009-07-14 15:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-15 20:08 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\rescache
2014-10-15 19:26 - 2014-07-07 22:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-15 19:26 - 2009-07-14 15:33 - 02355440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 18:32 - 2012-04-21 21:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 18:23 - 2013-08-15 04:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 18:08 - 2012-04-22 10:17 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 14:22 - 2012-09-03 12:47 - 00000000 ____D () C:\Users\JUDY\Documents\My Kindle Content
2014-10-14 08:54 - 2014-07-07 22:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-13 13:10 - 2012-04-20 22:22 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-13 13:10 - 2012-04-20 22:22 - 00000000 ____D () C:\Program Files\Adobe
2014-10-13 09:22 - 2014-09-29 10:51 - 01802240 _____ () C:\Users\JUDY\Documents\RWCSHS.accdb
2014-10-10 18:43 - 2013-02-23 13:54 - 00000000 ___SD () C:\Users\JUDY\Documents\My Data Sources
2014-10-02 15:53 - 2012-04-20 21:13 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-01 11:11 - 2014-07-07 22:55 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-07-07 22:55 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2014-01-21 09:21 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 
Some content of TEMP:
====================
C:\Users\JUDY\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0rktla.dll
C:\Users\JUDY\AppData\Local\temp\FreeMahjong.exe
C:\Users\JUDY\AppData\Local\temp\setup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-26 00:12
 
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-10-2014 01
Ran by JUDY at 2014-10-31 04:10:36
Running from C:\Users\JUDY\Dropbox\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (HKLM\...\Adobe_7e74552a59eaf9fafd13f90894ac9bd) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AUSkey software 1.4.4 (HKLM\...\{24D37B30-83B4-46A7-A691-30F2FCEAE58E}) (Version: 1.4.4 - ABR)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (Version: 13.31.1038.0 - Logitech) Hidden
Cashbook Complete (HKLM\...\Cashbook Complete) (Version:  - )
CCScore (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKCU\...\Dropbox) (Version: 2.11.30 - Dropbox, Inc.)
EasyRotator Wizard (HKLM\...\com.dwuser.erwizard.EasyRotatorWizard) (Version: 1.0.124 - Magnetic Marketing Corp)
EasyRotator Wizard (Version: 1.0.124 - Magnetic Marketing Corp) Hidden
eM Client (HKLM\...\{8A33684C-A2EF-4A49-A4A9-BD6EF80EC12A}) (Version: 6.0.21040.0 - eM Client Inc.)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESSBrwr (Version: 7.00.0000.0003 - EASTMAN KODAK Company) Hidden
ESSCDBK (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESScore (Version: 7.00.0000.0008 - EASTMAN KODAK Company) Hidden
ESSgui (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSini (Version: 7.00.0000.0003 - EASTMAN KODAK Company) Hidden
ESSPCD (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSSONIC (Version: 6.4.0000.0001 - EASTMAN KODAK Company) Hidden
ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
e-tax 2014 (HKLM\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.10.788 - Australian Taxation Office)
Fences 2 (HKLM\...\Fences 22.01) (Version: 2.01 - Stardock Corporation)
fflink (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
FileZilla Client 3.9.0.5 (HKLM\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
Fotosizer 2.08 (HKLM\...\Fotosizer) (Version: 2.08.0.545 - Fotosizer.com)
GanttProject (HKLM\...\GanttProject) (Version:  - )
GIMP 2.6.12-2 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.12 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Drive (HKLM\...\{56D4499E-AC3E-4B8D-91C9-C700C148C44B}) (Version: 1.13.5782.599 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Internode Monthly Usage Meter 8.2a (HKLM\...\Internode Monthly Usage Meter_is1) (Version:  - )
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
kgcbase (Version: 5.03.0000.0004 - EASTMAN KODAK Company) Hidden
Kobo (HKLM\...\Kobo) (Version: 3.0.4 - Kobo Inc.)
Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
Korean Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5670-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Lyrics Plugin for Windows Media Player (HKLM\...\{43002AE2-4093-49E0-A03D-990EE184C568}) (Version: 0.4 - Lyrics Plugin)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MariusSoft Bulk Image Resizer (HKLM\...\{DE563E12-A92C-4547-A3E4-D93D744164D7}) (Version: 1.0.0 - MariusSoft LLC)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
netbrdg (Version: 7.00.0000.0003 - EASTMAN KODAK Company) Hidden
OfotoXMI (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
OverDrive Media Console (HKLM\...\{D647F06F-2908-487E-9CDA-DE52148CBF49}) (Version: 3.2.10 - OverDrive, Inc.)
PASSAGE 3 (English version) (HKLM\...\P3E) (Version:  - )
Password Generator (remove only) (HKCU\...\Password Generator) (Version:  - WinCatalog.com)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
Project Viewer 2010 SP1 (HKLM\...\{E0993C3B-5CCB-4160-A9CE-86604DAC20BE}) (Version: 17.3.0 - Viewer Central)
PSPad editor (HKLM\...\PSPad editor_is1) (Version:  - Jan Fiala)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SFR (Version: 7.00.0000.0004 - Eastman Kodak Company) Hidden
SHASTA (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
SKINXSDK (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
Snap.Do (HKLM\...\{F33C8209-E8E0-49C8-8D7E-363CD346C801}) (Version: 11.117.1.19710 - ReSoft Ltd.) <==== ATTENTION
staticcr (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
tooltips (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Manager for SweetPacks 1.1 (HKLM\...\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}) (Version: 1.1.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
Videora iPod Converter 6 (HKLM\...\Videora iPod Converter) (Version: 6 - Red Kawa)
VPRINTOL (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
WD SmartWare (HKLM\...\{A6813E19-244A-476E-8AE5-A1176739EEE5}) (Version: 1.6.0.25 - Western Digital)
Web Assistant 2.0.0.445 (HKLM\...\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1) (Version:  - IB) <==== ATTENTION
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WIRELESS (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
WOW Slider (HKLM\...\WOW Slider_is1) (Version:  - )
XAMPP 1.7.7 (HKLM\...\xampp) (Version:  - )
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo!7 Messenger (HKLM\...\Yahoo!7 Messenger) (Version:  - Yahoo! Inc.)
YouTube Downloader App 3.00 (HKLM\...\YouTube Downloader App) (Version: 3.00 - Regensoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{20C62CA0-15DA-101B-B9A8-444553540000}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{20C62CAB-15DA-101B-B9A8-444553540000}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6FBA474B-43AC-11CE-9A0E-00AA0062BB4C}\InprocServer32 -> C:\Windows\system32\sysinfo.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BB1AE0D0-634E-11CF-8996-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BB1AE0D1-634E-11CF-8996-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
25-10-2014 13:00:33 Windows Backup
28-10-2014 19:29:04 Windows Update
29-10-2014 13:20:15 Windows Update
30-10-2014 01:15:53 Removed e-tax 2013
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 21:23 - 2014-01-22 23:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {21F2886D-9563-41E3-B8C5-95BDB221CDC5} - System32\Tasks\SDMsgUpdate (Local) => C:\Program Files\SmartDraw CI\Messages\SDNotify.exe [2012-08-14] ()
Task: {3674A452-9074-4D18-87C3-FC55398DB483} - System32\Tasks\HP AR Program Upload - 9bcc7fd55bd04f98b9848c21cb4fee10f8d5d3240f3c44208ada20b20a7f0d85 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {386DF063-9C35-431D-8683-E9DAE84E9651} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files\SmartDraw CI\Messages\SDNotify.exe [2012-08-14] ()
Task: {391BB1EF-867C-4839-9B8C-396910A5E44D} - System32\Tasks\HP AR Program Upload - 6f2b85e691014a32b2dbda37ff2ee6c4a392746e39ef41818d4e9e816a03fa2d => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {4340CFFD-14FB-4CE8-B7EC-49515E9964EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-26] (Adobe Systems Incorporated)
Task: {46BCAA68-631E-4472-88AA-CD63784E78D4} - \BrowserSafeguard Update Task No Task File <==== ATTENTION
Task: {4BB46668-3F6B-409D-8DB3-94333546E251} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {745039D9-7BF1-41E3-97D2-5B60E330E2DB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {75E37D6C-CBC4-493F-B1B7-483D95D6B643} - System32\Tasks\HP AR Program Upload - 6a1b909d73cf47668c635d1b70c737f0df200fce71c9499d8fe5fa4d11bad297 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {7C2A209A-4AFB-4724-B6CD-66C82A14B26D} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {9A8E8E42-C684-45C0-9DCD-FF01AAC4010E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {BF0BDD64-C447-4609-A36B-1B1CA457F183} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.)
Task: {CD262629-5463-42A9-8239-3C2F3552F4DB} - System32\Tasks\HP AR Program Upload - af41b27368bd45959bdc19a601e84794810127de4b2249b3be3a20b59b9b1845 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {D0604AD8-A356-494A-B4B5-97352F740746} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {D099DA58-58F1-493F-ACC4-4A3D663E8A8B} - \Windows Update Check - 0x127402C5 No Task File <==== ATTENTION
Task: {D947123D-86E4-49CF-8F49-F98144E956F7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F0AA8786-B93A-4845-B679-48E9B7228712} - System32\Tasks\eM Client Database Backup => C:\Program Files\eM Client\DbBackup.exe [2014-10-16] ()
Task: {F1A343BC-AB6D-4640-A1C3-BBB4ACE7B2E9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {F56D68F0-0162-4134-B52C-68906D1D09B3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {FC9F2ABD-785C-4736-B580-7F629C05BDAE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core.job => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA.job => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SDMsgUpdate (Local).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe
Task: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-04-26 12:45 - 2001-07-26 16:17 - 00692224 _____ () C:\Program Files\Internode\libeay32.dll
2012-04-26 12:45 - 2001-07-26 16:18 - 00151552 _____ () C:\Program Files\Internode\ssleay32.dll
2013-12-03 00:29 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2013-12-03 00:28 - 2012-05-25 04:25 - 00078336 _____ () C:\Program Files\Yahoo!\Messenger\pcre.dll
2014-09-07 03:44 - 2014-09-07 03:44 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-25 03:41 - 2014-05-25 03:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-25 03:41 - 2014-05-25 03:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2012-04-21 15:00 - 2009-11-16 21:31 - 00069632 _____ () C:\Program Files\PSPad editor\PSPadShell.dll
2014-10-17 09:57 - 2014-10-17 09:57 - 00136704 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.1d52ed9e#\3f37d37edd2539fd887a895da68e0eac\MailClient.Collections.ni.dll
2014-10-17 09:57 - 2014-10-17 09:57 - 00499200 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Mail\c1f4626383a767d539009789dba9e73f\MailClient.Mail.ni.dll
2014-10-17 09:57 - 2014-10-17 09:57 - 00950272 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\HTMLEditorControl\31ea24af345a813b3aecf2ee3846c970\HTMLEditorControl.ni.dll
2014-10-17 09:57 - 2014-10-17 09:57 - 00583168 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Common.UI\834d378b666a784c3cbe68d47a0bdc64\MailClient.Common.UI.ni.dll
2014-10-17 09:57 - 2014-10-17 09:57 - 00022528 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Interop\47d8e07002c7f29138e38a4eaa8de94f\MailClient.Interop.ni.dll
2014-10-15 19:09 - 2014-10-15 19:09 - 00552448 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\LinqBridge\e8c3058a15fb87741d77bb41bf9913ca\LinqBridge.ni.dll
2014-01-23 18:15 - 2014-01-23 18:15 - 00642016 _____ () C:\Program Files\eM Client\SQLite\x86\sqlite3.dll
2014-07-24 23:00 - 2014-07-24 23:00 - 00087040 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\SystemCoreTimeZone\69d647a1da7184e95bb8639749cb10c8\SystemCoreTimeZone.ni.dll
2014-10-17 09:57 - 2014-10-17 09:57 - 00101376 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Sasl\3ef53be4826dcc6ba93ed5241cb18261\MailClient.Sasl.ni.dll
2014-10-15 19:09 - 2014-10-15 19:09 - 00685056 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\HtmlInterop\051820fa18179a93ea4cf9088166e2e2\HtmlInterop.ni.dll
2014-10-15 19:10 - 2014-10-15 19:10 - 01587712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsAPICodePack\9ea87e8059caa6e740a0e247602f0d4e\WindowsAPICodePack.ni.dll
2014-10-17 09:57 - 2014-10-17 09:57 - 00257024 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Imap.Base\b72e005d3d4b43d3aaba2a2f51202524\MailClient.Imap.Base.ni.dll
2014-10-30 00:29 - 2014-10-22 15:04 - 01042760 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-30 00:29 - 2014-10-22 15:04 - 00211272 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-30 00:29 - 2014-10-22 15:04 - 08910664 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-30 00:29 - 2014-10-22 15:04 - 01681224 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-09-26 10:01 - 2014-09-26 10:01 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCT_SKMScan => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: vseamps => 2
MSCONFIG\Services: vsedsps => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3679276584-3606042885-2229931398-500 - Administrator - Disabled)
Graham (S-1-5-21-3679276584-3606042885-2229931398-1007 - Administrator - Enabled) => C:\Users\Graham
Guest (S-1-5-21-3679276584-3606042885-2229931398-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3679276584-3606042885-2229931398-1005 - Limited - Enabled)
JUDY (S-1-5-21-3679276584-3606042885-2229931398-1000 - Administrator - Enabled) => C:\Users\JUDY
Public (S-1-5-21-3679276584-3606042885-2229931398-1006 - Limited - Enabled)
removevirus (S-1-5-21-3679276584-3606042885-2229931398-1003 - Administrator - Enabled) => C:\Users\removevirus
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/31/2014 04:04:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: f0c
 
