tasnan49 Posted October 29, 2014 ID:898129 Share Posted October 29, 2014 been reading posts here, note the answers are individually given so thought I had best start a new post.Windows 7 desktop. Malwarebytes Pro quarantined some files, I agreed to actions. files deleted and told needed to restart. Clicked on agreement. Came back on, windows start logo then black screen with moving cursor. Have tried the following:System repair - after it said was successful rebooted to black screen Tried safe mode - runs files then black sceen Ditto safe mode with networking Windows installation disk repair - by which time I realised monitor not the problem, must be virus I have downloaded frst and have frst.txt log and have attached itFRST.txtPlease can someone help me - I do admin for volunteer group and need to be able to use pc thanks in advance! Link to post Share on other sites More sharing options...
LiquidTension Posted October 29, 2014 ID:898450 Share Posted October 29, 2014 Hello tasnan49, welcome to Malwarebytes' Malware Removal forum! My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.If you would allow me to call you by your first name I would prefer that. General P2P/Piracy Notice: If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed. ====================================================== Please read through the points below to ensure this process moves as quickly and efficiently as possible.Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.Please backup important file before proceeding with my instructions. Malware removal can be unpredictable.If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.Ensure you are following this topic. Click at the top of the page. ====================================================== Enter the Recovery Environment as you did before, and run FRST. Farbar Recovery Scan Tool (FRST) SearchType the following text into the Search: textbox:rpcss.dllClick on the Search File(s) button.Upon completion, a log (Search.txt) will be saved to your USB drive.Copy the contents of the log and paste in your next reply. Link to post Share on other sites More sharing options...
tasnan49 Posted October 29, 2014 Author ID:898818 Share Posted October 29, 2014 Hi Adam, I'm Judy and am in Tasmania Australia. Thanks for helping. Have run FRST per instructions and search.txt is below:Farbar Recovery Scan Tool (x86) Version: 27-10-2014 01Ran by SYSTEM at 2014-10-29 22:13:44Running from E:\Boot Mode: Recovery ================== Search: "rpcss.dll" =================== C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll[2012-04-21 19:07][2010-11-20 04:21] 0376832 ____A (Microsoft Corporation) 7660F01D3B38ACA1747E397D21D790AF C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll[2009-07-13 15:45][2009-07-13 17:16] 0376320 ____A (Microsoft Corporation) B82CD39E336973359D7C9BF911E8E84F C:\Windows\erdnt\cache\rpcss.dll[2014-01-22 04:15][2010-11-20 04:21] 0376832 ____A (Microsoft Corporation) 7660F01D3B38ACA1747E397D21D790AF X:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll[2009-07-13 15:45][2009-07-13 17:16] 0376320 ____A (Microsoft Corporation) B82CD39E336973359D7C9BF911E8E84F X:\Windows\System32\rpcss.dll[2009-07-13 15:45][2009-07-13 17:16] 0376320 ____A (Microsoft Corporation) B82CD39E336973359D7C9BF911E8E84F X:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll[2009-07-13 15:45][2009-07-13 17:16] 0376320 ____A (Microsoft Corporation) B82CD39E336973359D7C9BF911E8E84F X:\Windows\System32\rpcss.dll[2009-07-13 15:45][2009-07-13 17:16] 0376320 ____A (Microsoft Corporation) B82CD39E336973359D7C9BF911E8E84F === End Of Search === Link to post Share on other sites More sharing options...
LiquidTension Posted October 29, 2014 ID:898900 Share Posted October 29, 2014 Please do the following, Judy. FRST Recovery Environment ScriptUsing your clean PC, press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.Copy the entire contents of the codebox below and paste into the Notepad document.startHKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [262656 2010-11-20] (Microsoft Corporation)HKU\removevirus\...\Run: [mskhet] => "C:\Windows\System32\rundll32.exe" "C:\Users\JUDY\AppData\Roaming\mskhet.dll",set_tRNS <===== ATTENTIONC:\Users\JUDY\AppData\Roaming\mskhet.dllC:\Users\JUDY\AppData\Local\Temp\ytaiesmt.exeReplace: C:\Windows\erdnt\cache\rpcss.dll C:\Windows\System32\rpcss.dllendClick File, Save As and type fixlist.txt as the File Name.Save the file to your USB drive.NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.Enter the Recovery Environment just as you did before.Run FRST just as you did before.Click the Fix button once.A log (Fixlog.txt) will be created on your USB drive.Boot into Windows. Copy the contents of Fixlog.txt and paste in your next reply. Link to post Share on other sites More sharing options...
tasnan49 Posted October 30, 2014 Author ID:898940 Share Posted October 30, 2014 did what you said, booted into Windows, took a long time to load, even after login, now I'm in, says Malwarebytes realtime protection is disabled clicking Fix Now does not work, not game to scan now or reboot as that is what happened before Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-10-2014 01Ran by SYSTEM at 2014-10-30 00:11:38 Run:1Running from e:\Boot Mode: Recovery ============================================== Content of fixlist:*****************startHKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [262656 2010-11-20] (Microsoft Corporation)HKU\removevirus\...\Run: [mskhet] => "C:\Windows\System32\rundll32.exe" "C:\Users\JUDY\AppData\Roaming\mskhet.dll",set_tRNS <===== ATTENTIONC:\Users\JUDY\AppData\Roaming\mskhet.dllC:\Users\JUDY\AppData\Local\Temp\ytaiesmt.exeReplace: C:\Windows\erdnt\cache\rpcss.dll C:\Windows\System32\rpcss.dllend***************** HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [262656 2010-11-20] (Microsoft Corporation) => Value not found.HKU\removevirus\Software\Microsoft\Windows\CurrentVersion\Run\\mskhet => value deleted successfully."C:\Users\JUDY\AppData\Roaming\mskhet.dll" => File/Directory not found.C:\Users\JUDY\AppData\Local\Temp\ytaiesmt.exe => Moved successfully.Could not find C:\Windows\System32\rpcss.dllC:\Windows\erdnt\cache\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll ==== End of Fixlog ==== Link to post Share on other sites More sharing options...
LiquidTension Posted October 30, 2014 ID:898945 Share Posted October 30, 2014 Good progress, Judy. Please proceed with the following. STEP 1 Farbar Recovery Scan Tool (FRST) ScanPlease download Farbar Recovery Scan Tool (x32) and save the file to your Desktop.Right-Click FRST.exe and select Run as administrator to run the programme.Click Yes to the disclaimer.Ensure the Addition.txt box is checked.Click the Scan button and let the programme run.Upon completion, click OK, then OK on the Addition.txt pop up screen.Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. STEP 2 TDSSKiller ScanPlease download TDSSKiller and save the file to your Desktop.Right-Click TDSSKiller.exe and select Run as administrator to run the programme.Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.Click Start Scan. Do not use the computer during the scan.If objects are found, change the action to skip.Click Continue and close the window.A log will be created and saved to the root directory (usually C:\). Attach the file in your next reply. ====================================================== STEP 3 LogsIn your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.FRST.txtAddition.txtTDSSKiller log (attached) Link to post Share on other sites More sharing options...
tasnan49 Posted October 30, 2014 Author ID:899023 Share Posted October 30, 2014 ok here we are LastRegBack: 2014-10-26 00:12 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-10-2014Ran by JUDY at 2014-10-30 01:34:41Running from C:\Users\JUDY\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: System Shield (Enabled - Up to date) {3030810C-E2AC-B12D-8BB1-B1B8C0193798}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: System Shield (Enabled - Up to date) {8B5160E8-C496-BEA3-B101-8ACABB9E7D25} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) HiddenAdobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)Adobe Creative Suite 4 Master Collection (HKLM\...\Adobe_7e74552a59eaf9fafd13f90894ac9bd) (Version: 4.0 - Adobe Systems Incorporated)Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon)Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)AUSkey software 1.4.4 (HKLM\...\{24D37B30-83B4-46A7-A691-30F2FCEAE58E}) (Version: 1.4.4 - ABR)AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )AVSDK5 (Version: 5.4.11 - CYREN Inc.) HiddenBonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)CameraHelperMsi (Version: 13.31.1038.0 - Logitech) HiddenCashbook Complete (HKLM\...\Cashbook Complete) (Version: - )CCScore (Version: 7.00.0000.0001 - EASTMAN KODAK Company) HiddenConnect (Version: 1.0.0.1 - Adobe Systems Incorporated) HiddenD3DX10 (Version: 15.4.2368.0902 - Microsoft) HiddenDHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)Dropbox (HKCU\...\Dropbox) (Version: 2.11.29 - Dropbox, Inc.)EasyRotator Wizard (HKLM\...\com.dwuser.erwizard.EasyRotatorWizard) (Version: 1.0.124 - Magnetic Marketing Corp)EasyRotator Wizard (Version: 1.0.124 - Magnetic Marketing Corp) HiddeneM Client (HKLM\...\{8A33684C-A2EF-4A49-A4A9-BD6EF80EC12A}) (Version: 6.0.21040.0 - eM Client Inc.)erLT (Version: 1.20.138.34 - Logitech, Inc.) HiddenESSBrwr (Version: 7.00.0000.0003 - EASTMAN KODAK Company) HiddenESSCDBK (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenESScore (Version: 7.00.0000.0008 - EASTMAN KODAK Company) HiddenESSgui (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenESSini (Version: 7.00.0000.0003 - EASTMAN KODAK Company) HiddenESSPCD (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) HiddenESSSONIC (Version: 6.4.0000.0001 - EASTMAN KODAK Company) HiddenESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hiddenessvatgt (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hiddene-tax 2013 (HKLM\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.7.491 - Australian Taxation Office)e-tax 2014 (HKLM\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.10.788 - Australian Taxation Office)Fences 2 (HKLM\...\Fences 22.01) (Version: 2.01 - Stardock Corporation)fflink (Version: 6.02.1001.0001 - EASTMAN KODAK Company) HiddenFileZilla Client 3.9.0.5 (HKLM\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)Fotosizer 2.08 (HKLM\...\Fotosizer) (Version: 2.08.0.545 - Fotosizer.com)GanttProject (HKLM\...\GanttProject) (Version: - )GIMP 2.6.12-2 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.12 - The GIMP Team)Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)Google Drive (HKLM\...\{56D4499E-AC3E-4B8D-91C9-C700C148C44B}) (Version: 1.13.5782.599 - Google, Inc.)Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (Version: 1.3.22.3 - Google Inc.) HiddenHP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)Internode Monthly Usage Meter 8.2a (HKLM\...\Internode Monthly Usage Meter_is1) (Version: - )iolo technologies' System Mechanic Professional (HKLM\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 14.0.1 - iolo technologies, LLC)iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)kgcbase (Version: 5.03.0000.0004 - EASTMAN KODAK Company) HiddenKobo (HKLM\...\Kobo) (Version: 3.0.4 - Kobo Inc.)Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)Korean Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5670-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)kuler (Version: 2.0 - Adobe Systems Incorporated) HiddenLogitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)Lyrics Plugin for Windows Media Player (HKLM\...\{43002AE2-4093-49E0-A03D-990EE184C568}) (Version: 0.4 - Lyrics Plugin)Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)MariusSoft Bulk Image Resizer (HKLM\...\{DE563E12-A92C-4547-A3E4-D93D744164D7}) (Version: 1.0.0 - MariusSoft LLC)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)MSVCRT (Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)netbrdg (Version: 7.00.0000.0003 - EASTMAN KODAK Company) HiddenOfotoXMI (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenOpera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)OverDrive Media Console (HKLM\...\{D647F06F-2908-487E-9CDA-DE52148CBF49}) (Version: 3.2.10 - OverDrive, Inc.)PASSAGE 3 (English version) (HKLM\...\P3E) (Version: - )Password Generator (remove only) (HKCU\...\Password Generator) (Version: - WinCatalog.com)PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) HiddenPhotoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) HiddenPixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) HiddenProject Viewer 2010 SP1 (HKLM\...\{E0993C3B-5CCB-4160-A9CE-86604DAC20BE}) (Version: 17.3.0 - Viewer Central)PSPad editor (HKLM\...