Start Time: 01cff42862ada414
 
Termination Time: 27
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: b6a59877-601b-11e4-98e5-002170228c87
 
Error: (10/30/2014 09:01:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/30/2014 01:33:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/30/2014 01:32:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/30/2014 07:59:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/30/2014 07:56:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/30/2014 02:36:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/30/2014 00:15:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/29/2014 00:24:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/29/2014 00:22:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (10/31/2014 04:09:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: 
%%1058
 
Error: (10/31/2014 04:08:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: 
%%1058
 
Error: (10/31/2014 04:08:56 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068WDBackup{81213AB4-5937-4340-88CD-66B4BC80DF73}
 
Error: (10/30/2014 09:33:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (10/30/2014 09:01:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (10/30/2014 09:00:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
bdgw
FileDisk
kdcmo
tqqe
 
Error: (10/30/2014 09:00:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: 
%%1058
 
Error: (10/30/2014 00:31:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: 
%%1058
 
Error: (10/30/2014 00:12:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iolo System Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/30/2014 10:41:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: 
%%1058
 
 
Microsoft Office Sessions:
=========================
Error: (02/20/2013 10:50:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 58 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/20/2013 10:32:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 884 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error: (09/20/2012 11:39:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2836 seconds with 1380 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-04-11 12:50:08.371
  Description: Code Integrity is unable to verify the image integrity of the file \Device\CdRom0\HitmanPro.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:08:27.523
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:08:27.507
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:08:27.507
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:08:27.492
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:08:27.492
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:04:49.404
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:04:49.404
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:04:49.388
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:04:49.388
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core2 Duo CPU E7200 @ 2.53GHz
Percentage of memory in use: 52%
Total physical RAM: 3326.18 MB
Available physical RAM: 1588.02 MB
Total Pagefile: 6650.64 MB
Available Pagefile: 4409.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.73 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:149.01 GB) (Free:63.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (FLASH DRIVE) (Removable) (Total:7.19 GB) (Free:7.19 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 166E37A8)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.2 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0B)
 
==================== End Of Log ============================
Link to post
Share on other sites

Hi Judy, 
 

by mistake I attempted to boot to safe mode and run FRST but of course that didn't work

Are you unable to boot into Safe Mode? What happens?
 
STEP 1
9SN2ePL.png ComboFix

  • Note: Please read through these instructions before running ComboFix. 
  • Please download ComboFix and save the file to your Desktop. << Important!
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click ComboFix.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
     
  • Allow ComboFix to complete it's removal routine (please refer to Important Notes:).
  • Upon completion, a log (ComboFix.txt) will be created in the root directory (C:\). Copy the contents of the log and paste in your next reply.
  • Re-enable your anti-virus software.
     

Important Notes:

  • Do NOT mouse click ComboFix's window whilst it is running. This may cause the programme to stall.
  • Do NOT use your computer whilst ComboFix is running.
  • Your Desktop/taskbar may disappear whilst ComboFix is running; this is normal.
     
  • If you get the message Illegal operation attempted on registry key that has been marked for deletion please reboot your computer.
  • ComboFix will disconnect your machine from the Internet as soon as it starts.
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If you are unable to access the Internet after running ComboFix, please reboot your computer. 
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • (!) All profiles must be loaded before running FRST. Login normally to Judy, switch user (instructions) to removevirus, and switch user again to Graham. Then switch user back to Judy, and run FRST as instructed below. 
  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • ComboFix.txt
  • FRST.txt
  • Addition.txt
Link to post
Share on other sites

Hi Adam,. sorry about delay in replying, have had hectic 3 days with community event.

To clarify, did not have a problem booting to safe mode, just misunderstood your instructions about running as admin, which was from desktop not safemode.

ok here are the files you asked for. Note that ComboFix did an update first, then ran for maybe half an hour all up. It did not disconnect from internet(I had disabled antivirus) nor did any messages come up, it rebooted itself at the end then produced the logs.  Logging in with my own profile still takes a while (the other 2 have no files, one was only so could log in on previous rootkill lockdown occasion) and Windows startup is still slow, like black screen there longer than it used to be. I do have quite a few startup programmes but have not added any lately and it was never this slow.  All advice gratefully received and thanks again for your help Adam!

 

First attempt to post the logs said it was too long so am separating files to see if it works - if it does will send Addition.txt separately

 

ComboFix 14-10-29.01 - JUDY 04/11/2014   9:42.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.3326.2063 [GMT 11:00]
Running from: c:\users\JUDY\Documents\INSTALLS  TO KEEP\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\AdobePDF.dll
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-03 to 2014-11-03  )))))))))))))))))))))))))))))))
.
.
2014-11-03 22:56 . 2014-11-03 22:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-11-03 22:56 . 2014-11-03 22:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-03 22:56 . 2014-11-03 22:56 -------- d-----w- c:\users\removevirus\AppData\Local\temp
2014-11-03 22:56 . 2014-11-03 22:56 -------- d-----w- c:\users\Graham\AppData\Local\temp
2014-11-03 03:51 . 2014-11-03 03:51 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-03 03:51 . 2014-11-03 03:51 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-02 17:52 . 2014-11-02 17:52 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97807FE2-CEEE-470F-9FE0-A1EF5AB42EB1}\offreg.dll
2014-10-31 03:05 . 2014-10-14 20:13 8901368 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97807FE2-CEEE-470F-9FE0-A1EF5AB42EB1}\mpengine.dll
2014-10-30 08:11 . 2010-11-20 12:21 376832 ----a-w- c:\windows\system32\rpcss.dll
2014-10-30 00:11 . 2014-10-30 17:11 -------- d-----w- C:\FRST
2014-10-29 23:04 . 2014-10-29 23:11 -------- d---a-w- C:\RescueCD Logs
2014-10-29 08:19 . 2014-10-29 08:24 -------- d---a-w- C:\.Trash-999
2014-10-21 04:17 . 2014-10-21 04:17 -------- d-----w- c:\users\JUDY\AppData\Roaming\Red Kawa
2014-10-21 02:33 . 2014-10-21 02:33 -------- d-----w- c:\users\JUDY\AppData\Roaming\Regensoft
2014-10-21 02:28 . 2014-10-21 02:28 -------- d-----w- c:\program files\Regensoft
2014-10-21 02:28 . 2014-10-21 02:28 -------- d-----w- c:\program files\AviSynth 2.5
2014-10-21 02:27 . 2014-10-21 02:27 -------- d-----w- c:\program files\Red Kawa
2014-10-15 07:27 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-10-15 06:51 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\system32\msi.dll
2014-10-15 06:51 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-10-15 06:50 . 2014-08-01 11:35 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-10-15 06:50 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\system32\mstscax.dll
2014-10-15 06:50 . 2014-09-25 01:40 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-10-15 06:50 . 2014-07-09 01:29 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-10-15 06:50 . 2014-07-09 01:29 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-10-15 06:49 . 2014-09-09 21:47 2048 ----a-w- c:\windows\system32\tzres.dll
2014-10-15 06:35 . 2014-09-29 00:41 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-10-15 06:32 . 2014-09-04 05:04 372736 ----a-w- c:\windows\system32\rastls.dll
2014-10-15 06:31 . 2014-07-17 01:40 157696 ----a-w- c:\windows\system32\winsta.dll
2014-10-15 06:31 . 2014-07-17 01:39 523264 ----a-w- c:\windows\system32\termsrv.dll
2014-10-15 06:31 . 2014-07-17 01:39 130048 ----a-w- c:\windows\system32\rdpcorekmts.dll
2014-10-15 06:31 . 2014-07-17 01:39 304128 ----a-w- c:\windows\system32\winlogon.exe
2014-10-15 06:31 . 2014-07-17 01:39 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-10-15 06:31 . 2014-07-17 01:03 184320 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-10-15 06:30 . 2014-07-17 01:39 17408 ----a-w- c:\windows\system32\credssp.dll
2014-10-15 06:30 . 2014-07-17 01:02 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-10-15 06:28 . 2014-08-29 01:44 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
2014-10-15 06:28 . 2014-09-13 01:40 67072 ----a-w- c:\windows\system32\packager.dll
2014-10-15 06:26 . 2014-07-07 01:40 1005056 ----a-w- c:\windows\system32\cryptui.dll
2014-10-07 03:44 . 2014-10-07 03:44 -------- d-----w- c:\users\JUDY\NZBDriveCache
2014-10-07 03:37 . 2014-10-07 03:37 -------- d-----w- c:\users\JUDY\AppData\Local\ByteFountain
2014-10-07 03:35 . 2014-01-08 12:34 51712 ----a-w- c:\windows\system32\dokanx.dll
2014-10-07 03:35 . 2014-10-07 04:00 -------- d-----w- c:\program files\NZBDrive
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-03 22:08 . 2014-07-07 12:07 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-27 19:35 . 2012-04-20 10:13 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-01 00:11 . 2014-07-07 11:55 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 00:11 . 2014-07-07 11:55 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 00:11 . 2014-01-20 22:21 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-23 01:46 . 2014-08-28 08:11 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-12 13:57 . 2014-01-20 10:55 41616 ----a-w- c:\windows\system32\iolobtdfg.exe
2014-08-12 13:57 . 2014-01-20 10:55 23568 ----a-w- c:\windows\system32\smrgdf.exe
2014-08-12 13:38 . 2014-08-30 01:48 28256 ----a-w- c:\windows\system32\drivers\rawdsk3.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-10 04:21 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 04:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 04:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 04:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 04:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 04:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 04:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InternodeUsage"="c:\progra~1\INTERN~2\mum.exe" [2011-02-19 1361408]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-16 1837672]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-24 6595928]
"eM Client"="c:\program files\eM Client\MailClient.exe" [2014-10-16 15558952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fences"="c:\program files\Stardock\Fences\Fences.exe" [2012-10-29 4017368]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-08-01 152392]
.
c:\users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\JUDY\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-1 39183280]
Fences.lnk - c:\program files\Stardock\Fences\Fences.exe /startup [2012-10-30 4017368]
Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN33BB3G7505KD;CONNECTION=NW;MONITOR=1; [2009-7-14 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2012-10-29 478936]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   ???
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-07-31 02:15 43816 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-08-01 06:18 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R0 bdgw;bdgw;c:\windows\System32\drivers\gjavkl.sys [x]
R0 kdcmo;kdcmo;c:\windows\System32\drivers\ejrh.sys [x]
R0 tqqe;tqqe;c:\windows\System32\drivers\hpue.sys [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-01 968504]
R2 WDBackup;WD Backup;c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-04-23 1150368]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 28256]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 28256]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2014-03-19 65232]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-09-19 108032]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-03 114904]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-10-01 51928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2014-01-15 13464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-21 1343400]
R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [x]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-14 284016]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-19 176128]
R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-01 1871160]
R4 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-17 450848]
R4 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-10 935008]
R4 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [2012-04-11 247704]
R4 WDRulesService;WD Rules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-04-11 1177496]
R4 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-24 185856]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2013-12-02 26248]
S1 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys [2014-08-12 28256]
S1 SCT_SKMScan;SCT_SKMScan;c:\windows\system32\DRIVERS\sct_skmscan.sys [2012-10-12 33096]
S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-10-01 75480]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-07-02 5037888]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2012-01-17 22176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-10-01 23256]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-03 03:51]
.
2014-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-27 05:55]
.
2014-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-27 05:55]
.
2014-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core.job
- c:\users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20 11:25]
.
2014-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA.job
- c:\users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20 11:25]
.
2014-11-03 c:\windows\Tasks\SDMsgUpdate (Local).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2013-12-08 15:18]
.
2014-11-03 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2013-12-08 15:18]
.
.
------- Supplementary Scan -------
.
uStart Page = "https://www.google.com.au/webhp?"
CHR Profile: C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (Web Developer) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2012-04-20]
CHR Extension: (ColorZilla) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2012-11-17]
CHR Extension: (YouTube) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-20]
CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2012-04-20]
CHR Extension: (QR Code Generator) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cicimfkkbejhggfjaabggafffgdnjgjp [2012-08-29]
CHR Extension: (Google Search) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-20]
CHR Extension: (20-20 3D Viewer for Virtual Studio) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbhljkhbideandpbhpinhedfgdhkpdc [2014-01-11]
CHR Extension: (Lorem Ipsum Generator) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpfoncmmihgkooacnplecaopcefceam [2012-08-29]
CHR Extension: (Google Earth The Instant Way) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpifhlbldgbpgcgpcmiakanpghoddbme [2012-05-12]
CHR Extension: (The QR Code Generator) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2012-08-29]
CHR Extension: (Hola Better Internet) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-09-01]
CHR Extension: (Pin It Button) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-10-24]
CHR Extension: (New Tab Redirect) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2014-08-14]
CHR Extension: (ManageWP) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfehlfmidmihiohmobbfnbpgkckijbjj [2012-08-06]
CHR Extension: (HTML5 Web Development IDE) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kheidghjolippfddjfloeinafjkcgcic [2012-11-17]
CHR Extension: (Google Maps) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2012-05-12]
CHR Extension: (Google Wallet) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (SEO for Chrome) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2012-04-20]
CHR Extension: (Gmail) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-20]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JUDY\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-04]
CHR StartMenuInternet: Google Chrome - C:\Users\JUDY\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S4 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S4 vToolbarUpdater11.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-10] ()
S2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1150368 2012-04-24] (Western Digital )
S4 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [247704 2012-04-11] (Western Digital)
S4 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [185856 2012-05-24] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.)
S3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.)
R3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [22176 2012-01-18] (Logitech Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-12-03] (EldoS Corporation)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [28256 2014-08-13] (EldoS Corporation)
R1 SCT_SKMScan; C:\Windows\System32\DRIVERS\sct_skmscan.sys [33096 2012-10-12] (Sophos Limited)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-01-15] ()
S0 bdgw; System32\drivers\gjavkl.sys [X]
S3 catchme; \??\C:\Users\JUDY\AppData\Local\Temp\catchme.sys [X]
S1 FileDisk; No ImagePath
S0 kdcmo; System32\drivers\ejrh.sys [X]
S3 massfilter_hs; \??\C:\Windows\system32\drivers\massfilter_hs.sys [X]
S0 tqqe; System32\drivers\hpue.sys [X]
S3 zghsdiag; system32\DRIVERS\zghsdiag.sys [X]
S3 zghsmdm; system32\DRIVERS\zghsmdm.sys [X]
U3 mbr; \??\C:\Users\JUDY\AppData\Local\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-04 10:14 - 2014-11-04 10:14 - 00000000 ____D () C:\Users\removevirus\AppData\Local\Google
2014-11-04 10:07 - 2014-11-04 10:07 - 00019827 _____ () C:\ComboFix.txt
2014-11-04 09:19 - 2014-11-04 09:19 - 05591672 _____ (Swearware) C:\Users\JUDY\Desktop\ComboFix.exe
2014-11-03 16:00 - 2014-11-03 16:00 - 00038528 _____ () C:\Users\JUDY\.recently-used.xbel
2014-11-03 14:51 - 2014-11-04 09:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-03 14:51 - 2014-11-03 14:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-03 14:51 - 2014-11-03 14:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-30 19:11 - 2010-11-20 23:21 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-10-30 11:11 - 2014-11-04 10:17 - 00000000 ____D () C:\FRST
2014-10-30 01:46 - 2014-10-30 01:46 - 00000097 _____ () C:\Users\JUDY\Desktop\FRST.txt
2014-10-30 00:55 - 2014-10-30 00:56 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\JUDY\Desktop\tdsskiller.exe
2014-10-30 00:54 - 2014-10-30 01:46 - 00044517 _____ () C:\Users\JUDY\Desktop\Addition.txt
2014-10-30 00:49 - 2014-10-30 00:49 - 01105408 _____ (Farbar) C:\Users\JUDY\Desktop\FRST.exe
2014-10-29 19:19 - 2014-10-29 19:24 - 00000000 ____D () C:\.Trash-999
2014-10-28 19:02 - 2014-10-28 19:02 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Mahjong Games
2014-10-28 14:53 - 2014-10-28 14:53 - 00000000 ____D () C:\Users\JUDY\AppData\Local\{A323528A-2121-4BB8-B742-20C0B4681180}
2014-10-26 15:24 - 2014-10-26 15:26 - 25491968 _____ () C:\Users\JUDY\Desktop\Steamfest 2014 - Exhibits & Stall Holders (Mick Smith's conflicted copy 2014-03-05).xls
2014-10-21 15:17 - 2014-10-21 15:17 - 00000000 ____D () C:\Users\JUDY\Documents\Red Kawa
2014-10-21 15:17 - 2014-10-21 15:17 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Red Kawa
2014-10-21 13:33 - 2014-10-21 13:33 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Regensoft
2014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\Users\JUDY\Documents\Regensoft
2014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Regensoft
2014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\Program Files\Regensoft
2014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\Program Files\AviSynth 2.5
2014-10-21 13:27 - 2014-10-21 13:27 - 00002156 _____ () C:\Users\Public\Desktop\Videora iPod Converter.lnk
2014-10-21 13:27 - 2014-10-21 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Kawa
2014-10-21 13:27 - 2014-10-21 13:27 - 00000000 ____D () C:\Program Files\Red Kawa
2014-10-16 07:50 - 2014-10-16 07:50 - 01054912 _____ (Adobe) C:\Users\JUDY\Desktop\install_flashplayer15x32au_ltr5x32d_awc_aih.exe
2014-10-15 18:27 - 2014-06-27 12:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-15 17:51 - 2014-09-18 12:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 17:51 - 2014-06-25 12:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-15 17:51 - 2014-06-24 13:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-15 17:50 - 2014-09-25 12:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-15 17:50 - 2014-09-05 12:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 17:50 - 2014-08-01 22:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-15 17:50 - 2014-07-09 12:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-15 17:50 - 2014-07-09 09:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-15 17:49 - 2014-09-10 08:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-15 17:35 - 2014-09-29 11:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 17:32 - 2014-09-04 16:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 17:31 - 2014-07-17 12:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 17:31 - 2014-07-17 12:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 17:31 - 2014-07-17 12:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 17:31 - 2014-07-17 12:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 17:31 - 2014-07-17 12:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 17:31 - 2014-07-17 12:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 17:30 - 2014-07-17 12:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 17:30 - 2014-07-17 12:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 17:29 - 2014-10-07 13:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 17:29 - 2014-09-26 09:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 17:29 - 2014-09-26 09:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 17:29 - 2014-09-26 09:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 17:29 - 2014-09-26 09:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 17:29 - 2014-09-26 09:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 17:29 - 2014-09-19 12:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 17:29 - 2014-09-19 12:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 17:29 - 2014-09-19 12:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 17:29 - 2014-09-19 12:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 17:29 - 2014-09-19 12:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 17:29 - 2014-09-19 12:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 17:29 - 2014-09-19 12:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 17:29 - 2014-09-19 11:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 17:29 - 2014-09-19 11:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 17:29 - 2014-09-19 11:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 17:29 - 2014-09-19 11:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 17:29 - 2014-09-19 11:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 17:29 - 2014-09-19 11:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 17:29 - 2014-09-19 11:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 17:29 - 2014-09-19 11:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 17:29 - 2014-09-19 11:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 17:29 - 2014-09-19 11:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 17:29 - 2014-09-19 11:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 17:29 - 2014-09-19 11:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 17:29 - 2014-09-19 11:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 17:29 - 2014-09-19 11:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 17:29 - 2014-09-19 10:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 17:29 - 2014-09-19 10:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 17:29 - 2014-09-19 10:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 17:29 - 2014-06-19 09:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 17:29 - 2014-06-19 09:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 17:29 - 2014-06-19 09:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 17:28 - 2014-09-13 12:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 17:28 - 2014-08-29 12:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 17:27 - 2014-07-07 12:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 17:27 - 2014-07-07 12:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 17:27 - 2014-07-07 12:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 17:27 - 2014-06-28 11:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 17:27 - 2014-06-28 11:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 17:27 - 2014-06-28 11:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 17:26 - 2014-08-19 13:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 17:26 - 2014-08-19 13:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 17:26 - 2014-08-19 13:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 17:26 - 2014-08-19 13:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 17:26 - 2014-08-19 13:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 17:26 - 2014-08-19 12:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 17:26 - 2014-07-07 12:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 17:26 - 2014-07-07 12:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 17:26 - 2014-07-07 12:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 17:26 - 2014-07-07 12:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 17:26 - 2014-07-07 12:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 17:26 - 2014-07-07 12:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 17:26 - 2014-07-07 12:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 18:30 - 2014-10-14 18:30 - 00474271 _____ () C:\Users\JUDY\Desktop\Dimensions.xlsx
2014-10-13 13:25 - 2014-10-30 00:15 - 00000408 _____ () C:\Windows\system32\iolo.ini
2014-10-13 13:10 - 2014-10-13 13:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-10 09:02 - 2014-10-10 09:02 - 00007435 _____ () C:\Users\JUDY\Desktop\2014-June.txt.gz
2014-10-09 20:33 - 2014-10-09 20:33 - 00000000 ____D () C:\Users\JUDY\Desktop\2014+TasTourismAwards+Finalist+Logos
2014-10-09 13:35 - 2014-10-09 13:35 - 00000064 _____ () C:\Users\JUDY\Desktop\Steamfest call tracker.laccdb
2014-10-07 14:44 - 2014-10-07 14:44 - 00000000 ____D () C:\Users\JUDY\NZBDriveCache
2014-10-07 14:37 - 2014-10-07 14:37 - 00000000 ____D () C:\Users\JUDY\AppData\Local\ByteFountain
2014-10-07 14:35 - 2014-10-07 15:00 - 00000000 ____D () C:\Program Files\NZBDrive
2014-10-07 14:35 - 2014-01-08 23:34 - 00051712 _____ () C:\Windows\system32\dokanx.dll
2014-10-07 14:27 - 2014-10-07 14:28 - 05194104 _____ (ByteFountain ) C:\Users\JUDY\Desktop\nzbdrive-setup-1.1.1-win.exe
2014-10-06 16:42 - 2014-10-06 16:43 - 00000000 ____D () C:\Users\JUDY\Desktop\TOSHIBA
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-04 10:15 - 2014-07-07 23:07 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-04 10:15 - 2013-12-08 22:31 - 00000478 _____ () C:\Windows\Tasks\SDMsgUpdate (Local).job
2014-11-04 10:15 - 2013-12-08 22:31 - 00000470 _____ () C:\Windows\Tasks\SDMsgUpdate (TE).job
2014-11-04 10:15 - 2013-03-26 21:58 - 00116576 _____ () C:\Users\removevirus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-04 10:15 - 2009-07-14 15:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-04 10:07 - 2014-01-22 22:44 - 00000000 ____D () C:\Qoobox
2014-11-04 10:07 - 2012-04-20 20:29 - 00010080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-04 10:07 - 2012-04-20 20:29 - 00010080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-04 10:03 - 2012-04-20 20:43 - 00786474 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-04 10:03 - 2012-04-20 20:36 - 01739343 _____ () C:\Windows\WindowsUpdate.log
2014-11-04 10:01 - 2012-06-11 00:49 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\eM Client
2014-11-04 09:58 - 2009-07-14 13:04 - 00000215 _____ () C:\Windows\system.ini
2014-11-04 09:57 - 2014-09-27 22:25 - 00058224 _____ () C:\Windows\setupact.log
2014-11-04 09:57 - 2012-04-20 20:33 - 02522422 _____ () C:\Windows\PFRO.log
2014-11-04 09:57 - 2009-07-14 15:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-04 09:56 - 2014-01-22 22:43 - 00000000 ____D () C:\Windows\erdnt
2014-11-04 09:37 - 2012-04-21 13:59 - 00000000 ____D () C:\Users\JUDY\Documents\INSTALLS  TO KEEP
2014-11-04 09:28 - 2012-04-20 22:25 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA.job
2014-11-04 05:28 - 2012-04-20 22:25 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core.job
2014-11-04 01:40 - 2012-12-20 11:11 - 00000000 ____D () C:\Users\JUDY\Documents\eM Client
2014-11-03 20:14 - 2014-09-29 10:51 - 01802240 _____ () C:\Users\JUDY\Documents\RWCSHS.accdb
2014-11-03 16:03 - 2014-09-17 18:04 - 00000000 ____D () C:\Users\JUDY\.gimp-2.6
2014-11-03 16:00 - 2012-04-20 20:30 - 00000000 ____D () C:\Users\JUDY
2014-11-03 14:59 - 2012-04-20 22:50 - 00000000 ____D () C:\Users\JUDY\AppData\Local\Adobe
2014-11-02 22:44 - 2012-05-09 17:30 - 00000000 ___RD () C:\Users\JUDY\Dropbox
2014-11-02 22:44 - 2012-05-09 16:35 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Dropbox
2014-11-01 05:20 - 2013-10-24 09:54 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-30 12:34 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-10-30 12:16 - 2013-07-04 01:39 - 00000000 ____D () C:\Program Files\etax2013
2014-10-30 09:11 - 2012-04-21 14:19 - 00000000 ____D () C:\Users\JUDY\Documents\WEB DESIGN TOOLS
2014-10-30 07:52 - 2014-07-10 11:11 - 00000000 ____D () C:\Users\Graham
2014-10-30 07:52 - 2013-03-26 21:57 - 00000000 ____D () C:\Users\removevirus
2014-10-30 07:52 - 2012-04-21 15:00 - 00000000 ____D () C:\Program Files\PSPad editor
2014-10-30 07:52 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-10-30 07:52 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\registration
2014-10-30 03:24 - 2012-05-20 01:17 - 00000000 ____D () C:\Users\JUDY\AppData\Local\Western_Digital
2014-10-30 00:15 - 2012-04-20 23:18 - 00000392 _____ () C:\Windows\system32\iolo.ini.txt
2014-10-29 09:32 - 2012-04-21 14:45 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\FileZilla
2014-10-28 06:35 - 2012-04-20 21:13 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 18:39 - 2012-04-21 15:44 - 00000000 ____D () C:\Windows\system32\config\SM Registry Backup
2014-10-26 22:21 - 2012-04-22 19:52 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\gtk-2.0
2014-10-24 17:19 - 2012-04-21 13:45 - 00000000 ____D () C:\Users\JUDY\Documents\Cashbook Data
2014-10-24 17:19 - 2012-04-21 13:44 - 00000000 ____D () C:\ProgramData\Cashbook Complete
2014-10-23 11:57 - 2014-07-13 19:34 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-tax 2014
2014-10-23 11:57 - 2014-07-13 19:34 - 00000000 ____D () C:\Program Files\etax2014
2014-10-23 09:03 - 2013-07-08 18:15 - 00016896 ___SH () C:\Users\JUDY\Thumbs.db
2014-10-21 16:07 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\PLA
2014-10-17 10:04 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-17 09:56 - 2012-06-11 00:48 - 00000924 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
2014-10-17 09:56 - 2012-06-11 00:48 - 00000000 ____D () C:\Program Files\eM Client
2014-10-15 20:08 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\rescache
2014-10-15 19:26 - 2014-07-07 22:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-15 19:26 - 2009-07-14 15:33 - 02355440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 18:32 - 2012-04-21 21:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 18:23 - 2013-08-15 04:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 18:08 - 2012-04-22 10:17 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 14:22 - 2012-09-03 12:47 - 00000000 ____D () C:\Users\JUDY\Documents\My Kindle Content
2014-10-14 08:54 - 2014-07-07 22:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-13 13:10 - 2012-04-20 22:22 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-13 13:10 - 2012-04-20 22:22 - 00000000 ____D () C:\Program Files\Adobe
2014-10-10 18:43 - 2013-02-23 13:54 - 00000000 ___SD () C:\Users\JUDY\Documents\My Data Sources
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-26 00:12
 