\PSPad editor_is1) (Version: - Jan Fiala)QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)SFR (Version: 7.00.0000.0004 - Eastman Kodak Company) HiddenSHASTA (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hiddenskin0001 (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenSKINXSDK (Version: 7.00.0000.0001 - EASTMAN KODAK Company) HiddenSnap.Do (HKLM\...\{F33C8209-E8E0-49C8-8D7E-363CD346C801}) (Version: 11.117.1.19710 - ReSoft Ltd.) <==== ATTENTIONstaticcr (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenSuite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) HiddenSystem Mechanic 14 Professional (Version: 14.0.1 - ) HiddenTeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)tooltips (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenUpdate for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update Manager for SweetPacks 1.1 (HKLM\...\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}) (Version: 1.1.0008 - SweetIM Technologies Ltd.) <==== ATTENTIONVideora iPod Converter 6 (HKLM\...\Videora iPod Converter) (Version: 6 - Red Kawa)VPRINTOL (Version: 7.00.0000.0001 - EASTMAN KODAK Company) HiddenWD SmartWare (HKLM\...\{A6813E19-244A-476E-8AE5-A1176739EEE5}) (Version: 1.6.0.25 - Western Digital)Web Assistant 2.0.0.445 (HKLM\...\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1) (Version: - IB) <==== ATTENTIONWindows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)WIRELESS (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenWOW Slider (HKLM\...\WOW Slider_is1) (Version: - )XAMPP 1.7.7 (HKLM\...\xampp) (Version: - )Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )Yahoo!7 Messenger (HKLM\...\Yahoo!7 Messenger) (Version: - Yahoo! Inc.)YouTube Downloader App 3.00 (HKLM\...\YouTube Downloader App) (Version: 3.00 - Regensoft) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{20C62CA0-15DA-101B-B9A8-444553540000}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{20C62CAB-15DA-101B-B9A8-444553540000}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\delegate_execute.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6FBA474B-43AC-11CE-9A0E-00AA0062BB4C}\InprocServer32 -> C:\Windows\system32\sysinfo.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BB1AE0D0-634E-11CF-8996-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BB1AE0D1-634E-11CF-8996-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 21-10-2014 09:36:54 Windows Update24-10-2014 18:27:59 Windows Update25-10-2014 13:00:33 Windows Backup28-10-2014 19:29:04 Windows Update29-10-2014 13:20:15 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 21:23 - 2014-01-22 23:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbsTask: {21F2886D-9563-41E3-B8C5-95BDB221CDC5} - System32\Tasks\SDMsgUpdate (Local) => C:\Program Files\SmartDraw CI\Messages\SDNotify.exe [2012-08-14] ()Task: {3674A452-9074-4D18-87C3-FC55398DB483} - System32\Tasks\HP AR Program Upload - 9bcc7fd55bd04f98b9848c21cb4fee10f8d5d3240f3c44208ada20b20a7f0d85 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)Task: {386DF063-9C35-431D-8683-E9DAE84E9651} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files\SmartDraw CI\Messages\SDNotify.exe [2012-08-14] ()Task: {391BB1EF-867C-4839-9B8C-396910A5E44D} - System32\Tasks\HP AR Program Upload - 6f2b85e691014a32b2dbda37ff2ee6c4a392746e39ef41818d4e9e816a03fa2d => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)Task: {4340CFFD-14FB-4CE8-B7EC-49515E9964EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-26] (Adobe Systems Incorporated)Task: {46BCAA68-631E-4472-88AA-CD63784E78D4} - \BrowserSafeguard Update Task No Task File <==== ATTENTIONTask: {4BB46668-3F6B-409D-8DB3-94333546E251} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbsTask: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {745039D9-7BF1-41E3-97D2-5B60E330E2DB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exeTask: {75E37D6C-CBC4-493F-B1B7-483D95D6B643} - System32\Tasks\HP AR Program Upload - 6a1b909d73cf47668c635d1b70c737f0df200fce71c9499d8fe5fa4d11bad297 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)Task: {7C2A209A-4AFB-4724-B6CD-66C82A14B26D} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)Task: {9A8E8E42-C684-45C0-9DCD-FF01AAC4010E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)Task: {AAA198E8-4C59-41D6-A68D-0D6BCBB3FEB5} - System32\Tasks\iolo Process Governor => C:\Program Files\iolo\System Mechanic Professional\iologovernor.exe [2014-08-13] (iolo technologies, LLC)Task: {BF0BDD64-C447-4609-A36B-1B1CA457F183} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.)Task: {CD262629-5463-42A9-8239-3C2F3552F4DB} - System32\Tasks\HP AR Program Upload - af41b27368bd45959bdc19a601e84794810127de4b2249b3be3a20b59b9b1845 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)Task: {D0604AD8-A356-494A-B4B5-97352F740746} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)Task: {D099DA58-58F1-493F-ACC4-4A3D663E8A8B} - \Windows Update Check - 0x127402C5 No Task File <==== ATTENTIONTask: {D947123D-86E4-49CF-8F49-F98144E956F7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {F0AA8786-B93A-4845-B679-48E9B7228712} - System32\Tasks\eM Client Database Backup => C:\Program Files\eM Client\DbBackup.exe [2014-10-16] ()Task: {F1A343BC-AB6D-4640-A1C3-BBB4ACE7B2E9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exeTask: {F56D68F0-0162-4134-B52C-68906D1D09B3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exeTask: {FC9F2ABD-785C-4736-B580-7F629C05BDAE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core.job => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA.job => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\SDMsgUpdate (Local).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeTask: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2014-09-07 03:44 - 2014-09-07 03:44 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll2014-05-25 03:41 - 2014-05-25 03:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll2014-05-25 03:41 - 2014-05-25 03:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll2012-04-21 15:00 - 2009-11-16 21:31 - 00069632 _____ () C:\Program Files\PSPad editor\PSPadShell.dll2014-10-16 12:03 - 2014-10-16 12:03 - 00021504 _____ () C:\Program Files\eM Client\MailClient.Mapi.dll2014-10-16 12:03 - 2014-10-16 12:03 - 00145408 _____ () C:\Program Files\eM Client\MailClient.Mail.dll2012-04-26 12:45 - 2001-07-26 16:17 - 00692224 _____ () C:\Program Files\Internode\libeay32.dll2012-04-26 12:45 - 2001-07-26 16:18 - 00151552 _____ () C:\Program Files\Internode\ssleay32.dll2013-12-03 00:29 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll2013-12-03 00:28 - 2012-05-25 04:25 - 00078336 _____ () C:\Program Files\Yahoo!\Messenger\pcre.dll2014-10-30 00:29 - 2014-10-22 15:04 - 01042760 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll2014-10-30 00:29 - 2014-10-22 15:04 - 00211272 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll2014-10-30 00:29 - 2014-10-22 15:04 - 08910664 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll2014-10-30 00:29 - 2014-10-22 15:04 - 01681224 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMP => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMPSE => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMP => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMPSE => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCT_SKMScan => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseamps => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsedsps => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseqrts => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: vseamps => 2MSCONFIG\Services: vsedsps => 2MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-3679276584-3606042885-2229931398-500 - Administrator - Disabled)Graham (S-1-5-21-3679276584-3606042885-2229931398-1007 - Administrator - Enabled) => C:\Users\GrahamGuest (S-1-5-21-3679276584-3606042885-2229931398-501 - Limited - Enabled)HomeGroupUser$ (S-1-5-21-3679276584-3606042885-2229931398-1005 - Limited - Enabled)JUDY (S-1-5-21-3679276584-3606042885-2229931398-1000 - Administrator - Enabled) => C:\Users\JUDYPublic (S-1-5-21-3679276584-3606042885-2229931398-1006 - Limited - Enabled)removevirus (S-1-5-21-3679276584-3606042885-2229931398-1003 - Administrator - Enabled) => C:\Users\removevirus ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (10/30/2014 00:15:11 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/29/2014 00:24:18 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (10/29/2014 00:22:20 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (10/28/2014 07:05:01 PM) (Source: MsiInstaller) (EventID: 11723) (User: JUDY-PC)Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor. Action InstallationFailed, entry: InstallationFailed, library: C:\Windows\Installer\MSI57F5.tmp Error: (10/28/2014 07:05:00 PM) (Source: MsiInstaller) (EventID: 11723) (User: JUDY-PC)Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor. Action InstallationComplete, entry: InstallationComplete, library: C:\Windows\Installer\MSI53EF.tmp Error: (10/28/2014 02:53:16 PM) (Source: SignInAssistant) (EventID: 0) (User: )Description: StartService failed with hr = 0x80070422 Error: (10/28/2014 02:53:16 PM) (Source: SignInAssistant) (EventID: 0) (User: )Description: StartService failed with hr = 0x80070422 Error: (10/26/2014 02:58:48 PM) (Source: Chrome) (EventID: 1) (User: JUDY-PC)Description: Chrome has encountered a fatal error.ver=38.0.2125.104;lang=;guid=37CEA14469C349329A55BE0554D0AFA8;is_machine=0;oop=1;upload=1;minidump=C:\Users\JUDY\AppData\Local\Google\CrashReports\082d3734-7d83-457e-9dca-cb00ce7db10a.dmp Error: (10/26/2014 00:40:41 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (10/26/2014 00:37:34 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis. System errors:=============Error: (10/30/2014 01:34:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: %%1058 Error: (10/30/2014 01:34:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: %%1058 Error: (10/30/2014 01:33:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: %%1058 Error: (10/30/2014 01:30:33 AM) (Source: NetBT) (EventID: 4319) (User: )Description: A duplicate name has been detected on the TCP network. The IP address ofthe computer that sent the message is in the data. Use nbtstat -n in acommand window to see which name is in the Conflict state. Error: (10/30/2014 01:10:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: %%1058 Error: (10/30/2014 01:03:35 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: %%1058 Error: (10/30/2014 01:02:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: %%1058 Error: (10/30/2014 01:00:40 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: %%1058 Error: (10/30/2014 00:59:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: %%1058 Error: (10/30/2014 00:59:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: %%1058 Microsoft Office Sessions:=========================Error: (02/20/2013 10:50:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 58 seconds with 0 seconds of active time. This session ended with a crash. Error: (02/20/2013 10:32:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 884 seconds with 480 seconds of active time. This session ended with a crash. Error: (09/20/2012 11:39:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2836 seconds with 1380 seconds of active time. This session ended with a crash. CodeIntegrity Errors:=================================== Date: 2013-04-11 12:50:08.371 Description: Code Integrity is unable to verify the image integrity of the file \Device\CdRom0\HitmanPro.exe because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:08:27.523 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:08:27.507 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:08:27.507 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:08:27.492 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:08:27.492 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:04:49.404 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:04:49.404 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:04:49.388 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:04:49.388 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E7200 @ 2.53GHzPercentage of memory in use: 61%Total physical RAM: 3326.18 MBAvailable physical RAM: 1295.14 MBTotal Pagefile: 6650.64 MBAvailable Pagefile: 3997.95 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1897.73 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.01 GB) (Free:63.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 166E37A8)Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End Of Log ============================ TDSSKiller.3.0.0.41_30.10.2014_01.50.23_log.txt Link to post Share on other sites More sharing options...
tasnan49 Posted October 30, 2014 Author ID:899072 Share Posted October 30, 2014 an update -was able to get Malwarebytes to enable real time protection, all of a sudden the Fix Now button worked. Just not sure if I'm safe to allow pc to reboot Link to post Share on other sites More sharing options...