==================== End Of Log ============================
 
Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2014

Ran by JUDY at 2014-11-04 10:17:53

Running from C:\Users\JUDY\Dropbox\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)

Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden

Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)

Adobe Creative Suite 4 Master Collection (HKLM\...\Adobe_7e74552a59eaf9fafd13f90894ac9bd) (Version: 4.0 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)

Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)

Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

AUSkey software 1.4.4 (HKLM\...\{24D37B30-83B4-46A7-A691-30F2FCEAE58E}) (Version: 1.4.4 - ABR)

AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

CameraHelperMsi (Version: 13.31.1038.0 - Logitech) Hidden

Cashbook Complete (HKLM\...\Cashbook Complete) (Version:  - )

CCScore (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden

Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)

Dropbox (HKCU\...\Dropbox) (Version: 2.11.33 - Dropbox, Inc.)

EasyRotator Wizard (HKLM\...\com.dwuser.erwizard.EasyRotatorWizard) (Version: 1.0.124 - Magnetic Marketing Corp)

EasyRotator Wizard (Version: 1.0.124 - Magnetic Marketing Corp) Hidden

eM Client (HKLM\...\{8A33684C-A2EF-4A49-A4A9-BD6EF80EC12A}) (Version: 6.0.21040.0 - eM Client Inc.)

erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden

ESSBrwr (Version: 7.00.0000.0003 - EASTMAN KODAK Company) Hidden

ESSCDBK (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden

ESScore (Version: 7.00.0000.0008 - EASTMAN KODAK Company) Hidden

ESSgui (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden

ESSini (Version: 7.00.0000.0003 - EASTMAN KODAK Company) Hidden

ESSPCD (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden

ESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden

ESSSONIC (Version: 6.4.0000.0001 - EASTMAN KODAK Company) Hidden

ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden

essvatgt (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden

e-tax 2014 (HKLM\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.10.788 - Australian Taxation Office)

Fences 2 (HKLM\...\Fences 22.01) (Version: 2.01 - Stardock Corporation)

fflink (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden

FileZilla Client 3.9.0.5 (HKLM\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)

Fotosizer 2.08 (HKLM\...\Fotosizer) (Version: 2.08.0.545 - Fotosizer.com)

GanttProject (HKLM\...\GanttProject) (Version:  - )

GIMP 2.6.12-2 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.12 - The GIMP Team)

Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)

Google Drive (HKLM\...\{56D4499E-AC3E-4B8D-91C9-C700C148C44B}) (Version: 1.13.5782.599 - Google, Inc.)

Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden

HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)

HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)

HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)

iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)

ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)

Internode Monthly Usage Meter 8.2a (HKLM\...\Internode Monthly Usage Meter_is1) (Version:  - )

iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)

Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)

JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

kgcbase (Version: 5.03.0000.0004 - EASTMAN KODAK Company) Hidden

Kobo (HKLM\...\Kobo) (Version: 3.0.4 - Kobo Inc.)

Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)

Korean Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5670-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)

kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden

Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)

Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)

Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)

Lyrics Plugin for Windows Media Player (HKLM\...\{43002AE2-4093-49E0-A03D-990EE184C568}) (Version: 0.4 - Lyrics Plugin)

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

MariusSoft Bulk Image Resizer (HKLM\...\{DE563E12-A92C-4547-A3E4-D93D744164D7}) (Version: 1.0.0 - MariusSoft LLC)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

netbrdg (Version: 7.00.0000.0003 - EASTMAN KODAK Company) Hidden

OfotoXMI (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden

Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)

OverDrive Media Console (HKLM\...\{D647F06F-2908-487E-9CDA-DE52148CBF49}) (Version: 3.2.10 - OverDrive, Inc.)

PASSAGE 3 (English version) (HKLM\...\P3E) (Version:  - )

Password Generator (remove only) (HKCU\...\Password Generator) (Version:  - WinCatalog.com)

PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden

Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden

Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden

Project Viewer 2010 SP1 (HKLM\...\{E0993C3B-5CCB-4160-A9CE-86604DAC20BE}) (Version: 17.3.0 - Viewer Central)

PSPad editor (HKLM\...\PSPad editor_is1) (Version:  - Jan Fiala)

QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)

Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)

SFR (Version: 7.00.0000.0004 - Eastman Kodak Company) Hidden

SHASTA (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden

skin0001 (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden

SKINXSDK (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden

Snap.Do (HKLM\...\{F33C8209-E8E0-49C8-8D7E-363CD346C801}) (Version: 11.117.1.19710 - ReSoft Ltd.) <==== ATTENTION

staticcr (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden

Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden

TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)

tooltips (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update Manager for SweetPacks 1.1 (HKLM\...\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}) (Version: 1.1.0008 - SweetIM Technologies Ltd.) <==== ATTENTION

Videora iPod Converter 6 (HKLM\...\Videora iPod Converter) (Version: 6 - Red Kawa)

VPRINTOL (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden

WD SmartWare (HKLM\...\{A6813E19-244A-476E-8AE5-A1176739EEE5}) (Version: 1.6.0.25 - Western Digital)

Web Assistant 2.0.0.445 (HKLM\...\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1) (Version:  - IB) <==== ATTENTION

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

WIRELESS (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden

WOW Slider (HKLM\...\WOW Slider_is1) (Version:  - )

XAMPP 1.7.7 (HKLM\...\xampp) (Version:  - )

Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

Yahoo!7 Messenger (HKLM\...\Yahoo!7 Messenger) (Version:  - Yahoo! Inc.)

YouTube Downloader App 3.00 (HKLM\...\YouTube Downloader App) (Version: 3.00 - Regensoft)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{20C62CA0-15DA-101B-B9A8-444553540000}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{20C62CAB-15DA-101B-B9A8-444553540000}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\delegate_execute.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6FBA474B-43AC-11CE-9A0E-00AA0062BB4C}\InprocServer32 -> C:\Windows\system32\sysinfo.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BB1AE0D0-634E-11CF-8996-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BB1AE0D1-634E-11CF-8996-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Chrome\Application\31.0.1650.57\delegate_execute.exe" No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File

 

==================== Restore Points  =========================

 

28-10-2014 19:29:04 Windows Update

29-10-2014 13:20:15 Windows Update

30-10-2014 01:15:53 Removed e-tax 2013

01-11-2014 20:19:35 Windows Backup

03-11-2014 22:38:47 ComboFix created restore point

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2006-11-02 21:23 - 2014-11-04 09:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs

Task: {21F2886D-9563-41E3-B8C5-95BDB221CDC5} - System32\Tasks\SDMsgUpdate (Local) => C:\Program Files\SmartDraw CI\Messages\SDNotify.exe [2012-08-14] ()

Task: {3674A452-9074-4D18-87C3-FC55398DB483} - System32\Tasks\HP AR Program Upload - 9bcc7fd55bd04f98b9848c21cb4fee10f8d5d3240f3c44208ada20b20a7f0d85 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)

Task: {386DF063-9C35-431D-8683-E9DAE84E9651} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files\SmartDraw CI\Messages\SDNotify.exe [2012-08-14] ()

Task: {391BB1EF-867C-4839-9B8C-396910A5E44D} - System32\Tasks\HP AR Program Upload - 6f2b85e691014a32b2dbda37ff2ee6c4a392746e39ef41818d4e9e816a03fa2d => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)

Task: {46BCAA68-631E-4472-88AA-CD63784E78D4} - \BrowserSafeguard Update Task No Task File <==== ATTENTION

Task: {4BB46668-3F6B-409D-8DB3-94333546E251} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs

Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {745039D9-7BF1-41E3-97D2-5B60E330E2DB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

Task: {75E37D6C-CBC4-493F-B1B7-483D95D6B643} - System32\Tasks\HP AR Program Upload - 6a1b909d73cf47668c635d1b70c737f0df200fce71c9499d8fe5fa4d11bad297 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)

Task: {7C2A209A-4AFB-4724-B6CD-66C82A14B26D} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)

Task: {9A8E8E42-C684-45C0-9DCD-FF01AAC4010E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)

Task: {BDF21EC8-095B-4549-A19E-81B537B27472} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-03] (Adobe Systems Incorporated)

Task: {BF0BDD64-C447-4609-A36B-1B1CA457F183} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.)

Task: {CD262629-5463-42A9-8239-3C2F3552F4DB} - System32\Tasks\HP AR Program Upload - af41b27368bd45959bdc19a601e84794810127de4b2249b3be3a20b59b9b1845 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)

Task: {D0604AD8-A356-494A-B4B5-97352F740746} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)

Task: {D099DA58-58F1-493F-ACC4-4A3D663E8A8B} - \Windows Update Check - 0x127402C5 No Task File <==== ATTENTION

Task: {D947123D-86E4-49CF-8F49-F98144E956F7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {F0AA8786-B93A-4845-B679-48E9B7228712} - System32\Tasks\eM Client Database Backup => C:\Program Files\eM Client\DbBackup.exe [2014-10-16] ()

Task: {F1A343BC-AB6D-4640-A1C3-BBB4ACE7B2E9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe

Task: {F56D68F0-0162-4134-B52C-68906D1D09B3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

Task: {FC9F2ABD-785C-4736-B580-7F629C05BDAE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core.job => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA.job => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\SDMsgUpdate (Local).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe

Task: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2012-04-26 12:45 - 2001-07-26 16:17 - 00692224 _____ () C:\Program Files\Internode\libeay32.dll

2012-04-26 12:45 - 2001-07-26 16:18 - 00151552 _____ () C:\Program Files\Internode\ssleay32.dll

2013-12-03 00:29 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll

2013-12-03 00:28 - 2012-05-25 04:25 - 00078336 _____ () C:\Program Files\Yahoo!\Messenger\pcre.dll

2012-04-21 15:00 - 2009-11-16 21:31 - 00069632 _____ () C:\Program Files\PSPad editor\PSPadShell.dll

2014-09-07 03:44 - 2014-09-07 03:44 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll

2014-05-25 03:41 - 2014-05-25 03:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll

2014-05-25 03:41 - 2014-05-25 03:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll

2014-10-30 00:29 - 2014-10-22 15:04 - 01042760 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll

2014-10-30 00:29 - 2014-10-22 15:04 - 00211272 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll

2014-10-30 00:29 - 2014-10-22 15:04 - 08910664 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll

2014-10-30 00:29 - 2014-10-22 15:04 - 01681224 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

2014-11-03 14:51 - 2014-11-03 14:51 - 16832176 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCT_SKMScan => ""="Service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: vseamps => 2

MSCONFIG\Services: vsedsps => 2

MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-3679276584-3606042885-2229931398-500 - Administrator - Disabled)

Graham (S-1-5-21-3679276584-3606042885-2229931398-1007 - Administrator - Enabled) => C:\Users\Graham

Guest (S-1-5-21-3679276584-3606042885-2229931398-501 - Limited - Enabled)

HomeGroupUser$ (S-1-5-21-3679276584-3606042885-2229931398-1005 - Limited - Enabled)

JUDY (S-1-5-21-3679276584-3606042885-2229931398-1000 - Administrator - Enabled) => C:\Users\JUDY

Public (S-1-5-21-3679276584-3606042885-2229931398-1006 - Limited - Enabled)

removevirus (S-1-5-21-3679276584-3606042885-2229931398-1003 - Administrator - Enabled) => C:\Users\removevirus