LiquidTension Posted October 30, 2014 ID:899318 Share Posted October 30, 2014 Please rerun FRST. Ensure you place a checkmark next to Addition.txt. Click Scan. This time, please post FRST.txt and Addition.txt. Thank you. Link to post Share on other sites More sharing options...
tasnan49 Posted October 31, 2014 Author ID:899878 Share Posted October 31, 2014 thanks Adam. by mistake I attempted to boot to safe mode and run FRST but of course that didn't work and was not what you meant. So computer booted back on, very slow again so that I thought I was back to a black screen again, but eventually it opened though without Windows Explorer working. I have now done what you asked, right clicked FRST and ran as administrator, checked Addition.txt and here are the logs. Many thanks for your help, it is very appreciated. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2014 01Ran by JUDY (administrator) on JUDY-PC on 31-10-2014 04:09:37Running from C:\Users\JUDY\Dropbox\DesktopLoaded Profile: JUDY (Available profiles: JUDY & removevirus & Graham)Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: "https://www.google.com.au/webhp?" CHR Profile: C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-04]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]CHR Extension: (Web Developer) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2012-04-20]CHR Extension: (ColorZilla) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2012-11-17]CHR Extension: (YouTube) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-20]CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2012-04-20]CHR Extension: (QR Code Generator) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cicimfkkbejhggfjaabggafffgdnjgjp [2012-08-29]CHR Extension: (Google Search) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-20]CHR Extension: (20-20 3D Viewer for Virtual Studio) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbhljkhbideandpbhpinhedfgdhkpdc [2014-01-11]CHR Extension: (Lorem Ipsum Generator) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpfoncmmihgkooacnplecaopcefceam [2012-08-29]CHR Extension: (Google Earth The Instant Way) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpifhlbldgbpgcgpcmiakanpghoddbme [2012-05-12]CHR Extension: (The QR Code Generator) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2012-08-29]CHR Extension: (Hola Better Internet) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-09-01]CHR Extension: (Pin It Button) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-10-24]CHR Extension: (New Tab Redirect) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2014-08-14]CHR Extension: (ManageWP) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfehlfmidmihiohmobbfnbpgkckijbjj [2012-08-06]CHR Extension: (HTML5 Web Development IDE) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kheidghjolippfddjfloeinafjkcgcic [2012-11-17]CHR Extension: (Google Maps) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2012-05-12]CHR Extension: (Google Wallet) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]CHR Extension: (SEO for Chrome) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2012-04-20]CHR Extension: (Gmail) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-20]CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JUDY\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-04]CHR StartMenuInternet: Google Chrome - C:\Users\JUDY\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)S4 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)S4 vToolbarUpdater11.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-10] ()S2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1150368 2012-04-24] (Western Digital )S4 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [247704 2012-04-11] (Western Digital)S4 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [185856 2012-05-24] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.)S3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.)R3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [22176 2012-01-18] (Logitech Inc.)R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-12-03] (EldoS Corporation)R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-10-01] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-31] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [28256 2014-08-13] (EldoS Corporation)R1 SCT_SKMScan; C:\Windows\System32\DRIVERS\sct_skmscan.sys [33096 2012-10-12] (Sophos Limited)S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-01-15] ()S0 bdgw; System32\drivers\gjavkl.sys [X]S3 catchme; \??\C:\Users\JUDY\AppData\Local\Temp\catchme.sys [X]S1 FileDisk; No ImagePathS0 kdcmo; System32\drivers\ejrh.sys [X]S3 massfilter_hs; \??\C:\Windows\system32\drivers\massfilter_hs.sys [X]S0 tqqe; System32\drivers\hpue.sys [X]S3 zghsdiag; system32\DRIVERS\zghsdiag.sys [X]S3 zghsmdm; system32\DRIVERS\zghsmdm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-30 19:11 - 2010-11-20 23:21 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll2014-10-30 11:11 - 2014-10-31 04:09 - 00000000 ____D () C:\FRST2014-10-30 01:46 - 2014-10-30 01:46 - 00000097 _____ () C:\Users\JUDY\Desktop\FRST.txt2014-10-30 00:55 - 2014-10-30 00:56 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\JUDY\Desktop\tdsskiller.exe2014-10-30 00:54 - 2014-10-30 01:46 - 00044517 _____ () C:\Users\JUDY\Desktop\Addition.txt2014-10-30 00:49 - 2014-10-30 00:49 - 01105408 _____ (Farbar) C:\Users\JUDY\Desktop\FRST.exe2014-10-29 19:19 - 2014-10-29 19:24 - 00000000 ____D () C:\.Trash-9992014-10-28 19:02 - 2014-10-28 19:02 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Mahjong Games2014-10-28 19:01 - 2014-10-28 19:01 - 00225504 _____ () C:\Users\JUDY\Downloads\FreeMahjongGamesSetup-N8mdJBEcO.exe2014-10-28 14:53 - 2014-10-28 14:53 - 00000000 ____D () C:\Users\JUDY\AppData\Local\{A323528A-2121-4BB8-B742-20C0B4681180}2014-10-27 13:05 - 2014-10-27 13:05 - 00056376 _____ () C:\Users\JUDY\.recently-used.xbel2014-10-26 15:24 - 2014-10-26 15:26 - 25491968 _____ () C:\Users\JUDY\Desktop\Steamfest 2014 - Exhibits & Stall Holders (Mick Smith's conflicted copy 2014-03-05).xls2014-10-21 15:17 - 2014-10-21 15:17 - 00000000 ____D () C:\Users\JUDY\Documents\Red Kawa2014-10-21 15:17 - 2014-10-21 15:17 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Red Kawa2014-10-21 13:33 - 2014-10-21 13:33 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Regensoft2014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\Users\JUDY\Documents\Regensoft2014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.52014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Regensoft2014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.52014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\Program Files\Regensoft2014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\Program Files\AviSynth 2.52014-10-21 13:27 - 2014-10-21 13:27 - 00002156 _____ () C:\Users\Public\Desktop\Videora iPod Converter.lnk2014-10-21 13:27 - 2014-10-21 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Kawa2014-10-21 13:27 - 2014-10-21 13:27 - 00000000 ____D () C:\Program Files\Red Kawa2014-10-16 07:50 - 2014-10-16 07:50 - 01054912 _____ (Adobe) C:\Users\JUDY\Desktop\install_flashplayer15x32au_ltr5x32d_awc_aih.exe2014-10-15 18:27 - 2014-06-27 12:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll2014-10-15 17:51 - 2014-09-18 12:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-10-15 17:51 - 2014-06-25 12:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-10-15 17:51 - 2014-06-24 13:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2014-10-15 17:50 - 2014-09-25 12:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2014-10-15 17:50 - 2014-09-05 12:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-10-15 17:50 - 2014-08-01 22:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL2014-10-15 17:50 - 2014-07-09 12:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL2014-10-15 17:50 - 2014-07-09 09:30 - 00419992 _____ () C:\Windows\system32\locale.nls2014-10-15 17:49 - 2014-09-10 08:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-10-15 17:35 - 2014-09-29 11:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-10-15 17:32 - 2014-09-04 16:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-10-15 17:31 - 2014-07-17 12:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-10-15 17:31 - 2014-07-17 12:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-10-15 17:31 - 2014-07-17 12:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-10-15 17:31 - 2014-07-17 12:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-10-15 17:31 - 2014-07-17 12:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-10-15 17:31 - 2014-07-17 12:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-10-15 17:30 - 2014-07-17 12:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-10-15 17:30 - 2014-07-17 12:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2014-10-15 17:29 - 2014-10-07 13:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-10-15 17:29 - 2014-09-26 09:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-15 17:29 - 2014-09-26 09:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-15 17:29 - 2014-09-26 09:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-15 17:29 - 2014-09-26 09:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-15 17:29 - 2014-09-26 09:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-15 17:29 - 2014-09-19 12:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-15 17:29 - 2014-09-19 12:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-15 17:29 - 2014-09-19 12:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-15 17:29 - 2014-09-19 12:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-10-15 17:29 - 2014-09-19 12:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-15 17:29 - 2014-09-19 12:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-10-15 17:29 - 2014-09-19 12:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-10-15 17:29 - 2014-09-19 11:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-10-15 17:29 - 2014-09-19 11:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-15 17:29 - 2014-09-19 11:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-15 17:29 - 2014-09-19 11:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-10-15 17:29 - 2014-09-19 11:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-15 17:29 - 2014-09-19 11:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-15 17:29 - 2014-09-19 11:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-10-15 17:29 - 2014-09-19 11:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-10-15 17:29 - 2014-09-19 11:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-10-15 17:29 - 2014-09-19 11:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-10-15 17:29 - 2014-09-19 11:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-10-15 17:29 - 2014-09-19 11:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-10-15 17:29 - 2014-09-19 11:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-15 17:29 - 2014-09-19 11:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-10-15 17:29 - 2014-09-19 10:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-15 17:29 - 2014-09-19 10:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-15 17:29 - 2014-09-19 10:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-10-15 17:29 - 2014-06-19 09:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-15 17:29 - 2014-06-19 09:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-15 17:29 - 2014-06-19 09:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-15 17:28 - 2014-09-13 12:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-10-15 17:28 - 2014-08-29 12:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll2014-10-15 17:27 - 2014-07-07 12:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll2014-10-15 17:27 - 2014-07-07 12:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll2014-10-15 17:27 - 2014-07-07 12:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll2014-10-15 17:27 - 2014-07-07 12:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe2014-10-15 17:27 - 2014-07-07 12:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-10-15 17:27 - 2014-07-07 12:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys2014-10-15 17:27 - 2014-06-28 11:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe2014-10-15 17:27 - 2014-06-28 11:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe2014-10-15 17:27 - 2014-06-28 11:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll2014-10-15 17:26 - 2014-08-19 13:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll2014-10-15 17:26 - 2014-08-19 13:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll2014-10-15 17:26 - 2014-08-19 13:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll2014-10-15 17:26 - 2014-08-19 13:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe2014-10-15 17:26 - 2014-08-19 13:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe2014-10-15 17:26 - 2014-08-19 12:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys2014-10-15 17:26 - 2014-07-07 12:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2014-10-15 17:26 - 2014-07-07 12:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx2014-10-15 17:26 - 2014-07-07 12:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll2014-10-15 17:26 - 2014-07-07 12:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL2014-10-15 17:26 - 2014-07-07 12:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe2014-10-15 17:26 - 2014-07-07 12:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe2014-10-15 17:26 - 2014-07-07 12:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe2014-10-15 17:26 - 2014-07-07 12:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll2014-10-14 18:30 - 2014-10-14 18:30 - 00474271 _____ () C:\Users\JUDY\Desktop\Dimensions.xlsx2014-10-13 13:25 - 2014-10-30 00:15 - 00000408 _____ () C:\Windows\system32\iolo.ini2014-10-13 13:10 - 2014-10-13 13:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-10-10 09:02 - 2014-10-10 09:02 - 00007435 _____ () C:\Users\JUDY\Desktop\2014-June.txt.gz2014-10-09 20:33 - 2014-10-09 20:33 - 00000000 ____D () C:\Users\JUDY\Desktop\2014+TasTourismAwards+Finalist+Logos2014-10-09 13:35 - 2014-10-09 13:35 - 00000064 _____ () C:\Users\JUDY\Desktop\Steamfest call tracker.laccdb2014-10-07 14:44 - 2014-10-07 14:44 - 00000000 ____D () C:\Users\JUDY\NZBDriveCache2014-10-07 14:37 - 2014-10-07 14:37 - 00000000 ____D () C:\Users\JUDY\AppData\Local\ByteFountain2014-10-07 14:35 - 2014-10-07 15:00 - 00000000 ____D () C:\Program Files\NZBDrive2014-10-07 14:35 - 2014-01-08 23:34 - 00051712 _____ () C:\Windows\system32\dokanx.dll2014-10-07 14:27 - 2014-10-07 14:28 - 05194104 _____ (ByteFountain ) C:\Users\JUDY\Desktop\nzbdrive-setup-1.1.1-win.exe2014-10-06 16:42 - 2014-10-06 16:43 - 00000000 ____D () C:\Users\JUDY\Desktop\TOSHIBA ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-31 04:04 - 2012-06-11 00:49 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\eM Client2014-10-31 03:30 - 2014-07-07 23:07 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-10-31 03:28 - 2012-04-20 22:25 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA.job2014-10-31 03:00 - 2012-04-20 20:36 - 01623055 _____ () C:\Windows\WindowsUpdate.log2014-10-31 01:39 - 2012-12-20 11:11 - 00000000 ____D () C:\Users\JUDY\Documents\eM Client2014-10-30 21:07 - 2012-04-20 20:29 - 00010080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-10-30 21:07 - 2012-04-20 20:29 - 00010080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-10-30 21:04 - 2012-04-20 20:43 - 00786474 _____ () C:\Windows\system32\PerfStringBackup.INI2014-10-30 21:01 - 2013-12-08 22:31 - 00000478 _____ () C:\Windows\Tasks\SDMsgUpdate (Local).job2014-10-30 21:01 - 2013-12-08 22:31 - 00000470 _____ () C:\Windows\Tasks\SDMsgUpdate (TE).job2014-10-30 21:00 - 2014-09-27 22:25 - 00046738 _____ () C:\Windows\setupact.log2014-10-30 21:00 - 2014-09-16 13:42 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics2014-10-30 21:00 - 2009-07-14 15:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-10-30 20:59 - 2012-04-20 20:33 - 02521000 _____ () C:\Windows\PFRO.log2014-10-30 12:34 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\system32\LogFiles2014-10-30 12:16 - 2013-07-04 01:39 - 00000000 ____D () C:\Program Files\etax20132014-10-30 11:15 - 2012-05-09 17:30 - 00000000 ___RD () C:\Users\JUDY\Dropbox2014-10-30 09:11 - 2012-04-21 14:19 - 00000000 ____D () C:\Users\JUDY\Documents\WEB DESIGN TOOLS2014-10-30 07:52 - 2014-07-10 11:11 - 00000000 ____D () C:\Users\Graham2014-10-30 07:52 - 2013-03-26 21:57 - 00000000 ____D () C:\Users\removevirus2014-10-30 07:52 - 2012-04-21 15:00 - 00000000 ____D () C:\Program Files\PSPad editor2014-10-30 07:52 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\system32\wfp2014-10-30 07:52 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\registration2014-10-30 07:21 - 2013-10-24 09:54 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-10-30 07:21 - 2012-05-09 16:35 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Dropbox2014-10-30 05:28 - 2012-04-20 22:25 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core.job2014-10-30 03:24 - 2012-05-20 01:17 - 00000000 ____D () C:\Users\JUDY\AppData\Local\Western_Digital2014-10-30 00:15 - 2012-04-20 23:18 - 00000392 _____ () C:\Windows\system32\iolo.ini.txt2014-10-30 00:14 - 2012-04-20 20:30 - 00000000 ____D () C:\Users\JUDY2014-10-29 09:32 - 2012-04-21 14:45 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\FileZilla2014-10-27 18:39 - 2012-04-21 15:44 - 00000000 ____D () C:\Windows\system32\config\SM Registry Backup2014-10-27 13:06 - 2014-09-17 18:04 - 00000000 ____D () C:\Users\JUDY\.gimp-2.62014-10-26 22:21 - 2012-04-22 19:52 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\gtk-2.02014-10-24 17:19 - 2012-04-21 13:45 - 00000000 ____D () C:\Users\JUDY\Documents\Cashbook Data2014-10-24 17:19 - 2012-04-21 13:44 - 00000000 ____D () C:\ProgramData\Cashbook Complete2014-10-23 11:57 - 2014-07-13 19:34 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-tax 20142014-10-23 11:57 - 2014-07-13 19:34 - 00000000 ____D () C:\Program Files\etax20142014-10-23 09:03 - 2013-07-08 18:15 - 00016896 ___SH () C:\Users\JUDY\Thumbs.db2014-10-21 16:07 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\PLA2014-10-17 10:04 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\Microsoft.NET2014-10-17 09:56 - 2012-06-11 00:48 - 00000924 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk2014-10-17 09:56 - 2012-06-11 00:48 - 00000000 ____D () C:\Program Files\eM Client2014-10-15 20:20 - 2009-07-14 15:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2014-10-15 20:08 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\rescache2014-10-15 19:26 - 2014-07-07 22:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-10-15 19:26 - 2009-07-14 15:33 - 02355440 _____ () C:\Windows\system32\FNTCACHE.DAT2014-10-15 18:32 - 2012-04-21 21:43 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-10-15 18:23 - 2013-08-15 04:06 - 00000000 ____D () C:\Windows\system32\MRT2014-10-15 18:08 - 2012-04-22 10:17 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-10-15 14:22 - 2012-09-03 12:47 - 00000000 ____D () C:\Users\JUDY\Documents\My Kindle Content2014-10-14 08:54 - 2014-07-07 22:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-10-13 13:10 - 2012-04-20 22:22 - 00000000 ____D () C:\Program Files\Common Files\Adobe2014-10-13 13:10 - 2012-04-20 22:22 - 00000000 ____D () C:\Program Files\Adobe2014-10-13 09:22 - 2014-09-29 10:51 - 01802240 _____ () C:\Users\JUDY\Documents\RWCSHS.accdb2014-10-10 18:43 - 2013-02-23 13:54 - 00000000 ___SD () C:\Users\JUDY\Documents\My Data Sources2014-10-02 15:53 - 2012-04-20 21:13 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-10-01 11:11 - 2014-07-07 22:55 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-10-01 11:11 - 2014-07-07 22:55 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-10-01 11:11 - 2014-01-21 09:21 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys Some content of TEMP:====================C:\Users\JUDY\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0rktla.dllC:\Users\JUDY\AppData\Local\temp\FreeMahjong.exeC:\Users\JUDY\AppData\Local\temp\setup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 00:12 ==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-10-2014 01Ran by JUDY at 2014-10-31 04:10:36Running from C:\Users\JUDY\Dropbox\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) HiddenAdobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)Adobe Creative Suite 4 Master Collection (HKLM\...\Adobe_7e74552a59eaf9fafd13f90894ac9bd) (Version: 4.0 - Adobe Systems Incorporated)Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon)Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)AUSkey software 1.4.4 (HKLM\...\{24D37B30-83B4-46A7-A691-30F2FCEAE58E}) (Version: 1.4.4 - ABR)AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)CameraHelperMsi (Version: 13.31.1038.0 - Logitech) HiddenCashbook Complete (HKLM\...\Cashbook Complete) (Version: - )CCScore (Version: 7.00.0000.0001 - EASTMAN KODAK Company) HiddenConnect (Version: 1.0.0.1 - Adobe Systems Incorporated) HiddenD3DX10 (Version: 15.4.2368.0902 - Microsoft) HiddenDHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)Dropbox (HKCU\...\Dropbox) (Version: 2.11.30 - Dropbox, Inc.)EasyRotator Wizard (HKLM\...\com.dwuser.erwizard.EasyRotatorWizard) (Version: 1.0.124 - Magnetic Marketing Corp)EasyRotator Wizard (Version: 1.0.124 - Magnetic Marketing Corp) HiddeneM Client (HKLM\...\{8A33684C-A2EF-4A49-A4A9-BD6EF80EC12A}) (Version: 6.0.21040.0 - eM Client Inc.)erLT (Version: 1.20.138.34 - Logitech, Inc.) HiddenESSBrwr (Version: 7.00.0000.0003 - EASTMAN KODAK Company) HiddenESSCDBK (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenESScore (Version: 7.00.0000.0008 - EASTMAN KODAK Company) HiddenESSgui (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenESSini (Version: 7.00.0000.0003 - EASTMAN KODAK Company) HiddenESSPCD (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) HiddenESSSONIC (Version: 6.4.0000.0001 - EASTMAN KODAK Company) HiddenESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hiddenessvatgt (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hiddene-tax 2014 (HKLM\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.10.788 - Australian Taxation Office)Fences 2 (HKLM\...\Fences 22.01) (Version: 2.01 - Stardock Corporation)fflink (Version: 6.02.1001.0001 - EASTMAN KODAK Company) HiddenFileZilla Client 3.9.0.5 (HKLM\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)Fotosizer 2.08 (HKLM\...\Fotosizer) (Version: 2.08.0.545 - Fotosizer.com)GanttProject (HKLM\...\GanttProject) (Version: - )GIMP 2.6.12-2 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.12 - The GIMP Team)Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)Google Drive (HKLM\...\{56D4499E-AC3E-4B8D-91C9-C700C148C44B}) (Version: 1.13.5782.599 - Google, Inc.)Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (Version: 1.3.22.3 - Google Inc.) HiddenHP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)Internode Monthly Usage Meter 8.2a (HKLM\...\Internode Monthly Usage Meter_is1) (Version: - )iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)kgcbase (Version: 5.03.0000.0004 - EASTMAN KODAK Company) HiddenKobo (HKLM\...\Kobo) (Version: 3.0.4 - Kobo Inc.)Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)Korean Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5670-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)kuler (Version: 2.0 - Adobe Systems Incorporated) HiddenLogitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)Lyrics Plugin for Windows Media Player (HKLM\...\{43002AE2-4093-49E0-A03D-990EE184C568}) (Version: 0.4 - Lyrics Plugin)Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)MariusSoft Bulk Image Resizer (HKLM\...\{DE563E12-A92C-4547-A3E4-D93D744164D7}) (Version: 1.0.0 - MariusSoft LLC)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)MSVCRT (Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)netbrdg (Version: 7.00.0000.0003 - EASTMAN KODAK Company) HiddenOfotoXMI (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenOpera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)OverDrive Media Console (HKLM\...\{D647F06F-2908-487E-9CDA-DE52148CBF49}) (Version: 3.2.10 - OverDrive, Inc.)PASSAGE 3 (English version) (HKLM\...\P3E) (Version: - )Password Generator (remove only) (HKCU\...\Password Generator) (Version: - WinCatalog.com)PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) HiddenPhotoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) HiddenPixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) HiddenProject Viewer 2010 SP1 (HKLM\...\{E0993C3B-5CCB-4160-A9CE-86604DAC20BE}) (Version: 17.3.0 - Viewer Central)PSPad editor (HKLM\...\PSPad editor_is1) (Version: - Jan Fiala)QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)SFR (Version: 7.00.0000.0004 - Eastman Kodak Company) HiddenSHASTA (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hiddenskin0001 (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenSKINXSDK (Version: 7.00.0000.0001 - EASTMAN KODAK Company) HiddenSnap.Do (HKLM\...\{F33C8209-E8E0-49C8-8D7E-363CD346C801}) (Version: 11.117.1.19710 - ReSoft Ltd.) <==== ATTENTIONstaticcr (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenSuite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) HiddenTeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)tooltips (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenUpdate for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update Manager for SweetPacks 1.1 (HKLM\...\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}) (Version: 1.1.0008 - SweetIM Technologies Ltd.) <==== ATTENTIONVideora iPod Converter 6 (HKLM\...\Videora iPod Converter) (Version: 6 - Red Kawa)VPRINTOL (Version: 7.00.0000.0001 - EASTMAN KODAK Company) HiddenWD SmartWare (HKLM\...\{A6813E19-244A-476E-8AE5-A1176739EEE5}) (Version: 1.6.0.25 - Western Digital)Web Assistant 2.0.0.445 (HKLM\...\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1) (Version: - IB) <==== ATTENTIONWindows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)WIRELESS (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenWOW Slider (HKLM\...\WOW Slider_is1) (Version: - )XAMPP 1.7.7 (HKLM\...\xampp) (Version: - )Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )Yahoo!7 Messenger (HKLM\...\Yahoo!7 Messenger) (Version: - Yahoo! Inc.)YouTube Downloader App 3.00 (HKLM\...\YouTube Downloader App) (Version: 3.00 - Regensoft) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{20C62CA0-15DA-101B-B9A8-444553540000}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{20C62CAB-15DA-101B-B9A8-444553540000}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\delegate_execute.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6FBA474B-43AC-11CE-9A0E-00AA0062BB4C}\InprocServer32 -> C:\Windows\system32\sysinfo.