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/04/2014 10:15:15 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7

Faulting module name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7

Exception code: 0xc0000005

Fault offset: 0x00001ffd

Faulting process id: 0xdc0

Faulting application start time: 0xExplorer.EXE0

Faulting application path: Explorer.EXE1

Faulting module path: Explorer.EXE2

Report Id: Explorer.EXE3

 

Error: (11/04/2014 10:14:18 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7

Faulting module name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7

Exception code: 0xc0000005

Fault offset: 0x00001ffd

Faulting process id: 0x880

Faulting application start time: 0xExplorer.EXE0

Faulting application path: Explorer.EXE1

Faulting module path: Explorer.EXE2

Report Id: Explorer.EXE3

 

Error: (11/04/2014 09:59:54 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7

Faulting module name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7

Exception code: 0xc0000005

Fault offset: 0x00001ffd

Faulting process id: 0xa44

Faulting application start time: 0xExplorer.EXE0

Faulting application path: Explorer.EXE1

Faulting module path: Explorer.EXE2

Report Id: Explorer.EXE3

 

Error: (11/04/2014 09:59:01 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/04/2014 09:42:20 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7

Faulting module name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7

Exception code: 0xc0000005

Fault offset: 0x00001ffd

Faulting process id: 0x640

Faulting application start time: 0xExplorer.exe0

Faulting application path: Explorer.exe1

Faulting module path: Explorer.exe2

Report Id: Explorer.exe3

 

Error: (11/04/2014 09:41:26 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: YahooMessenger.exe, version: 11.5.0.228, time stamp: 0x4fbf6b79

Faulting module name: YahooMessenger.exe, version: 11.5.0.228, time stamp: 0x4fbf6b79

Exception code: 0xc0000005

Fault offset: 0x000fc5dc

Faulting process id: 0x146c

Faulting application start time: 0xYahooMessenger.exe0

Faulting application path: YahooMessenger.exe1

Faulting module path: YahooMessenger.exe2

Report Id: YahooMessenger.exe3

 

Error: (11/04/2014 00:37:15 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (11/04/2014 00:35:59 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (11/02/2014 09:05:07 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/02/2014 10:47:27 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

 

System errors:

=============

Error: (11/04/2014 10:11:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: 

%%1058

 

Error: (11/04/2014 10:08:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: 

%%1058

 

Error: (11/04/2014 10:08:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: 

%%1058

 

Error: (11/04/2014 10:08:53 AM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1068WDBackup{81213AB4-5937-4340-88CD-66B4BC80DF73}

 

Error: (11/04/2014 10:05:40 AM) (Source: ipnathlp) (EventID: 31004) (User: )

Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

 

Error: (11/04/2014 09:59:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (11/04/2014 09:58:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

bdgw

FileDisk

kdcmo

tqqe

 

Error: (11/04/2014 09:57:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: 

%%1058

 

Error: (11/04/2014 09:57:54 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 9:55:47 AM on ‎11/‎4/‎2014 was unexpected.

 

Error: (11/04/2014 09:49:59 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

 

Microsoft Office Sessions:

=========================

Error: (02/20/2013 10:50:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 58 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (02/20/2013 10:32:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 884 seconds with 480 seconds of active time.  This session ended with a crash.

 

Error: (09/20/2012 11:39:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2836 seconds with 1380 seconds of active time.  This session ended with a crash.

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-04-11 12:50:08.371

  Description: Code Integrity is unable to verify the image integrity of the file \Device\CdRom0\HitmanPro.exe because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-04-20 19:08:27.523

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-04-20 19:08:27.507

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-04-20 19:08:27.507

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-04-20 19:08:27.492

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-04-20 19:08:27.492

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-04-20 19:04:49.404

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-04-20 19:04:49.404

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-04-20 19:04:49.388

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-04-20 19:04:49.388

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core2 Duo CPU E7200 @ 2.53GHz

Percentage of memory in use: 53%

Total physical RAM: 3326.18 MB

Available physical RAM: 1537.88 MB

Total Pagefile: 6650.64 MB

Available Pagefile: 4473.33 MB

Total Virtual: 2047.88 MB

Available Virtual: 1910.73 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:149.01 GB) (Free:63.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive e: (WD Unlocker) (CDROM) (Total:0.02 GB) (Free:0 GB) UDF

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 166E37A8)

Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

Attempted reading MBR returned 0 bytes.

 Could not read MBR for disk 1.

 

==================== End Of Log ============================

Link to post
Share on other sites

Hi Judy, 

 

Did you install the following programmes?

  • Videora iPod Converter 6 
  • Yahoo! Software Update 
  • Yahoo! Messenger
  • YouTube Downloader App 3.00 

 

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • (!) Ensure you load each profile just as you did before. All three must be loaded before running the script below. 
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startHKU\S-1-5-21-3679276584-3606042885-2229931398-1000\...\Policies\Explorer: [TaskbarNoNotification] 1HKU\S-1-5-21-3679276584-3606042885-2229931398-1003\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?HKU\S-1-5-21-3679276584-3606042885-2229931398-1003\...A8F59079A8D5}\localserver32:  <==== ATTENTION!BootExecute: ???HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-3679276584-3606042885-2229931398-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONSearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={F47EDF8B-78FC-425D-9E19-526F2E321E30}&mid=66cf0c85bd7747d09380d16836c66574-92cb9cadec2b0dbada8cf013e8ecaa8cc0a06a88〈=en&ds=tc011&pr=sa&d=2012-04-21 14:52:50&v=11.1.0.12&sap=dsp&q={searchTerms}BHO: No Name -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} ->  No FileBHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No FileBHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()C:\Program Files\AVG Secure SearchToolbar: HKLM - No Name - {837CC356-411E-4654-B2A2-ECA1F037979F} -  No FileToolbar: HKCU - No Name - {837CC356-411E-4654-B2A2-ECA1F037979F} -  No FileHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No FileHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()C:\Program Files\Common Files\AVG Secure SearchFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xmlFF Extension: Yahoo! Toolbar - C:\Users\JUDY\AppData\Roaming\Mozilla\Firefox\Profiles\h8qyudtn.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-10-21]FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\11.1.0.12C:\ProgramData\AVG Secure SearchFF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\11.1.0.12 [2012-07-10]FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll (AVG Technologies)CHR Extension: (Hola Better Internet) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-09-01]S4 vToolbarUpdater11.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-10] ()2014-10-16 07:50 - 2014-10-16 07:50 - 01054912 _____ (Adobe) C:\Users\JUDY\Desktop\install_flashplayer15x32au_ltr5x32d_awc_aih.exeS0 bdgw; System32\drivers\gjavkl.sys [X]S1 FileDisk; No ImagePathS0 kdcmo; System32\drivers\ejrh.sys [X]S0 tqqe; System32\drivers\hpue.sys [X]Task: {46BCAA68-631E-4472-88AA-CD63784E78D4} - \BrowserSafeguard Update Task No Task File <==== ATTENTIONTask: {D099DA58-58F1-493F-ACC4-4A3D663E8A8B} - \Windows Update Check - 0x127402C5 No Task File <==== ATTENTIONCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Chrome\Application\31.0.1650.57\delegate_execute.exe" No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No FileFolder: C:\Users\JUDY\AppData\Local\{A323528A-2121-4BB8-B742-20C0B4681180}CMD: ipconfig /flushdnsend
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
Link to post
Share on other sites

Hi Adam - re your question about installing programmes, I did instal them all but  uninstalled  Videora iPod Converter 6 before running this fix.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-11-2014

Ran by JUDY at 2014-11-05 15:15:42 Run:2

Running from C:\Users\JUDY\Dropbox\Desktop

Loaded Profiles: JUDY & removevirus & Graham (Available profiles: JUDY & removevirus & Graham)

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

start

HKU\S-1-5-21-3679276584-3606042885-2229931398-1000\...\Policies\Explorer: [TaskbarNoNotification] 1

HKU\S-1-5-21-3679276584-3606042885-2229931398-1003\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?

HKU\S-1-5-21-3679276584-3606042885-2229931398-1003\...A8F59079A8D5}\localserver32:  <==== ATTENTION!

BootExecute: ???

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-3679276584-3606042885-2229931398-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={F47EDF8B-78FC-425D-9E19-526F2E321E30}&mid=66cf0c85bd7747d09380d16836c66574-92cb9cadec2b0dbada8cf013e8ecaa8cc0a06a88〈=en&ds=tc011&pr=sa&d=2012-04-21 14:52:50&v=11.1.0.12&sap=dsp&q={searchTerms}

BHO: No Name -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} ->  No File

BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File

BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()

C:\Program Files\AVG Secure Search

Toolbar: HKLM - No Name - {837CC356-411E-4654-B2A2-ECA1F037979F} -  No File

Toolbar: HKCU - No Name - {837CC356-411E-4654-B2A2-ECA1F037979F} -  No File

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()

C:\Program Files\Common Files\AVG Secure Search

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml

FF Extension: Yahoo! Toolbar - C:\Users\JUDY\AppData\Roaming\Mozilla\Firefox\Profiles\h8qyudtn.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-10-21]

FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\11.1.0.12

C:\ProgramData\AVG Secure Search

FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\11.1.0.12 [2012-07-10]

FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll (AVG Technologies)

CHR Extension: (Hola Better Internet) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-09-01]

S4 vToolbarUpdater11.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-10] ()

2014-10-16 07:50 - 2014-10-16 07:50 - 01054912 _____ (Adobe) C:\Users\JUDY\Desktop\install_flashplayer15x32au_ltr5x32d_awc_aih.exe

S0 bdgw; System32\drivers\gjavkl.sys [X]

S1 FileDisk; No ImagePath

S0 kdcmo; System32\drivers\ejrh.sys [X]

S0 tqqe; System32\drivers\hpue.sys [X]

Task: {46BCAA68-631E-4472-88AA-CD63784E78D4} - \BrowserSafeguard Update Task No Task File <==== ATTENTION

Task: {D099DA58-58F1-493F-ACC4-4A3D663E8A8B} - \Windows Update Check - 0x127402C5 No Task File <==== ATTENTION

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Chrome\Application\31.0.1650.57\delegate_execute.exe" No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File

CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File

Folder: C:\Users\JUDY\AppData\Local\{A323528A-2121-4BB8-B742-20C0B4681180}

CMD: ipconfig /flushdns

end

*****************

 

HKU\S-1-5-21-3679276584-3606042885-2229931398-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value deleted successfully.

"HKU\S-1-5-21-3679276584-3606042885-2229931398-1003\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}" => Key deleted successfully.

"HKU\S-1-5-21-3679276584-3606042885-2229931398-1003\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found.

"HKU\S-1-5-21-3679276584-3606042885-2229931398-1003\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.

HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

"HKU\S-1-5-21-3679276584-3606042885-2229931398-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.

"HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}" => Key deleted successfully.

"HKCR\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}" => Key not found.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key deleted successfully.

"HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key not found.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.

"HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.

C:\Program Files\AVG Secure Search => Moved successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{837CC356-411E-4654-B2A2-ECA1F037979F} => value deleted successfully.

"HKCR\CLSID\{837CC356-411E-4654-B2A2-ECA1F037979F}" => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{837CC356-411E-4654-B2A2-ECA1F037979F} => value deleted successfully.

"HKCR\CLSID\{837CC356-411E-4654-B2A2-ECA1F037979F}" => Key not found.

"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.

"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key not found.

"HKCR\PROTOCOLS\Handler\viprotocol" => Key deleted successfully.

"HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}" => Key deleted successfully.

C:\Program Files\Common Files\AVG Secure Search => Moved successfully.

C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml => Moved successfully.

C:\Users\JUDY\AppData\Roaming\Mozilla\Firefox\Profiles\h8qyudtn.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} => Moved successfully.

HKLM\Software\Mozilla\Firefox\Extensions\\avg@toolbar => value deleted successfully.

C:\ProgramData\AVG Secure Search => Moved successfully.

C:\ProgramData\AVG Secure Search\11.1.0.12 => not found.

"HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key deleted successfully.

C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll not found.

C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio => Moved successfully.

vToolbarUpdater11.2.0 => Service deleted successfully.

C:\Users\JUDY\Desktop\install_flashplayer15x32au_ltr5x32d_awc_aih.exe => Moved successfully.

bdgw => Service deleted successfully.

FileDisk => Service deleted successfully.

kdcmo => Service deleted successfully.

tqqe => Service deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46BCAA68-631E-4472-88AA-CD63784E78D4}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46BCAA68-631E-4472-88AA-CD63784E78D4}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D099DA58-58F1-493F-ACC4-4A3D663E8A8B}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D099DA58-58F1-493F-ACC4-4A3D663E8A8B}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows Update Check - 0x127402C5" => Key deleted successfully.

"HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}" => Key deleted successfully.

"HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}" => Key deleted successfully.

"HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}" => Key deleted successfully.

"HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}" => Key deleted successfully.

"HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => Key deleted successfully.

"HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}" => Key deleted successfully.

"HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}" => Key deleted successfully.

"HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}" => Key deleted successfully.

"HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully.

"HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.

"HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.

"HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.

"HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.