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BB1AE0D0-634E-11CF-8996-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BB1AE0D1-634E-11CF-8996-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 25-10-2014 13:00:33 Windows Backup28-10-2014 19:29:04 Windows Update29-10-2014 13:20:15 Windows Update30-10-2014 01:15:53 Removed e-tax 2013 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 21:23 - 2014-01-22 23:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbsTask: {21F2886D-9563-41E3-B8C5-95BDB221CDC5} - System32\Tasks\SDMsgUpdate (Local) => C:\Program Files\SmartDraw CI\Messages\SDNotify.exe [2012-08-14] ()Task: {3674A452-9074-4D18-87C3-FC55398DB483} - System32\Tasks\HP AR Program Upload - 9bcc7fd55bd04f98b9848c21cb4fee10f8d5d3240f3c44208ada20b20a7f0d85 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)Task: {386DF063-9C35-431D-8683-E9DAE84E9651} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files\SmartDraw CI\Messages\SDNotify.exe [2012-08-14] ()Task: {391BB1EF-867C-4839-9B8C-396910A5E44D} - System32\Tasks\HP AR Program Upload - 6f2b85e691014a32b2dbda37ff2ee6c4a392746e39ef41818d4e9e816a03fa2d => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)Task: {4340CFFD-14FB-4CE8-B7EC-49515E9964EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-26] (Adobe Systems Incorporated)Task: {46BCAA68-631E-4472-88AA-CD63784E78D4} - \BrowserSafeguard Update Task No Task File <==== ATTENTIONTask: {4BB46668-3F6B-409D-8DB3-94333546E251} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbsTask: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {745039D9-7BF1-41E3-97D2-5B60E330E2DB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exeTask: {75E37D6C-CBC4-493F-B1B7-483D95D6B643} - System32\Tasks\HP AR Program Upload - 6a1b909d73cf47668c635d1b70c737f0df200fce71c9499d8fe5fa4d11bad297 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)Task: {7C2A209A-4AFB-4724-B6CD-66C82A14B26D} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)Task: {9A8E8E42-C684-45C0-9DCD-FF01AAC4010E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)Task: {BF0BDD64-C447-4609-A36B-1B1CA457F183} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.)Task: {CD262629-5463-42A9-8239-3C2F3552F4DB} - System32\Tasks\HP AR Program Upload - af41b27368bd45959bdc19a601e84794810127de4b2249b3be3a20b59b9b1845 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)Task: {D0604AD8-A356-494A-B4B5-97352F740746} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)Task: {D099DA58-58F1-493F-ACC4-4A3D663E8A8B} - \Windows Update Check - 0x127402C5 No Task File <==== ATTENTIONTask: {D947123D-86E4-49CF-8F49-F98144E956F7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {F0AA8786-B93A-4845-B679-48E9B7228712} - System32\Tasks\eM Client Database Backup => C:\Program Files\eM Client\DbBackup.exe [2014-10-16] ()Task: {F1A343BC-AB6D-4640-A1C3-BBB4ACE7B2E9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exeTask: {F56D68F0-0162-4134-B52C-68906D1D09B3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exeTask: {FC9F2ABD-785C-4736-B580-7F629C05BDAE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core.job => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA.job => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\SDMsgUpdate (Local).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeTask: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2012-04-26 12:45 - 2001-07-26 16:17 - 00692224 _____ () C:\Program Files\Internode\libeay32.dll2012-04-26 12:45 - 2001-07-26 16:18 - 00151552 _____ () C:\Program Files\Internode\ssleay32.dll2013-12-03 00:29 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll2013-12-03 00:28 - 2012-05-25 04:25 - 00078336 _____ () C:\Program Files\Yahoo!\Messenger\pcre.dll2014-09-07 03:44 - 2014-09-07 03:44 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll2014-05-25 03:41 - 2014-05-25 03:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll2014-05-25 03:41 - 2014-05-25 03:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll2012-04-21 15:00 - 2009-11-16 21:31 - 00069632 _____ () C:\Program Files\PSPad editor\PSPadShell.dll2014-10-17 09:57 - 2014-10-17 09:57 - 00136704 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.1d52ed9e#\3f37d37edd2539fd887a895da68e0eac\MailClient.Collections.ni.dll2014-10-17 09:57 - 2014-10-17 09:57 - 00499200 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Mail\c1f4626383a767d539009789dba9e73f\MailClient.Mail.ni.dll2014-10-17 09:57 - 2014-10-17 09:57 - 00950272 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\HTMLEditorControl\31ea24af345a813b3aecf2ee3846c970\HTMLEditorControl.ni.dll2014-10-17 09:57 - 2014-10-17 09:57 - 00583168 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Common.UI\834d378b666a784c3cbe68d47a0bdc64\MailClient.Common.UI.ni.dll2014-10-17 09:57 - 2014-10-17 09:57 - 00022528 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Interop\47d8e07002c7f29138e38a4eaa8de94f\MailClient.Interop.ni.dll2014-10-15 19:09 - 2014-10-15 19:09 - 00552448 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\LinqBridge\e8c3058a15fb87741d77bb41bf9913ca\LinqBridge.ni.dll2014-01-23 18:15 - 2014-01-23 18:15 - 00642016 _____ () C:\Program Files\eM Client\SQLite\x86\sqlite3.dll2014-07-24 23:00 - 2014-07-24 23:00 - 00087040 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\SystemCoreTimeZone\69d647a1da7184e95bb8639749cb10c8\SystemCoreTimeZone.ni.dll2014-10-17 09:57 - 2014-10-17 09:57 - 00101376 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Sasl\3ef53be4826dcc6ba93ed5241cb18261\MailClient.Sasl.ni.dll2014-10-15 19:09 - 2014-10-15 19:09 - 00685056 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\HtmlInterop\051820fa18179a93ea4cf9088166e2e2\HtmlInterop.ni.dll2014-10-15 19:10 - 2014-10-15 19:10 - 01587712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsAPICodePack\9ea87e8059caa6e740a0e247602f0d4e\WindowsAPICodePack.ni.dll2014-10-17 09:57 - 2014-10-17 09:57 - 00257024 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Imap.Base\b72e005d3d4b43d3aaba2a2f51202524\MailClient.Imap.Base.ni.dll2014-10-30 00:29 - 2014-10-22 15:04 - 01042760 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll2014-10-30 00:29 - 2014-10-22 15:04 - 00211272 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll2014-10-30 00:29 - 2014-10-22 15:04 - 08910664 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll2014-10-30 00:29 - 2014-10-22 15:04 - 01681224 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll2014-09-26 10:01 - 2014-09-26 10:01 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCT_SKMScan => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: vseamps => 2MSCONFIG\Services: vsedsps => 2MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-3679276584-3606042885-2229931398-500 - Administrator - Disabled)Graham (S-1-5-21-3679276584-3606042885-2229931398-1007 - Administrator - Enabled) => C:\Users\GrahamGuest (S-1-5-21-3679276584-3606042885-2229931398-501 - Limited - Enabled)HomeGroupUser$ (S-1-5-21-3679276584-3606042885-2229931398-1005 - Limited - Enabled)JUDY (S-1-5-21-3679276584-3606042885-2229931398-1000 - Administrator - Enabled) => C:\Users\JUDYPublic (S-1-5-21-3679276584-3606042885-2229931398-1006 - Limited - Enabled)removevirus (S-1-5-21-3679276584-3606042885-2229931398-1003 - Administrator - Enabled) => C:\Users\removevirus ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (10/31/2014 04:04:32 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: f0c Start Time: 01cff42862ada414 Termination Time: 27 Application Path: C:\Windows\Explorer.EXE Report Id: b6a59877-601b-11e4-98e5-002170228c87 Error: (10/30/2014 09:01:32 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/30/2014 01:33:41 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (10/30/2014 01:32:27 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (10/30/2014 07:59:42 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (10/30/2014 07:56:23 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (10/30/2014 02:36:55 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (10/30/2014 00:15:11 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/29/2014 00:24:18 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (10/29/2014 00:22:20 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis. System errors:=============Error: (10/31/2014 04:09:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: %%1058 Error: (10/31/2014 04:08:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: %%1058 Error: (10/31/2014 04:08:56 AM) (Source: DCOM) (EventID: 10005) (User: )Description: 1068WDBackup{81213AB4-5937-4340-88CD-66B4BC80DF73} Error: (10/30/2014 09:33:17 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (10/30/2014 09:01:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (10/30/2014 09:00:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: bdgwFileDiskkdcmotqqe Error: (10/30/2014 09:00:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: %%1058 Error: (10/30/2014 00:31:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: %%1058 Error: (10/30/2014 00:12:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The iolo System Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/30/2014 10:41:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: %%1058 Microsoft Office Sessions:=========================Error: (02/20/2013 10:50:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 58 seconds with 0 seconds of active time. This session ended with a crash. Error: (02/20/2013 10:32:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 884 seconds with 480 seconds of active time. This session ended with a crash. Error: (09/20/2012 11:39:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2836 seconds with 1380 seconds of active time. This session ended with a crash. CodeIntegrity Errors:=================================== Date: 2013-04-11 12:50:08.371 Description: Code Integrity is unable to verify the image integrity of the file \Device\CdRom0\HitmanPro.exe because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:08:27.523 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:08:27.507 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:08:27.507 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:08:27.492 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:08:27.492 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:04:49.404 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:04:49.404 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:04:49.388 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:04:49.388 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E7200 @ 2.53GHzPercentage of memory in use: 52%Total physical RAM: 3326.18 MBAvailable physical RAM: 1588.02 MBTotal Pagefile: 6650.64 MBAvailable Pagefile: 4409.48 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1906.73 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.01 GB) (Free:63.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive e: (FLASH DRIVE) (Removable) (Total:7.19 GB) (Free:7.19 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 166E37A8)Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows XP) (Size: 7.2 GB) (Disk ID: C3072E18)Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0B) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
LiquidTension Posted October 31, 2014 ID:900145 Share Posted October 31, 2014 Hi Judy, by mistake I attempted to boot to safe mode and run FRST but of course that didn't workAre you unable to boot into Safe Mode? What happens? STEP 1 ComboFixNote: Please read through these instructions before running ComboFix. Please download ComboFix and save the file to your Desktop. << Important!Temporarily disable your anti-virus software. For instructions, please refer to the following link.Right-Click ComboFix.exe and select Run as administrator to run the programme.Follow the prompts. Allow ComboFix to complete it's removal routine (please refer to Important Notes:).Upon completion, a log (ComboFix.txt) will be created in the root directory (C:\). Copy the contents of the log and paste in your next reply.Re-enable your anti-virus software. Important Notes:Do NOT mouse click ComboFix's window whilst it is running. This may cause the programme to stall.Do NOT use your computer whilst ComboFix is running.Your Desktop/taskbar may disappear whilst ComboFix is running; this is normal. If you get the message Illegal operation attempted on registry key that has been marked for deletion please reboot your computer.ComboFix will disconnect your machine from the Internet as soon as it starts.Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.If you are unable to access the Internet after running ComboFix, please reboot your computer. STEP 2 Farbar Recovery Scan Tool (FRST) Scan(!) All profiles must be loaded before running FRST. Login normally to Judy, switch user (instructions) to removevirus, and switch user again to Graham. Then switch user back to Judy, and run FRST as instructed below. Right-Click FRST64.exe and select Run as administrator to run the programme.Click Yes to the disclaimer.Ensure the Addition.txt box is checked.Click the Scan button and let the programme run.Upon completion, click OK, then OK on the Addition.txt pop up screen.Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. ====================================================== STEP 3 LogsIn your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.ComboFix.txtFRST.txtAddition.txt Link to post Share on other sites More sharing options...
tasnan49 Posted November 3, 2014 Author ID:902119 Share Posted November 3, 2014 Hi Adam,. sorry about delay in replying, have had hectic 3 days with community event.To clarify, did not have a problem booting to safe mode, just misunderstood your instructions about running as admin, which was from desktop not safemode.ok here are the files you asked for. Note that ComboFix did an update first, then ran for maybe half an hour all up. It did not disconnect from internet(I had disabled antivirus) nor did any messages come up, it rebooted itself at the end then produced the logs. Logging in with my own profile still takes a while (the other 2 have no files, one was only so could log in on previous rootkill lockdown occasion) and Windows startup is still slow, like black screen there longer than it used to be. I do have quite a few startup programmes but have not added any lately and it was never this slow. All advice gratefully received and thanks again for your help Adam! First attempt to post the logs said it was too long so am separating files to see if it works - if it does will send Addition.txt separately ComboFix 14-10-29.01 - JUDY 04/11/2014 9:42.1.2 - x86Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.3326.2063 [GMT 11:00]Running from: c:\users\JUDY\Documents\INSTALLS TO KEEP\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\system32\AdobePDF.dllc:\windows\system32\drivers\etc\hosts.ics..((((((((((((((((((((((((( Files Created from 2014-10-03 to 2014-11-03 )))))))))))))))))))))))))))))))..2014-11-03 22:56 . 2014-11-03 22:56 -------- d-----w- c:\users\Public\AppData\Local\temp2014-11-03 22:56 . 2014-11-03 22:56 -------- d-----w- c:\users\Default\AppData\Local\temp2014-11-03 22:56 . 2014-11-03 22:56 -------- d-----w- c:\users\removevirus\AppData\Local\temp2014-11-03 22:56 . 2014-11-03 22:56 -------- d-----w- c:\users\Graham\AppData\Local\temp2014-11-03 03:51 . 2014-11-03 03:51 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2014-11-03 03:51 . 2014-11-03 03:51 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2014-11-02 17:52 . 2014-11-02 17:52 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97807FE2-CEEE-470F-9FE0-A1EF5AB42EB1}\offreg.dll2014-10-31 03:05 . 2014-10-14 20:13 8901368 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97807FE2-CEEE-470F-9FE0-A1EF5AB42EB1}\mpengine.dll2014-10-30 08:11 . 2010-11-20 12:21 376832 ----a-w- c:\windows\system32\rpcss.dll2014-10-30 00:11 . 2014-10-30 17:11 -------- d-----w- C:\FRST2014-10-29 23:04 . 2014-10-29 23:11 -------- d---a-w- C:\RescueCD Logs2014-10-29 08:19 . 2014-10-29 08:24 -------- d---a-w- C:\.Trash-9992014-10-21 04:17 . 2014-10-21 04:17 -------- d-----w- c:\users\JUDY\AppData\Roaming\Red Kawa2014-10-21 02:33 . 2014-10-21 02:33 -------- d-----w- c:\users\JUDY\AppData\Roaming\Regensoft2014-10-21 02:28 . 2014-10-21 02:28 -------- d-----w- c:\program files\Regensoft2014-10-21 02:28 . 2014-10-21 02:28 -------- d-----w- c:\program files\AviSynth 2.52014-10-21 02:27 . 2014-10-21 02:27 -------- d-----w- c:\program files\Red Kawa2014-10-15 07:27 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll2014-10-15 06:51 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\system32\msi.dll2014-10-15 06:51 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\system32\d3d10warp.dll2014-10-15 06:50 . 2014-08-01 11:35 793600 ----a-w- c:\windows\system32\TSWorkspace.dll2014-10-15 06:50 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\system32\mstscax.dll2014-10-15 06:50 . 2014-09-25 01:40 519680 ----a-w- c:\windows\system32\qdvd.dll2014-10-15 06:50 . 2014-07-09 01:29 6144 ----a-w- c:\windows\system32\KBDYAK.DLL2014-10-15 06:50 . 2014-07-09 01:29 6144 ----a-w- c:\windows\system32\KBDBASH.DLL2014-10-15 06:49 . 2014-09-09 21:47 2048 ----a-w- c:\windows\system32\tzres.dll2014-10-15 06:35 . 2014-09-29 00:41 2379264 ----a-w- c:\windows\system32\win32k.sys2014-10-15 06:32 . 2014-09-04 05:04 372736 ----a-w- c:\windows\system32\rastls.dll2014-10-15 06:31 . 2014-07-17 01:40 157696 ----a-w- c:\windows\system32\winsta.dll2014-10-15 06:31 . 2014-07-17 01:39 523264 ----a-w- c:\windows\system32\termsrv.dll2014-10-15 06:31 . 2014-07-17 01:39 130048 ----a-w- c:\windows\system32\rdpcorekmts.dll2014-10-15 06:31 . 2014-07-17 01:39 304128 ----a-w- c:\windows\system32\winlogon.exe2014-10-15 06:31 . 2014-07-17 01:39 65536 ----a-w- c:\windows\system32\TSpkg.dll2014-10-15 06:31 . 2014-07-17 01:03 184320 ----a-w- c:\windows\system32\drivers\rdpwd.sys2014-10-15 06:30 . 2014-07-17 01:39 17408 ----a-w- c:\windows\system32\credssp.dll2014-10-15 06:30 . 2014-07-17 01:02 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys2014-10-15 06:28 . 2014-08-29 01:44 2744320 ----a-w- c:\windows\system32\rdpcorets.dll2014-10-15 06:28 . 2014-09-13 01:40 67072 ----a-w- c:\windows\system32\packager.dll2014-10-15 06:26 . 2014-07-07 01:40 1005056 ----a-w- c:\windows\system32\cryptui.dll2014-10-07 03:44 . 2014-10-07 03:44 -------- d-----w- c:\users\JUDY\NZBDriveCache2014-10-07 03:37 . 2014-10-07 03:37 -------- d-----w- c:\users\JUDY\AppData\Local\ByteFountain2014-10-07 03:35 . 2014-01-08 12:34 51712 ----a-w- c:\windows\system32\dokanx.dll2014-10-07 03:35 . 2014-10-07 04:00 -------- d-----w- c:\program files\NZBDrive...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-11-03 22:08 . 2014-07-07 12:07 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-10-27 19:35 . 2012-04-20 10:13 229000 ------w- c:\windows\system32\MpSigStub.exe2014-10-01 00:11 . 2014-07-07 11:55 51928 ----a-w- c:\windows\system32\drivers\mwac.sys2014-10-01 00:11 . 2014-07-07 11:55 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-10-01 00:11 . 2014-01-20 22:21 23256 ----a-w- c:\windows\system32\drivers\mbam.sys2014-08-23 01:46 . 2014-08-28 08:11 305152 ----a-w- c:\windows\system32\gdi32.dll2014-08-12 13:57 . 2014-01-20 10:55 41616 ----a-w- c:\windows\system32\iolobtdfg.exe2014-08-12 13:57 . 2014-01-20 10:55 23568 ----a-w- c:\windows\system32\smrgdf.exe2014-08-12 13:38 . 2014-08-30 01:48 28256 ----a-w- c:\windows\system32\drivers\rawdsk3.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]2012-07-10 04:21 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 21:08 131480 ----a-w- c:\users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 21:08 131480 ----a-w- c:\users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 21:08 131480 ----a-w- c:\users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 21:08 131480 ----a-w- c:\users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 21:08 131480 ----a-w- c:\users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 21:08 131480 ----a-w- c:\users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 21:08 131480 ----a-w- c:\users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 21:08 131480 ----a-w- c:\users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2013-12-06 04:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-12-06 04:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-12-06 04:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2013-12-06 04:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2013-12-06 04:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2013-12-06 04:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"InternodeUsage"="c:\progra~1\INTERN~2\mum.exe" [2011-02-19 1361408]"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-16 1837672]"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-24 6595928]"eM Client"="c:\program files\eM Client\MailClient.exe" [2014-10-16 15558952].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Fences"="c:\program files\Stardock\Fences\Fences.exe" [2012-10-29 4017368]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-08-01 152392].c:\users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\JUDY\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-1 39183280]Fences.lnk - c:\program files\Stardock\Fences\Fences.exe /startup [2012-10-30 4017368]Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN33BB3G7505KD;CONNECTION=NW;MONITOR=1; [2009-7-14 44544].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"HideSCAHealth"= 1 (0x1).[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"TaskbarNoNotification"= 1 (0x1).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2012-10-29 478936].[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ ???.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]2014-07-31 02:15 43816 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2014-08-01 06:18 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe.R0 bdgw;bdgw;c:\windows\System32\drivers\gjavkl.sys [x]R0 kdcmo;kdcmo;c:\windows\System32\drivers\ejrh.sys [x]R0 tqqe;tqqe;c:\windows\System32\drivers\hpue.sys [x]R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-01 968504]R2 WDBackup;WD Backup;c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-04-23 1150368]R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 28256]R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 28256]R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2014-03-19 65232]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-09-19 108032]R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-03 114904]R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-10-01 51928]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2014-01-15 13464]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-21 1343400]R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys [x]R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [x]R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-14 284016]R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-19 176128]R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-01 1871160]R4 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-17 450848]R4 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-10 935008]R4 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [2012-04-11 247704]R4 WDRulesService;WD Rules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-04-11 1177496]R4 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-24 185856]S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2013-12-02 26248]S1 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys [2014-08-12 28256]S1 SCT_SKMScan;SCT_SKMScan;c:\windows\system32\DRIVERS\sct_skmscan.sys [2012-10-12 33096]S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-10-01 75480]S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-07-02 5037888]S3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2012-01-17 22176]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-10-01 23256]S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]..Contents of the 'Scheduled Tasks' folder.2014-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-03 03:51].2014-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-27 05:55].2014-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-27 05:55].2014-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core.job- c:\users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20 11:25].2014-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA.job- c:\users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20 11:25].2014-11-03 c:\windows\Tasks\SDMsgUpdate (Local).job- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2013-12-08 15:18].2014-11-03 c:\windows\Tasks\SDMsgUpdate (TE).job- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2013-12-08 15:18]..------- Supplementary Scan -------.uStart Page = "https://www.google.com.au/webhp?" CHR Profile: C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-04]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]CHR Extension: (Web Developer) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2012-04-20]CHR Extension: (ColorZilla) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2012-11-17]CHR Extension: (YouTube) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-20]CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2012-04-20]CHR Extension: (QR Code Generator) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cicimfkkbejhggfjaabggafffgdnjgjp [2012-08-29]CHR Extension: (Google Search) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-20]CHR Extension: (20-20 3D Viewer for Virtual Studio) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbhljkhbideandpbhpinhedfgdhkpdc [2014-01-11]CHR Extension: (Lorem Ipsum Generator) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpfoncmmihgkooacnplecaopcefceam [2012-08-29]CHR Extension: (Google Earth The Instant Way) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpifhlbldgbpgcgpcmiakanpghoddbme [2012-05-12]CHR Extension: (The QR Code Generator) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2012-08-29]CHR Extension: (Hola Better Internet) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-09-01]CHR Extension: (Pin It Button) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-10-24]CHR Extension: (New Tab Redirect) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2014-08-14]CHR Extension: (ManageWP) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfehlfmidmihiohmobbfnbpgkckijbjj [2012-08-06]CHR Extension: (HTML5 Web Development IDE) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kheidghjolippfddjfloeinafjkcgcic [2012-11-17]CHR Extension: (Google Maps) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2012-05-12]CHR Extension: (Google Wallet) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]CHR Extension: (SEO for Chrome) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2012-04-20]CHR Extension: (Gmail) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-20]CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JUDY\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-04]CHR StartMenuInternet: Google Chrome - C:\Users\JUDY\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)S4 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)S4 vToolbarUpdater11.