 

========================= Folder: C:\Users\JUDY\AppData\Local\{A323528A-2121-4BB8-B742-20C0B4681180} ========================

 

 

====== End of Folder: ======

 

 

=========  ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

 

 

==== End of Fixlog ====

Link to post
Share on other sites

Good job. 

Please work your way through the following, and let me know how you get on.
 
STEP 1
6JO0hXH.png Revo Uninstaller

  • Please download and install Revo Uninstaller Free.
  • Double-click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • Snap.Do
    • Update Manager for SweetPacks 1.1
    • Web Assistant 2.0.0.445 
  • Double-click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme uninstaller will run. If prompted again click Yes.
  • Work your way through the uninstaller, ensuring you read each page thoroughly.
  • Note: Ensure you decline offers of additional software if applicable. 
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Once done click Finish.
     

STEP 2
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 3
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 4
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • (!) Load each profile before running the scan. 
  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 

 

======================================================

STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did the programmes uninstall OK?
  • AdwCleaner[s0].txt
  • JRT.txt
  • FRST.txt
  • Addition.txt
Link to post
Share on other sites

Hi Adam:

  1.  
  • Snap.Do  Could not find file, neither could I
  • Update Manager for SweetPacks 1.1  Could not find file, neither could I . I had tried previously to uinstall this via Control Panel and could not
  • Web Assistant 2.0.0.445  Removed complletely
  • Also removed the Video Convertor which was still there!
  • removed AvSynth 2.5
# AdwCleaner v3.311 - Report created 05/11/2014 at 16:30:27
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : JUDY - JUDY-PC
# Running from : C:\Users\JUDY\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : vToolbarUpdater11.2.0
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\Users\JUDY\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\JUDY\AppData\Local\PackageAware
Folder Deleted : C:\Users\JUDY\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\JUDY\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna
File Deleted : C:\Users\JUDY\AppData\Roaming\Mozilla\Firefox\Profiles\h8qyudtn.default\user.js
File Deleted : C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Mahjong Games\Uninstall.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kodak-easyshare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kodak-easyshare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Webplayer
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Mozilla Firefox v32.0.3 (x86 en-GB)
 
[ File : C:\Users\JUDY\AppData\Roaming\Mozilla\Firefox\Profiles\h8qyudtn.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [10404 octets] - [05/11/2014 16:28:02]
AdwCleaner[s0].txt - [10487 octets] - [05/11/2014 16:30:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10548 octets] ##########

 

 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 7 Professional x86
Ran by JUDY on Wed 05/11/2014 at 16:49:18.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASMANCS
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\JUDY\appdata\local\{8D4C5E4E-A671-4BA6-BD19-242FA44214C6}
Successfully deleted: [Empty Folder] C:\Users\JUDY\appdata\local\{A323528A-2121-4BB8-B742-20C0B4681180}
Successfully deleted: [Empty Folder] C:\Users\JUDY\appdata\local\{C485D0C4-DAC5-4419-99E3-6D3A870FB7F4}
Successfully deleted: [Empty Folder] C:\Users\JUDY\appdata\local\{CC4C4E79-F2A3-4CE1-83E7-F48E537514A5}
Successfully deleted: [Empty Folder] C:\Users\JUDY\appdata\local\{E20FAF53-5EDD-4581-AA5D-21064EA12770}
Successfully deleted: [Empty Folder] C:\Users\JUDY\appdata\local\{EF68F226-9C3F-4349-98CF-53AA638B67D6}
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\JUDY\AppData\Roaming\mozilla\firefox\profiles\h8qyudtn.default\minidumps [28 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\JUDY\appdata\local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\cdjbnddbclciabnckgeahmneohjlahdm
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 05/11/2014 at 16:53:25.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 
 
LastRegBack: 2014-11-05 00:12
 
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2014
Ran by JUDY at 2014-11-05 17:00:26
Running from C:\Users\JUDY\Dropbox\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (HKLM\...\Adobe_7e74552a59eaf9fafd13f90894ac9bd) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AUSkey software 1.4.4 (HKLM\...\{24D37B30-83B4-46A7-A691-30F2FCEAE58E}) (Version: 1.4.4 - ABR)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (Version: 13.31.1038.0 - Logitech) Hidden
Cashbook Complete (HKLM\...\Cashbook Complete) (Version:  - )
CCScore (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKCU\...\Dropbox) (Version: 2.11.33 - Dropbox, Inc.)
EasyRotator Wizard (HKLM\...\com.dwuser.erwizard.EasyRotatorWizard) (Version: 1.0.124 - Magnetic Marketing Corp)
EasyRotator Wizard (Version: 1.0.124 - Magnetic Marketing Corp) Hidden
eM Client (HKLM\...\{8A33684C-A2EF-4A49-A4A9-BD6EF80EC12A}) (Version: 6.0.21040.0 - eM Client Inc.)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESSBrwr (Version: 7.00.0000.0003 - EASTMAN KODAK Company) Hidden
ESSCDBK (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESScore (Version: 7.00.0000.0008 - EASTMAN KODAK Company) Hidden
ESSgui (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSini (Version: 7.00.0000.0003 - EASTMAN KODAK Company) Hidden
ESSPCD (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSSONIC (Version: 6.4.0000.0001 - EASTMAN KODAK Company) Hidden
ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
e-tax 2014 (HKLM\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.10.788 - Australian Taxation Office)
Fences 2 (HKLM\...\Fences 22.01) (Version: 2.01 - Stardock Corporation)
fflink (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
FileZilla Client 3.9.0.5 (HKLM\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
Fotosizer 2.08 (HKLM\...\Fotosizer) (Version: 2.08.0.545 - Fotosizer.com)
GanttProject (HKLM\...\GanttProject) (Version:  - )
GIMP 2.6.12-2 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.12 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Drive (HKLM\...\{56D4499E-AC3E-4B8D-91C9-C700C148C44B}) (Version: 1.13.5782.599 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{AC6EE263-E4DD-4150-9014-689B1D4A3315}) (Version: 4.0.5.20 - Apple Inc.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Internode Monthly Usage Meter 8.2a (HKLM\...\Internode Monthly Usage Meter_is1) (Version:  - )
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
kgcbase (Version: 5.03.0000.0004 - EASTMAN KODAK Company) Hidden
Kobo (HKLM\...\Kobo) (Version: 3.0.4 - Kobo Inc.)
Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
Korean Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5670-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Lyrics Plugin for Windows Media Player (HKLM\...\{43002AE2-4093-49E0-A03D-990EE184C568}) (Version: 0.4 - Lyrics Plugin)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MariusSoft Bulk Image Resizer (HKLM\...\{DE563E12-A92C-4547-A3E4-D93D744164D7}) (Version: 1.0.0 - MariusSoft LLC)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
netbrdg (Version: 7.00.0000.0003 - EASTMAN KODAK Company) Hidden
OfotoXMI (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
OverDrive Media Console (HKLM\...\{D647F06F-2908-487E-9CDA-DE52148CBF49}) (Version: 3.2.10 - OverDrive, Inc.)
PASSAGE 3 (English version) (HKLM\...\P3E) (Version:  - )
Password Generator (remove only) (HKCU\...\Password Generator) (Version:  - WinCatalog.com)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
Project Viewer 2010 SP1 (HKLM\...\{E0993C3B-5CCB-4160-A9CE-86604DAC20BE}) (Version: 17.3.0 - Viewer Central)
PSPad editor (HKLM\...\PSPad editor_is1) (Version:  - Jan Fiala)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SFR (Version: 7.00.0000.0004 - Eastman Kodak Company) Hidden
SHASTA (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
SKINXSDK (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
Snap.Do (HKLM\...\{F33C8209-E8E0-49C8-8D7E-363CD346C801}) (Version: 11.117.1.19710 - ReSoft Ltd.) <==== ATTENTION
staticcr (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
tooltips (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VPRINTOL (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
WD SmartWare (HKLM\...\{A6813E19-244A-476E-8AE5-A1176739EEE5}) (Version: 1.6.0.25 - Western Digital)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WIRELESS (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hidden
WOW Slider (HKLM\...\WOW Slider_is1) (Version:  - )
XAMPP 1.7.7 (HKLM\...\xampp) (Version:  - )
Yahoo!7 Messenger (HKLM\...\Yahoo!7 Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{20C62CA0-15DA-101B-B9A8-444553540000}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{20C62CAB-15DA-101B-B9A8-444553540000}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6FBA474B-43AC-11CE-9A0E-00AA0062BB4C}\InprocServer32 -> C:\Windows\system32\sysinfo.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BB1AE0D0-634E-11CF-8996-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BB1AE0D1-634E-11CF-8996-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
 
==================== Restore Points  =========================
 
01-11-2014 20:19:35 Windows Backup
03-11-2014 22:38:47 ComboFix created restore point
04-11-2014 11:19:46 Windows Update
05-11-2014 05:01:24 Revo Uninstaller Pro's restore point - Snap.Do
05-11-2014 05:06:43 Revo Uninstaller Pro's restore point - Yahoo! Software Update
05-11-2014 05:08:52 Revo Uninstaller Pro's restore point - Update Manager for SweetPacks 1.1
05-11-2014 05:10:47 Revo Uninstaller Pro's restore point - Web Assistant 2.0.0.445
05-11-2014 05:15:27 Revo Uninstaller Pro's restore point - Videora iPod Converter 6
05-11-2014 05:17:30 Revo Uninstaller Pro's restore point - AviSynth 2.5
05-11-2014 05:21:21 Revo Uninstaller Pro's restore point - YouTube Downloader App 3.00
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 21:23 - 2014-11-04 09:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {21F2886D-9563-41E3-B8C5-95BDB221CDC5} - System32\Tasks\SDMsgUpdate (Local) => C:\Program Files\SmartDraw CI\Messages\SDNotify.exe [2012-08-14] ()
Task: {3674A452-9074-4D18-87C3-FC55398DB483} - System32\Tasks\HP AR Program Upload - 9bcc7fd55bd04f98b9848c21cb4fee10f8d5d3240f3c44208ada20b20a7f0d85 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {386DF063-9C35-431D-8683-E9DAE84E9651} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files\SmartDraw CI\Messages\SDNotify.exe [2012-08-14] ()
Task: {391BB1EF-867C-4839-9B8C-396910A5E44D} - System32\Tasks\HP AR Program Upload - 6f2b85e691014a32b2dbda37ff2ee6c4a392746e39ef41818d4e9e816a03fa2d => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {4BB46668-3F6B-409D-8DB3-94333546E251} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {745039D9-7BF1-41E3-97D2-5B60E330E2DB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {75E37D6C-CBC4-493F-B1B7-483D95D6B643} - System32\Tasks\HP AR Program Upload - 6a1b909d73cf47668c635d1b70c737f0df200fce71c9499d8fe5fa4d11bad297 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {7C2A209A-4AFB-4724-B6CD-66C82A14B26D} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {9A8E8E42-C684-45C0-9DCD-FF01AAC4010E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {BDF21EC8-095B-4549-A19E-81B537B27472} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-03] (Adobe Systems Incorporated)
Task: {BF0BDD64-C447-4609-A36B-1B1CA457F183} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.)
Task: {CD262629-5463-42A9-8239-3C2F3552F4DB} - System32\Tasks\HP AR Program Upload - af41b27368bd45959bdc19a601e84794810127de4b2249b3be3a20b59b9b1845 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {D0604AD8-A356-494A-B4B5-97352F740746} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {D947123D-86E4-49CF-8F49-F98144E956F7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F0AA8786-B93A-4845-B679-48E9B7228712} - System32\Tasks\eM Client Database Backup => C:\Program Files\eM Client\DbBackup.exe [2014-10-16] ()
Task: {F1A343BC-AB6D-4640-A1C3-BBB4ACE7B2E9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {F56D68F0-0162-4134-B52C-68906D1D09B3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {FC9F2ABD-785C-4736-B580-7F629C05BDAE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core.job => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA.job => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SDMsgUpdate (Local).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe
Task: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-04-26 12:45 - 2001-07-26 16:17 - 00692224 _____ () C:\Program Files\Internode\libeay32.dll
2012-04-26 12:45 - 2001-07-26 16:18 - 00151552 _____ () C:\Program Files\Internode\ssleay32.dll
2013-12-03 00:29 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2013-12-03 00:28 - 2012-05-25 04:25 - 00078336 _____ () C:\Program Files\Yahoo!\Messenger\pcre.dll
2014-10-21 16:16 - 2014-10-21 16:16 - 00750080 _____ () C:\Users\JUDY\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-11-05 16:42 - 2014-11-05 16:42 - 00043008 _____ () c:\users\judy\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvl3qsy.dll
2014-10-21 16:16 - 2014-10-21 16:16 - 00047616 _____ () C:\Users\JUDY\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 16:16 - 2014-10-21 16:16 - 00863744 _____ () C:\Users\JUDY\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 16:16 - 2014-10-21 16:16 - 00200704 _____ () C:\Users\JUDY\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-09-07 03:44 - 2014-09-07 03:44 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-25 03:41 - 2014-05-25 03:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-25 03:41 - 2014-05-25 03:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2012-04-21 15:00 - 2009-11-16 21:31 - 00069632 _____ () C:\Program Files\PSPad editor\PSPadShell.dll
2014-10-30 00:29 - 2014-10-22 15:04 - 01042760 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-30 00:29 - 2014-10-22 15:04 - 00211272 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-30 00:29 - 2014-10-22 15:04 - 08910664 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-30 00:29 - 2014-10-22 15:04 - 01681224 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-11-03 14:51 - 2014-11-03 14:51 - 16832176 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCT_SKMScan => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: vseamps => 2
MSCONFIG\Services: vsedsps => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3679276584-3606042885-2229931398-500 - Administrator - Disabled)
Graham (S-1-5-21-3679276584-3606042885-2229931398-1007 - Administrator - Enabled) => C:\Users\Graham
Guest (S-1-5-21-3679276584-3606042885-2229931398-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3679276584-3606042885-2229931398-1005 - Limited - Enabled)
JUDY (S-1-5-21-3679276584-3606042885-2229931398-1000 - Administrator - Enabled) => C:\Users\JUDY
Public (S-1-5-21-3679276584-3606042885-2229931398-1006 - Limited - Enabled)
removevirus (S-1-5-21-3679276584-3606042885-2229931398-1003 - Administrator - Enabled) => C:\Users\removevirus
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (11/05/2014 04:59:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: 
%%1058
 