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-10] ()S2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1150368 2012-04-24] (Western Digital )S4 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [247704 2012-04-11] (Western Digital)S4 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [185856 2012-05-24] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.)S3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.)R3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [22176 2012-01-18] (Logitech Inc.)R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-12-03] (EldoS Corporation)R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-10-01] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-04] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [28256 2014-08-13] (EldoS Corporation)R1 SCT_SKMScan; C:\Windows\System32\DRIVERS\sct_skmscan.sys [33096 2012-10-12] (Sophos Limited)S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-01-15] ()S0 bdgw; System32\drivers\gjavkl.sys [X]S3 catchme; \??\C:\Users\JUDY\AppData\Local\Temp\catchme.sys [X]S1 FileDisk; No ImagePathS0 kdcmo; System32\drivers\ejrh.sys [X]S3 massfilter_hs; \??\C:\Windows\system32\drivers\massfilter_hs.sys [X]S0 tqqe; System32\drivers\hpue.sys [X]S3 zghsdiag; system32\DRIVERS\zghsdiag.sys [X]S3 zghsmdm; system32\DRIVERS\zghsmdm.sys [X]U3 mbr; \??\C:\Users\JUDY\AppData\Local\Temp\mbr.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-04 10:14 - 2014-11-04 10:14 - 00000000 ____D () C:\Users\removevirus\AppData\Local\Google2014-11-04 10:07 - 2014-11-04 10:07 - 00019827 _____ () C:\ComboFix.txt2014-11-04 09:19 - 2014-11-04 09:19 - 05591672 _____ (Swearware) C:\Users\JUDY\Desktop\ComboFix.exe2014-11-03 16:00 - 2014-11-03 16:00 - 00038528 _____ () C:\Users\JUDY\.recently-used.xbel2014-11-03 14:51 - 2014-11-04 09:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-11-03 14:51 - 2014-11-03 14:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2014-11-03 14:51 - 2014-11-03 14:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2014-10-30 19:11 - 2010-11-20 23:21 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll2014-10-30 11:11 - 2014-11-04 10:17 - 00000000 ____D () C:\FRST2014-10-30 01:46 - 2014-10-30 01:46 - 00000097 _____ () C:\Users\JUDY\Desktop\FRST.txt2014-10-30 00:55 - 2014-10-30 00:56 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\JUDY\Desktop\tdsskiller.exe2014-10-30 00:54 - 2014-10-30 01:46 - 00044517 _____ () C:\Users\JUDY\Desktop\Addition.txt2014-10-30 00:49 - 2014-10-30 00:49 - 01105408 _____ (Farbar) C:\Users\JUDY\Desktop\FRST.exe2014-10-29 19:19 - 2014-10-29 19:24 - 00000000 ____D () C:\.Trash-9992014-10-28 19:02 - 2014-10-28 19:02 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Mahjong Games2014-10-28 14:53 - 2014-10-28 14:53 - 00000000 ____D () C:\Users\JUDY\AppData\Local\{A323528A-2121-4BB8-B742-20C0B4681180}2014-10-26 15:24 - 2014-10-26 15:26 - 25491968 _____ () C:\Users\JUDY\Desktop\Steamfest 2014 - Exhibits & Stall Holders (Mick Smith's conflicted copy 2014-03-05).xls2014-10-21 15:17 - 2014-10-21 15:17 - 00000000 ____D () C:\Users\JUDY\Documents\Red Kawa2014-10-21 15:17 - 2014-10-21 15:17 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Red Kawa2014-10-21 13:33 - 2014-10-21 13:33 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Regensoft2014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\Users\JUDY\Documents\Regensoft2014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.52014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Regensoft2014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.52014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\Program Files\Regensoft2014-10-21 13:28 - 2014-10-21 13:28 - 00000000 ____D () C:\Program Files\AviSynth 2.52014-10-21 13:27 - 2014-10-21 13:27 - 00002156 _____ () C:\Users\Public\Desktop\Videora iPod Converter.lnk2014-10-21 13:27 - 2014-10-21 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Kawa2014-10-21 13:27 - 2014-10-21 13:27 - 00000000 ____D () C:\Program Files\Red Kawa2014-10-16 07:50 - 2014-10-16 07:50 - 01054912 _____ (Adobe) C:\Users\JUDY\Desktop\install_flashplayer15x32au_ltr5x32d_awc_aih.exe2014-10-15 18:27 - 2014-06-27 12:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll2014-10-15 17:51 - 2014-09-18 12:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-10-15 17:51 - 2014-06-25 12:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-10-15 17:51 - 2014-06-24 13:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2014-10-15 17:50 - 2014-09-25 12:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2014-10-15 17:50 - 2014-09-05 12:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-10-15 17:50 - 2014-08-01 22:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL2014-10-15 17:50 - 2014-07-09 12:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL2014-10-15 17:50 - 2014-07-09 09:30 - 00419992 _____ () C:\Windows\system32\locale.nls2014-10-15 17:49 - 2014-09-10 08:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-10-15 17:35 - 2014-09-29 11:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-10-15 17:32 - 2014-09-04 16:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-10-15 17:31 - 2014-07-17 12:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-10-15 17:31 - 2014-07-17 12:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-10-15 17:31 - 2014-07-17 12:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-10-15 17:31 - 2014-07-17 12:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-10-15 17:31 - 2014-07-17 12:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-10-15 17:31 - 2014-07-17 12:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-10-15 17:30 - 2014-07-17 12:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-10-15 17:30 - 2014-07-17 12:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2014-10-15 17:29 - 2014-10-07 13:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-10-15 17:29 - 2014-09-26 09:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-15 17:29 - 2014-09-26 09:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-15 17:29 - 2014-09-26 09:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-15 17:29 - 2014-09-26 09:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-15 17:29 - 2014-09-26 09:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-15 17:29 - 2014-09-19 12:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-15 17:29 - 2014-09-19 12:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-15 17:29 - 2014-09-19 12:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-15 17:29 - 2014-09-19 12:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-10-15 17:29 - 2014-09-19 12:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-15 17:29 - 2014-09-19 12:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-10-15 17:29 - 2014-09-19 12:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-10-15 17:29 - 2014-09-19 11:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-10-15 17:29 - 2014-09-19 11:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-15 17:29 - 2014-09-19 11:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-15 17:29 - 2014-09-19 11:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-10-15 17:29 - 2014-09-19 11:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-15 17:29 - 2014-09-19 11:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-15 17:29 - 2014-09-19 11:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-10-15 17:29 - 2014-09-19 11:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-10-15 17:29 - 2014-09-19 11:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-10-15 17:29 - 2014-09-19 11:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-10-15 17:29 - 2014-09-19 11:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-10-15 17:29 - 2014-09-19 11:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-10-15 17:29 - 2014-09-19 11:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-15 17:29 - 2014-09-19 11:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-10-15 17:29 - 2014-09-19 10:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-15 17:29 - 2014-09-19 10:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-15 17:29 - 2014-09-19 10:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-10-15 17:29 - 2014-06-19 09:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-15 17:29 - 2014-06-19 09:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-15 17:29 - 2014-06-19 09:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-15 17:28 - 2014-09-13 12:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-10-15 17:28 - 2014-08-29 12:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll2014-10-15 17:27 - 2014-07-07 12:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll2014-10-15 17:27 - 2014-07-07 12:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll2014-10-15 17:27 - 2014-07-07 12:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll2014-10-15 17:27 - 2014-07-07 12:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe2014-10-15 17:27 - 2014-07-07 12:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-10-15 17:27 - 2014-07-07 12:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys2014-10-15 17:27 - 2014-06-28 11:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe2014-10-15 17:27 - 2014-06-28 11:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe2014-10-15 17:27 - 2014-06-28 11:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll2014-10-15 17:26 - 2014-08-19 13:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll2014-10-15 17:26 - 2014-08-19 13:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll2014-10-15 17:26 - 2014-08-19 13:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll2014-10-15 17:26 - 2014-08-19 13:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe2014-10-15 17:26 - 2014-08-19 13:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe2014-10-15 17:26 - 2014-08-19 12:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys2014-10-15 17:26 - 2014-07-07 12:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2014-10-15 17:26 - 2014-07-07 12:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx2014-10-15 17:26 - 2014-07-07 12:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll2014-10-15 17:26 - 2014-07-07 12:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL2014-10-15 17:26 - 2014-07-07 12:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe2014-10-15 17:26 - 2014-07-07 12:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe2014-10-15 17:26 - 2014-07-07 12:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe2014-10-15 17:26 - 2014-07-07 12:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll2014-10-14 18:30 - 2014-10-14 18:30 - 00474271 _____ () C:\Users\JUDY\Desktop\Dimensions.xlsx2014-10-13 13:25 - 2014-10-30 00:15 - 00000408 _____ () C:\Windows\system32\iolo.ini2014-10-13 13:10 - 2014-10-13 13:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-10-10 09:02 - 2014-10-10 09:02 - 00007435 _____ () C:\Users\JUDY\Desktop\2014-June.txt.gz2014-10-09 20:33 - 2014-10-09 20:33 - 00000000 ____D () C:\Users\JUDY\Desktop\2014+TasTourismAwards+Finalist+Logos2014-10-09 13:35 - 2014-10-09 13:35 - 00000064 _____ () C:\Users\JUDY\Desktop\Steamfest call tracker.laccdb2014-10-07 14:44 - 2014-10-07 14:44 - 00000000 ____D () C:\Users\JUDY\NZBDriveCache2014-10-07 14:37 - 2014-10-07 14:37 - 00000000 ____D () C:\Users\JUDY\AppData\Local\ByteFountain2014-10-07 14:35 - 2014-10-07 15:00 - 00000000 ____D () C:\Program Files\NZBDrive2014-10-07 14:35 - 2014-01-08 23:34 - 00051712 _____ () C:\Windows\system32\dokanx.dll2014-10-07 14:27 - 2014-10-07 14:28 - 05194104 _____ (ByteFountain ) C:\Users\JUDY\Desktop\nzbdrive-setup-1.1.1-win.exe2014-10-06 16:42 - 2014-10-06 16:43 - 00000000 ____D () C:\Users\JUDY\Desktop\TOSHIBA ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-04 10:15 - 2014-07-07 23:07 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-11-04 10:15 - 2013-12-08 22:31 - 00000478 _____ () C:\Windows\Tasks\SDMsgUpdate (Local).job2014-11-04 10:15 - 2013-12-08 22:31 - 00000470 _____ () C:\Windows\Tasks\SDMsgUpdate (TE).job2014-11-04 10:15 - 2013-03-26 21:58 - 00116576 _____ () C:\Users\removevirus\AppData\Local\GDIPFONTCACHEV1.DAT2014-11-04 10:15 - 2009-07-14 15:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2014-11-04 10:07 - 2014-01-22 22:44 - 00000000 ____D () C:\Qoobox2014-11-04 10:07 - 2012-04-20 20:29 - 00010080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-11-04 10:07 - 2012-04-20 20:29 - 00010080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-11-04 10:03 - 2012-04-20 20:43 - 00786474 _____ () C:\Windows\system32\PerfStringBackup.INI2014-11-04 10:03 - 2012-04-20 20:36 - 01739343 _____ () C:\Windows\WindowsUpdate.log2014-11-04 10:01 - 2012-06-11 00:49 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\eM Client2014-11-04 09:58 - 2009-07-14 13:04 - 00000215 _____ () C:\Windows\system.ini2014-11-04 09:57 - 2014-09-27 22:25 - 00058224 _____ () C:\Windows\setupact.log2014-11-04 09:57 - 2012-04-20 20:33 - 02522422 _____ () C:\Windows\PFRO.log2014-11-04 09:57 - 2009-07-14 15:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-11-04 09:56 - 2014-01-22 22:43 - 00000000 ____D () C:\Windows\erdnt2014-11-04 09:37 - 2012-04-21 13:59 - 00000000 ____D () C:\Users\JUDY\Documents\INSTALLS TO KEEP2014-11-04 09:28 - 2012-04-20 22:25 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA.job2014-11-04 05:28 - 2012-04-20 22:25 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core.job2014-11-04 01:40 - 2012-12-20 11:11 - 00000000 ____D () C:\Users\JUDY\Documents\eM Client2014-11-03 20:14 - 2014-09-29 10:51 - 01802240 _____ () C:\Users\JUDY\Documents\RWCSHS.accdb2014-11-03 16:03 - 2014-09-17 18:04 - 00000000 ____D () C:\Users\JUDY\.gimp-2.62014-11-03 16:00 - 2012-04-20 20:30 - 00000000 ____D () C:\Users\JUDY2014-11-03 14:59 - 2012-04-20 22:50 - 00000000 ____D () C:\Users\JUDY\AppData\Local\Adobe2014-11-02 22:44 - 2012-05-09 17:30 - 00000000 ___RD () C:\Users\JUDY\Dropbox2014-11-02 22:44 - 2012-05-09 16:35 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Dropbox2014-11-01 05:20 - 2013-10-24 09:54 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-10-30 12:34 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\system32\LogFiles2014-10-30 12:16 - 2013-07-04 01:39 - 00000000 ____D () C:\Program Files\etax20132014-10-30 09:11 - 2012-04-21 14:19 - 00000000 ____D () C:\Users\JUDY\Documents\WEB DESIGN TOOLS2014-10-30 07:52 - 2014-07-10 11:11 - 00000000 ____D () C:\Users\Graham2014-10-30 07:52 - 2013-03-26 21:57 - 00000000 ____D () C:\Users\removevirus2014-10-30 07:52 - 2012-04-21 15:00 - 00000000 ____D () C:\Program Files\PSPad