Error: (11/05/2014 04:58:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: 
%%1058
 
Error: (11/05/2014 04:58:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: 
%%1058
 
Error: (11/05/2014 04:57:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: 
%%1058
 
Error: (11/05/2014 04:57:26 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068WDBackup{81213AB4-5937-4340-88CD-66B4BC80DF73}
 
 
Microsoft Office Sessions:
=========================
Error: (02/20/2013 10:50:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 58 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/20/2013 10:32:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 884 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error: (09/20/2012 11:39:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2836 seconds with 1380 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-04-11 12:50:08.371
  Description: Code Integrity is unable to verify the image integrity of the file \Device\CdRom0\HitmanPro.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:08:27.523
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:08:27.507
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:08:27.507
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:08:27.492
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:08:27.492
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:04:49.404
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:04:49.404
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:04:49.388
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-20 19:04:49.388
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core2 Duo CPU E7200 @ 2.53GHz
Percentage of memory in use: 55%
Total physical RAM: 3326.18 MB
Available physical RAM: 1496.67 MB
Total Pagefile: 6650.64 MB
Available Pagefile: 4411.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.73 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:149.01 GB) (Free:63.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Steamfest 2014) (CDROM) (Total:1.1 GB) (Free:0 GB) UDF
Drive e: (WD Unlocker) (CDROM) (Total:0.02 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 166E37A8)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
==================== End Of Log ============================
Link to post
Share on other sites

Sorry here it is

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014
Ran by JUDY (administrator) on JUDY-PC on 05-11-2014 20:44:42
Running from C:\Users\JUDY\Dropbox\Desktop
Loaded Profiles: JUDY & removevirus & Graham (Available profiles: JUDY & removevirus & Graham)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: "https://www.google.com.au/webhp?"
CHR Profile: C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (Web Developer) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2012-04-20]
CHR Extension: (ColorZilla) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2012-11-17]
CHR Extension: (YouTube) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-20]
CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2012-04-20]
CHR Extension: (QR Code Generator) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cicimfkkbejhggfjaabggafffgdnjgjp [2012-08-29]
CHR Extension: (Google Search) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-20]
CHR Extension: (20-20 3D Viewer for Virtual Studio) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbhljkhbideandpbhpinhedfgdhkpdc [2014-01-11]
CHR Extension: (Lorem Ipsum Generator) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpfoncmmihgkooacnplecaopcefceam [2012-08-29]
CHR Extension: (Google Earth The Instant Way) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpifhlbldgbpgcgpcmiakanpghoddbme [2012-05-12]
CHR Extension: (The QR Code Generator) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2012-08-29]
CHR Extension: (Pin It Button) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-10-24]
CHR Extension: (ManageWP) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfehlfmidmihiohmobbfnbpgkckijbjj [2012-08-06]
CHR Extension: (HTML5 Web Development IDE) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kheidghjolippfddjfloeinafjkcgcic [2012-11-17]
CHR Extension: (Google Maps) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2012-05-12]
CHR Extension: (Google Wallet) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (SEO for Chrome) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2012-04-20]
CHR Extension: (Gmail) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-20]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JUDY\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-04]
CHR StartMenuInternet: Google Chrome - C:\Users\JUDY\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S4 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1150368 2012-04-24] (Western Digital )
S4 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [247704 2012-04-11] (Western Digital)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.)
S3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.)
R3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [22176 2012-01-18] (Logitech Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-12-03] (EldoS Corporation)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
U4 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [28256 2014-08-13] (EldoS Corporation)
R1 SCT_SKMScan; C:\Windows\System32\DRIVERS\sct_skmscan.sys [33096 2012-10-12] (Sophos Limited)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-01-15] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\Users\JUDY\AppData\Local\Temp\catchme.sys [X]
S3 massfilter_hs; \??\C:\Windows\system32\drivers\massfilter_hs.sys [X]
S3 zghsdiag; system32\DRIVERS\zghsdiag.sys [X]
S3 zghsmdm; system32\DRIVERS\zghsmdm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-05 19:56 - 2014-11-05 19:56 - 00045719 _____ () C:\Users\JUDY\.recently-used.xbel
2014-11-05 19:37 - 2014-11-05 19:37 - 00000162 ____H () C:\Users\JUDY\Desktop\~$010336027.dotx
2014-11-05 16:57 - 2014-11-05 16:57 - 00000000 ____D () C:\Users\removevirus\AppData\Local\VS Revo Group
2014-11-05 16:53 - 2014-11-05 16:53 - 00001922 _____ () C:\Users\JUDY\Desktop\JRT.txt
2014-11-05 16:49 - 2014-11-05 16:49 - 00000000 ____D () C:\Windows\ERUNT
2014-11-05 16:46 - 2014-11-05 16:46 - 01706359 _____ (Thisisu) C:\Users\JUDY\Desktop\JRT.exe
2014-11-05 16:27 - 2014-11-05 16:30 - 00000000 ____D () C:\AdwCleaner
2014-11-05 16:25 - 2014-11-05 16:26 - 01375089 _____ () C:\Users\JUDY\Desktop\AdwCleaner.exe
2014-11-05 15:59 - 2014-11-05 15:59 - 00001234 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-11-05 15:59 - 2014-11-05 15:59 - 00000000 ____D () C:\Users\JUDY\AppData\Local\VS Revo Group
2014-11-05 15:59 - 2014-11-05 15:59 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-11-05 15:59 - 2014-11-05 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-11-05 15:59 - 2014-11-05 15:59 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-11-05 15:59 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-11-05 15:57 - 2014-11-05 15:57 - 10691640 _____ (VS Revo Group ) C:\Users\JUDY\Desktop\RevoUninProSetup.exe
2014-11-05 15:57 - 2014-11-05 15:57 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\JUDY\Desktop\revosetup.exe
2014-11-05 08:18 - 2014-11-05 08:18 - 00871527 _____ () C:\Users\JUDY\Desktop\graphicriver-263359-four-coffee-design-templates.zip
2014-11-05 08:15 - 2014-11-05 08:15 - 02338942 _____ () C:\Users\JUDY\Desktop\codecanyon-7127218-book-a-place-pro-wordpress-plugin.zip
2014-11-05 08:15 - 2014-11-05 08:15 - 02338942 _____ () C:\Users\JUDY\Desktop\codecanyon-7127218-book-a-place-pro-wordpress-plugin (1).zip
2014-11-04 18:57 - 2014-11-04 18:57 - 06126536 _____ (Tim Kosse) C:\Users\JUDY\Downloads\FileZilla_3.9.0.6_win32-setup.exe
2014-11-04 15:03 - 2014-11-04 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-11-04 15:01 - 2014-11-04 15:01 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-04 15:01 - 2014-11-04 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-04 15:00 - 2014-11-04 15:01 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-04 15:00 - 2014-11-04 15:00 - 00000000 ____D () C:\Program Files\iPod
2014-11-04 11:12 - 2014-11-04 13:26 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-11-04 10:14 - 2014-11-04 10:14 - 00000000 ____D () C:\Users\removevirus\AppData\Local\Google
2014-11-04 10:07 - 2014-11-04 10:07 - 00019827 _____ () C:\ComboFix.txt
2014-11-04 09:19 - 2014-11-04 09:19 - 05591672 _____ (Swearware) C:\Users\JUDY\Desktop\ComboFix.exe
2014-11-03 14:51 - 2014-11-05 20:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-03 14:51 - 2014-11-03 14:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-03 14:51 - 2014-11-03 14:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-30 19:11 - 2010-11-20 23:21 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-10-30 11:11 - 2014-11-05 20:44 - 00000000 ____D () C:\FRST
2014-10-30 01:46 - 2014-10-30 01:46 - 00000097 _____ () C:\Users\JUDY\Desktop\FRST.txt
2014-10-30 00:55 - 2014-10-30 00:56 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\JUDY\Desktop\tdsskiller.exe
2014-10-30 00:54 - 2014-10-30 01:46 - 00044517 _____ () C:\Users\JUDY\Desktop\Addition.txt
2014-10-30 00:49 - 2014-10-30 00:49 - 01105408 _____ (Farbar) C:\Users\JUDY\Desktop\FRST.exe
2014-10-29 19:19 - 2014-10-29 19:24 - 00000000 ____D () C:\.Trash-999
2014-10-28 19:02 - 2014-11-05 16:30 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Mahjong Games
2014-10-26 15:24 - 2014-10-26 15:26 - 25491968 _____ () C:\Users\JUDY\Desktop\Steamfest 2014 - Exhibits & Stall Holders (Mick Smith's conflicted copy 2014-03-05).xls
2014-10-15 18:27 - 2014-06-27 12:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-15 17:51 - 2014-09-18 12:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 17:51 - 2014-06-25 12:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-15 17:51 - 2014-06-24 13:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-15 17:50 - 2014-09-25 12:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-15 17:50 - 2014-09-05 12:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 17:50 - 2014-08-01 22:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-15 17:50 - 2014-07-09 12:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-15 17:50 - 2014-07-09 09:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-15 17:49 - 2014-09-10 08:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-15 17:35 - 2014-09-29 11:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 17:32 - 2014-09-04 16:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 17:31 - 2014-07-17 12:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 17:31 - 2014-07-17 12:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 17:31 - 2014-07-17 12:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 17:31 - 2014-07-17 12:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 17:31 - 2014-07-17 12:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 17:31 - 2014-07-17 12:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 17:30 - 2014-07-17 12:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 17:30 - 2014-07-17 12:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 17:29 - 2014-10-07 13:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 17:29 - 2014-09-26 09:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 17:29 - 2014-09-26 09:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 17:29 - 2014-09-26 09:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 17:29 - 2014-09-26 09:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 17:29 - 2014-09-26 09:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 17:29 - 2014-09-19 12:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 17:29 - 2014-09-19 12:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 17:29 - 2014-09-19 12:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 17:29 - 2014-09-19 12:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 17:29 - 2014-09-19 12:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 17:29 - 2014-09-19 12:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 17:29 - 2014-09-19 12:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 17:29 - 2014-09-19 11:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 17:29 - 2014-09-19 11:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 17:29 - 2014-09-19 11:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 17:29 - 2014-09-19 11:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 17:29 - 2014-09-19 11:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 17:29 - 2014-09-19 11:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 17:29 - 2014-09-19 11:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 17:29 - 2014-09-19 11:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 17:29 - 2014-09-19 11:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 17:29 - 2014-09-19 11:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 17:29 - 2014-09-19 11:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 17:29 - 2014-09-19 11:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 17:29 - 2014-09-19 11:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 17:29 - 2014-09-19 11:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 17:29 - 2014-09-19 10:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 17:29 - 2014-09-19 10:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 17:29 - 2014-09-19 10:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 17:29 - 2014-06-19 09:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 17:29 - 2014-06-19 09:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 17:29 - 2014-06-19 09:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 17:28 - 2014-09-13 12:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 17:28 - 2014-08-29 12:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 17:27 - 2014-07-07 12:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 17:27 - 2014-07-07 12:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 17:27 - 2014-07-07 12:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 17:27 - 2014-07-07 12:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 17:27 - 2014-06-28 11:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 17:27 - 2014-06-28 11:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 17:27 - 2014-06-28 11:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 17:26 - 2014-08-19 13:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 17:26 - 2014-08-19 13:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 17:26 - 2014-08-19 13:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 17:26 - 2014-08-19 13:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 17:26 - 2014-08-19 13:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 17:26 - 2014-08-19 12:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 17:26 - 2014-07-07 12:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 17:26 - 2014-07-07 12:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 17:26 - 2014-07-07 12:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 17:26 - 2014-07-07 12:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 17:26 - 2014-07-07 12:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 17:26 - 2014-07-07 12:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 17:26 - 2014-07-07 12:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 17:26 - 2014-07-07 12:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 18:30 - 2014-10-14 18:30 - 00474271 _____ () C:\Users\JUDY\Desktop\Dimensions.xlsx
2014-10-13 13:25 - 2014-10-30 00:15 - 00000408 _____ () C:\Windows\system32\iolo.ini
2014-10-13 13:10 - 2014-10-13 13:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-10 09:02 - 2014-10-10 09:02 - 00007435 _____ () C:\Users\JUDY\Desktop\2014-June.txt.gz
2014-10-09 20:33 - 2014-10-09 20:33 - 00000000 ____D () C:\Users\JUDY\Desktop\2014+TasTourismAwards+Finalist+Logos
2014-10-09 13:35 - 2014-10-09 13:35 - 00000064 _____ () C:\Users\JUDY\Desktop\Steamfest call tracker.laccdb
2014-10-07 14:44 - 2014-10-07 14:44 - 00000000 ____D () C:\Users\JUDY\NZBDriveCache
2014-10-07 14:37 - 2014-10-07 14:37 - 00000000 ____D () C:\Users\JUDY\AppData\Local\ByteFountain
2014-10-07 14:35 - 2014-10-07 15:00 - 00000000 ____D () C:\Program Files\NZBDrive
2014-10-07 14:35 - 2014-01-08 23:34 - 00051712 _____ () C:\Windows\system32\dokanx.dll
2014-10-07 14:27 - 2014-10-07 14:28 - 05194104 _____ (ByteFountain ) C:\Users\JUDY\Desktop\nzbdrive-setup-1.1.1-win.exe
2014-10-06 16:42 - 2014-10-06 16:43 - 00000000 ____D () C:\Users\JUDY\Desktop\TOSHIBA
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-05 20:28 - 2012-04-20 22:25 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA.job
2014-11-05 20:01 - 2012-04-21 14:45 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\FileZilla
2014-11-05 19:56 - 2014-09-17 18:04 - 00000000 ____D () C:\Users\JUDY\.gimp-2.6
2014-11-05 19:56 - 2012-04-20 20:30 - 00000000 ____D () C:\Users\JUDY
2014-11-05 19:19 - 2014-07-07 23:07 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-05 17:35 - 2012-04-21 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-11-05 17:35 - 2012-04-21 14:44 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-11-05 17:34 - 2012-06-11 00:49 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\eM Client
2014-11-05 16:56 - 2013-12-08 22:31 - 00000478 _____ () C:\Windows\Tasks\SDMsgUpdate (Local).job
2014-11-05 16:56 - 2013-12-08 22:31 - 00000470 _____ () C:\Windows\Tasks\SDMsgUpdate (TE).job
2014-11-05 16:50 - 2012-04-20 20:36 - 01799370 _____ () C:\Windows\WindowsUpdate.log
2014-11-05 16:44 - 2012-05-09 17:30 - 00000000 ___RD () C:\Users\JUDY\Dropbox
2014-11-05 16:43 - 2012-05-09 16:35 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Dropbox
2014-11-05 16:40 - 2012-04-20 20:29 - 00010080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-05 16:40 - 2012-04-20 20:29 - 00010080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-05 16:33 - 2014-09-27 22:25 - 00075453 _____ () C:\Windows\setupact.log
2014-11-05 16:33 - 2009-07-14 15:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-05 16:32 - 2012-04-20 20:33 - 02524592 _____ () C:\Windows\PFRO.log
2014-11-05 16:07 - 2013-12-03 00:29 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-11-05 16:07 - 2012-04-21 14:01 - 00000000 ____D () C:\Program Files\Yahoo!
2014-11-05 16:02 - 2013-07-08 18:15 - 00016896 ___SH () C:\Users\JUDY\Thumbs.db
2014-11-05 15:29 - 2009-07-14 15:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-05 05:28 - 2012-04-20 22:25 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core.job
2014-11-05 01:42 - 2012-12-20 11:11 - 00000000 ____D () C:\Users\JUDY\Documents\eM Client
2014-11-04 15:43 - 2012-04-22 19:52 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\gtk-2.0
2014-11-04 15:01 - 2013-10-18 16:49 - 00000000 ____D () C:\Program Files\iTunes
2014-11-04 15:00 - 2014-08-15 15:59 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-11-04 15:00 - 2012-08-27 22:56 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-04 13:32 - 2012-04-20 20:43 - 00786474 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-04 10:15 - 2013-03-26 21:58 - 00116576 _____ () C:\Users\removevirus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-04 10:07 - 2014-01-22 22:44 - 00000000 ____D () C:\Qoobox
2014-11-04 09:58 - 2009-07-14 13:04 - 00000215 _____ () C:\Windows\system.ini
2014-11-04 09:56 - 2014-01-22 22:43 - 00000000 ____D () C:\Windows\erdnt
2014-11-04 09:37 - 2012-04-21 13:59 - 00000000 ____D () C:\Users\JUDY\Documents\INSTALLS  TO KEEP
2014-11-03 20:14 - 2014-09-29 10:51 - 01802240 _____ () C:\Users\JUDY\Documents\RWCSHS.accdb
2014-11-03 14:59 - 2012-04-20 22:50 - 00000000 ____D () C:\Users\JUDY\AppData\Local\Adobe
2014-11-01 05:20 - 2013-10-24 09:54 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-30 12:34 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-10-30 12:16 - 2013-07-04 01:39 - 00000000 ____D () C:\Program Files\etax2013
2014-10-30 09:11 - 2012-04-21 14:19 - 00000000 ____D () C:\Users\JUDY\Documents\WEB DESIGN TOOLS
2014-10-30 07:52 - 2014-07-10 11:11 - 00000000 ____D () C:\Users\Graham
2014-10-30 07:52 - 2013-03-26 21:57 - 00000000 ____D () C:\Users\removevirus
2014-10-30 07:52 - 2012-04-21 15:00 - 00000000 ____D () C:\Program Files\PSPad editor
2014-10-30 07:52 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-10-30 07:52 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\registration
2014-10-30 03:24 - 2012-05-20 01:17 - 00000000 ____D () C:\Users\JUDY\AppData\Local\Western_Digital
2014-10-30 00:15 - 2012-04-20 23:18 - 00000392 _____ () C:\Windows\system32\iolo.ini.txt
2014-10-28 06:35 - 2012-04-20 21:13 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 18:39 - 2012-04-21 15:44 - 00000000 ____D () C:\Windows\system32\config\SM Registry Backup
2014-10-24 17:19 - 2012-04-21 13:45 - 00000000 ____D () C:\Users\JUDY\Documents\Cashbook Data
2014-10-24 17:19 - 2012-04-21 13:44 - 00000000 ____D () C:\ProgramData\Cashbook Complete
2014-10-23 11:57 - 2014-07-13 19:34 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-tax 2014
2014-10-23 11:57 - 2014-07-13 19:34 - 00000000 ____D () C:\Program Files\etax2014
2014-10-21 16:07 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\PLA
2014-10-17 10:04 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-17 09:56 - 2012-06-11 00:48 - 00000924 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
2014-10-17 09:56 - 2012-06-11 00:48 - 00000000 ____D () C:\Program Files\eM Client
2014-10-15 20:08 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\rescache
2014-10-15 19:26 - 2014-07-07 22:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-15 19:26 - 2009-07-14 15:33 - 02355440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 18:32 - 2012-04-21 21:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 18:23 - 2013-08-15 04:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 18:08 - 2012-04-22 10:17 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 14:22 - 2012-09-03 12:47 - 00000000 ____D () C:\Users\JUDY\Documents\My Kindle Content
2014-10-14 08:54 - 2014-07-07 22:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-13 13:10 - 2012-04-20 22:22 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-13 13:10 - 2012-04-20 22:22 - 00000000 ____D () C:\Program Files\Adobe
2014-10-10 18:43 - 2013-02-23 13:54 - 00000000 ___SD () C:\Users\JUDY\Documents\My Data Sources
 
Some content of TEMP:
====================
C:\Users\JUDY\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvl3qsy.dll
C:\Users\JUDY\AppData\Local\temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-05 00:12
 
==================== End Of Log ============================
Link to post
Share on other sites

Hi Judy, 

 

Please do the following. 

 

STEP 1
EtQetiM.png Uninstall Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall.
  • Note: Ensure you decline offers of additional software if applicable.
    • Snap.Do
  • Follow the prompts.
  • Reboot if necessary.
     

STEP 2
YjhLJro.png SystemLook

  • Please download SystemLook (x32) and save the file to your Desktop.
  • Right-Click SystemLook.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Copy the entire contents of the codebox below and paste into the textfield.
    :filefind*Snap.Do**ReSoft**SweetPacks* *SweetIM*:folderfind*​Snap.Do**ReSoft**SweetPacks* *SweetIM*:regfind​Snap.DoReSoftSweetPacks SweetIM
  • Click the Ji0XpU4.png button to start the scan.
  • Upon completion, a log (SystemLook.txt) will open. Copy the contents of the log and paste in your next reply.
  • Click the OCFv7xc.png button. 
     

======================================================
 
STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Could you uninstall Snap.Do?
  • SystemLook.txt
Link to post
Share on other sites

Hi Adam

 

first up, Malwarebytes is bringing up a window that says it is unable to load the Anti-Rootkill DDA Driver, this may be caused by rootkit activity, and do I want to reboot to re install the driver? I have rebooted twice so far in response. Is this due to what we are doing on the pc or something else?

 

Cannot uninstall Snap Do - it is on a network resource that is unavailable. It occurred to me it could be on the backup on my external HDD device (though how that would apply I didn't see)  so I deleted the backup altogether and rebooted, still with the HDD connected. Unlocked the HDD and checked and the folder is gone. But it is still sitting there in my control panel!!  I did this before I ran SystemLook.exe

 

ystemLook 30.07.11 by jpshortstuff
Log created at 09:05 on 06/11/2014 by JUDY
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*Snap.Do*"
No files found.
 
Searching for "*ReSoft*"
C:\ProgramData\Western Digital\WD SmartWare\SmartWareSoftwareUpdater.txt --a---- 580 bytes [02:15 13/06/2012] [02:18 13/06/2012] ECA7D5952DC0502210FB956860D42B13
C:\Users\All Users\Western Digital\WD SmartWare\SmartWareSoftwareUpdater.txt --a---- 580 bytes [02:15 13/06/2012] [02:18 13/06/2012] ECA7D5952DC0502210FB956860D42B13
 
Searching for "*SweetPacks* "
No files found.
 
Searching for "*SweetIM*"
No files found.
 
========== folderfind ==========
 
Searching for "*​Snap.Do*"
No folders found.
 
Searching for "*ReSoft*"
No folders found.
 
Searching for "*SweetPacks* "
No folders found.
 
Searching for "*SweetIM*"
C:\AdwCleaner\Quarantine\C\ProgramData\SweetIM d------ [05:30 05/11/2014]
 
========== regfind ==========
 
Searching for "​Snap.Do"
No data found.
 
Searching for "ReSoft"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3679276584-3606042885-2229931398-1000\Products\9028C33F0E8E8C94D8E763C33D648C10\InstallProperties]
"Publisher"="ReSoft Ltd."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F33C8209-E8E0-49C8-8D7E-363CD346C801}]
"Publisher"="ReSoft Ltd."
 
Searching for "SweetPacks "
No data found.
 
Searching for "SweetIM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Communicator\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Communicator\Logs\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Communicator\conf\"=""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DC1F45BB-9CAB-465A-8F46-97307AEE465F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BE95D885-9F7C-4D85-AE03-3D8998524789}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DC1F45BB-9CAB-465A-8F46-97307AEE465F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BE95D885-9F7C-4D85-AE03-3D8998524789}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DC1F45BB-9CAB-465A-8F46-97307AEE465F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BE95D885-9F7C-4D85-AE03-3D8998524789}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
 
-= EOF =-
Link to post
Share on other sites

first up, Malwarebytes is bringing up a window that says it is unable to load the Anti-Rootkill DDA Driver, this may be caused by rootkit activity, and do I want to reboot to re install the driver? I have rebooted twice so far in response. Is this due to what we are doing on the pc or something else?

This could be due to an issue with your MBAM installation, or the presence of a rootkit.

We'll check for the latter now, and come back to Snap.Do later.

STEP 1

aA7bkRO.pngaswMBR

  • Please download aswMBR and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click aswMBR.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Yes when prompted to download avast! virus definitions. Wait until AVAST engine defs: ### appears.
  • If you are prompted to enable the use of "Virtualization Technology", click Yes.
  • Click the AV Scan: drop down box and click C:\.
  • Click Scan.
  • Upon completion, you will see Scan finished successfully. Click Save log. Save the log to your Desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
Note: Do NOT click Fix or FixMBR.

Note: A file (MBR.dat) will be created on your Desktop. Do NOT click or delete it.

STEP 2

iAdP9bf.pngMalwarebytes Anti-Rootkit (MBAR)

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Double-click MBAR.exe to run the installer.
  • Select a convenient location to extract the contents and click OK. Navigate to the location you selected.
  • Double-click MBAR.exe to run the programme.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the programme.
  • Follow the prompts to update the programme and scan your computer.
  • Upon completion, click Cleanup and reboot your computer.
  • After the reboot, rerun the programme to verify no threats remain. If threats are still detected, click the Cleanup button once more.
  • Upon completion, two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.
======================================================

STEP 3

xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpgLogs

In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • aswMBR log
  • mbar-log.txt
  • system-log.txt
Link to post
Share on other sites