editor2014-10-30 07:52 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\system32\wfp2014-10-30 07:52 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\registration2014-10-30 03:24 - 2012-05-20 01:17 - 00000000 ____D () C:\Users\JUDY\AppData\Local\Western_Digital2014-10-30 00:15 - 2012-04-20 23:18 - 00000392 _____ () C:\Windows\system32\iolo.ini.txt2014-10-29 09:32 - 2012-04-21 14:45 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\FileZilla2014-10-28 06:35 - 2012-04-20 21:13 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-10-27 18:39 - 2012-04-21 15:44 - 00000000 ____D () C:\Windows\system32\config\SM Registry Backup2014-10-26 22:21 - 2012-04-22 19:52 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\gtk-2.02014-10-24 17:19 - 2012-04-21 13:45 - 00000000 ____D () C:\Users\JUDY\Documents\Cashbook Data2014-10-24 17:19 - 2012-04-21 13:44 - 00000000 ____D () C:\ProgramData\Cashbook Complete2014-10-23 11:57 - 2014-07-13 19:34 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-tax 20142014-10-23 11:57 - 2014-07-13 19:34 - 00000000 ____D () C:\Program Files\etax20142014-10-23 09:03 - 2013-07-08 18:15 - 00016896 ___SH () C:\Users\JUDY\Thumbs.db2014-10-21 16:07 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\PLA2014-10-17 10:04 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\Microsoft.NET2014-10-17 09:56 - 2012-06-11 00:48 - 00000924 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk2014-10-17 09:56 - 2012-06-11 00:48 - 00000000 ____D () C:\Program Files\eM Client2014-10-15 20:08 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\rescache2014-10-15 19:26 - 2014-07-07 22:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-10-15 19:26 - 2009-07-14 15:33 - 02355440 _____ () C:\Windows\system32\FNTCACHE.DAT2014-10-15 18:32 - 2012-04-21 21:43 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-10-15 18:23 - 2013-08-15 04:06 - 00000000 ____D () C:\Windows\system32\MRT2014-10-15 18:08 - 2012-04-22 10:17 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-10-15 14:22 - 2012-09-03 12:47 - 00000000 ____D () C:\Users\JUDY\Documents\My Kindle Content2014-10-14 08:54 - 2014-07-07 22:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-10-13 13:10 - 2012-04-20 22:22 - 00000000 ____D () C:\Program Files\Common Files\Adobe2014-10-13 13:10 - 2012-04-20 22:22 - 00000000 ____D () C:\Program Files\Adobe2014-10-10 18:43 - 2013-02-23 13:54 - 00000000 ___SD () C:\Users\JUDY\Documents\My Data Sources ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 00:12 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
tasnan49 Posted November 3, 2014 Author ID:902122 Share Posted November 3, 2014 Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2014Ran by JUDY at 2014-11-04 10:17:53Running from C:\Users\JUDY\Dropbox\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) HiddenAdobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)Adobe Creative Suite 4 Master Collection (HKLM\...\Adobe_7e74552a59eaf9fafd13f90894ac9bd) (Version: 4.0 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon)Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)AUSkey software 1.4.4 (HKLM\...\{24D37B30-83B4-46A7-A691-30F2FCEAE58E}) (Version: 1.4.4 - ABR)AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)CameraHelperMsi (Version: 13.31.1038.0 - Logitech) HiddenCashbook Complete (HKLM\...\Cashbook Complete) (Version: - )CCScore (Version: 7.00.0000.0001 - EASTMAN KODAK Company) HiddenConnect (Version: 1.0.0.1 - Adobe Systems Incorporated) HiddenD3DX10 (Version: 15.4.2368.0902 - Microsoft) HiddenDHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)Dropbox (HKCU\...\Dropbox) (Version: 2.11.33 - Dropbox, Inc.)EasyRotator Wizard (HKLM\...\com.dwuser.erwizard.EasyRotatorWizard) (Version: 1.0.124 - Magnetic Marketing Corp)EasyRotator Wizard (Version: 1.0.124 - Magnetic Marketing Corp) HiddeneM Client (HKLM\...\{8A33684C-A2EF-4A49-A4A9-BD6EF80EC12A}) (Version: 6.0.21040.0 - eM Client Inc.)erLT (Version: 1.20.138.34 - Logitech, Inc.) HiddenESSBrwr (Version: 7.00.0000.0003 - EASTMAN KODAK Company) HiddenESSCDBK (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenESScore (Version: 7.00.0000.0008 - EASTMAN KODAK Company) HiddenESSgui (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenESSini (Version: 7.00.0000.0003 - EASTMAN KODAK Company) HiddenESSPCD (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) HiddenESSSONIC (Version: 6.4.0000.0001 - EASTMAN KODAK Company) HiddenESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hiddenessvatgt (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hiddene-tax 2014 (HKLM\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.10.788 - Australian Taxation Office)Fences 2 (HKLM\...\Fences 22.01) (Version: 2.01 - Stardock Corporation)fflink (Version: 6.02.1001.0001 - EASTMAN KODAK Company) HiddenFileZilla Client 3.9.0.5 (HKLM\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)Fotosizer 2.08 (HKLM\...\Fotosizer) (Version: 2.08.0.545 - Fotosizer.com)GanttProject (HKLM\...\GanttProject) (Version: - )GIMP 2.6.12-2 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.12 - The GIMP Team)Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)Google Drive (HKLM\...\{56D4499E-AC3E-4B8D-91C9-C700C148C44B}) (Version: 1.13.5782.599 - Google, Inc.)Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (Version: 1.3.22.3 - Google Inc.) HiddenHP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)Internode Monthly Usage Meter 8.2a (HKLM\...\Internode Monthly Usage Meter_is1) (Version: - )iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)kgcbase (Version: 5.03.0000.0004 - EASTMAN KODAK Company) HiddenKobo (HKLM\...\Kobo) (Version: 3.0.4 - Kobo Inc.)Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)Korean Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5670-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)kuler (Version: 2.0 - Adobe Systems Incorporated) HiddenLogitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)Lyrics Plugin for Windows Media Player (HKLM\...\{43002AE2-4093-49E0-A03D-990EE184C568}) (Version: 0.4 - Lyrics Plugin)Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)MariusSoft Bulk Image Resizer (HKLM\...\{DE563E12-A92C-4547-A3E4-D93D744164D7}) (Version: 1.0.0 - MariusSoft LLC)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)MSVCRT (Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)netbrdg (Version: 7.00.0000.0003 - EASTMAN KODAK Company) HiddenOfotoXMI (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenOpera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)OverDrive Media Console (HKLM\...\{D647F06F-2908-487E-9CDA-DE52148CBF49}) (Version: 3.2.10 - OverDrive, Inc.)PASSAGE 3 (English version) (HKLM\...\P3E) (Version: - )Password Generator (remove only) (HKCU\...\Password Generator) (Version: - WinCatalog.com)PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) HiddenPhotoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) HiddenPixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) HiddenProject Viewer 2010 SP1 (HKLM\...\{E0993C3B-5CCB-4160-A9CE-86604DAC20BE}) (Version: 17.3.0 - Viewer Central)PSPad editor (HKLM\...\PSPad editor_is1) (Version: - Jan Fiala)QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)SFR (Version: 7.00.0000.0004 - Eastman Kodak Company) HiddenSHASTA (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hiddenskin0001 (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenSKINXSDK (Version: 7.00.0000.0001 - EASTMAN KODAK Company) HiddenSnap.Do (HKLM\...\{F33C8209-E8E0-49C8-8D7E-363CD346C801}) (Version: 11.117.1.19710 - ReSoft Ltd.) <==== ATTENTIONstaticcr (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenSuite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) HiddenTeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)tooltips (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenUpdate for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update Manager for SweetPacks 1.1 (HKLM\...\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}) (Version: 1.1.0008 - SweetIM Technologies Ltd.) <==== ATTENTIONVideora iPod Converter 6 (HKLM\...\Videora iPod Converter) (Version: 6 - Red Kawa)VPRINTOL (Version: 7.00.0000.0001 - EASTMAN KODAK Company) HiddenWD SmartWare (HKLM\...\{A6813E19-244A-476E-8AE5-A1176739EEE5}) (Version: 1.6.0.25 - Western Digital)Web Assistant 2.0.0.445 (HKLM\...\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1) (Version: - IB) <==== ATTENTIONWindows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)WIRELESS (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenWOW Slider (HKLM\...\WOW Slider_is1) (Version: - )XAMPP 1.7.7 (HKLM\...\xampp) (Version: - )Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )Yahoo!7 Messenger (HKLM\...\Yahoo!7 Messenger) (Version: - Yahoo! Inc.)YouTube Downloader App 3.00 (HKLM\...\YouTube Downloader App) (Version: 3.00 - Regensoft) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{20C62CA0-15DA-101B-B9A8-444553540000}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{20C62CAB-15DA-101B-B9A8-444553540000}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\delegate_execute.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6FBA474B-43AC-11CE-9A0E-00AA0062BB4C}\InprocServer32 -> C:\Windows\system32\sysinfo.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BB1AE0D0-634E-11CF-8996-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BB1AE0D1-634E-11CF-8996-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Chrome\Application\31.0.1650.57\delegate_execute.exe" No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File ==================== Restore Points ========================= 28-10-2014 19:29:04 Windows Update29-10-2014 13:20:15 Windows Update30-10-2014 01:15:53 Removed e-tax 201301-11-2014 20:19:35 Windows Backup03-11-2014 22:38:47 ComboFix created restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 21:23 - 2014-11-04 09:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbsTask: {21F2886D-9563-41E3-B8C5-95BDB221CDC5} - System32\Tasks\SDMsgUpdate (Local) => C:\Program Files\SmartDraw CI\Messages\SDNotify.exe [2012-08-14] ()Task: {3674A452-9074-4D18-87C3-FC55398DB483} - System32\Tasks\HP AR Program Upload - 9bcc7fd55bd04f98b9848c21cb4fee10f8d5d3240f3c44208ada20b20a7f0d85 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)Task: {386DF063-9C35-431D-8683-E9DAE84E9651} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files\SmartDraw CI\Messages\SDNotify.exe [2012-08-14] ()Task: {391BB1EF-867C-4839-9B8C-396910A5E44D} - System32\Tasks\HP AR Program Upload - 6f2b85e691014a32b2dbda37ff2ee6c4a392746e39ef41818d4e9e816a03fa2d => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)Task: {46BCAA68-631E-4472-88AA-CD63784E78D4} - \BrowserSafeguard Update Task No Task File <==== ATTENTIONTask: {4BB46668-3F6B-409D-8DB3-94333546E251} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbsTask: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {745039D9-7BF1-41E3-97D2-5B60E330E2DB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exeTask: {75E37D6C-CBC4-493F-B1B7-483D95D6B643} - System32\Tasks\HP AR Program Upload - 6a1b909d73cf47668c635d1b70c737f0df200fce71c9499d8fe5fa4d11bad297 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)Task: {7C2A209A-4AFB-4724-B6CD-66C82A14B26D} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)Task: {9A8E8E42-C684-45C0-9DCD-FF01AAC4010E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)Task: {BDF21EC8-095B-4549-A19E-81B537B27472} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-03] (Adobe Systems Incorporated)Task: {BF0BDD64-C447-4609-A36B-1B1CA457F183} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.)Task: {CD262629-5463-42A9-8239-3C2F3552F4DB} - System32\Tasks\HP AR Program Upload - af41b27368bd45959bdc19a601e84794810127de4b2249b3be3a20b59b9b1845 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)Task: {D0604AD8-A356-494A-B4B5-97352F740746} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)Task: {D099DA58-58F1-493F-ACC4-4A3D663E8A8B} - \Windows Update Check - 0x127402C5 No Task File <==== ATTENTIONTask: {D947123D-86E4-49CF-8F49-F98144E956F7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {F0AA8786-B93A-4845-B679-48E9B7228712} - System32\Tasks\eM Client Database Backup => C:\Program Files\eM Client\DbBackup.exe [2014-10-16] ()Task: {F1A343BC-AB6D-4640-A1C3-BBB4ACE7B2E9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exeTask: {F56D68F0-0162-4134-B52C-68906D1D09B3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exeTask: {FC9F2ABD-785C-4736-B580-7F629C05BDAE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core.job => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA.job => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\SDMsgUpdate (Local).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeTask: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2012-04-26 12:45 - 2001-07-26 16:17 - 00692224 _____ () C:\Program Files\Internode\libeay32.dll2012-04-26 12:45 - 2001-07-26 16:18 - 00151552 _____ () C:\Program Files\Internode\ssleay32.dll2013-12-03 00:29 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll2013-12-03 00:28 - 2012-05-25 04:25 - 00078336 _____ () C:\Program Files\Yahoo!\Messenger\pcre.dll2012-04-21 15:00 - 2009-11-16 21:31 - 00069632 _____ () C:\Program Files\PSPad editor\PSPadShell.dll2014-09-07 03:44 - 2014-09-07 03:44 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll2014-05-25 03:41 - 2014-05-25 03:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll2014-05-25 03:41 - 2014-05-25 03:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll2014-10-30 00:29 - 2014-10-22 15:04 - 01042760 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll2014-10-30 00:29 - 2014-10-22 15:04 - 00211272 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll2014-10-30 00:29 - 2014-10-22 15:04 - 08910664 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll2014-10-30 00:29 - 2014-10-22 15:04 - 01681224 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll2014-11-03 14:51 - 2014-11-03 14:51 - 16832176 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCT_SKMScan => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: vseamps => 2MSCONFIG\Services: vsedsps => 2MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-3679276584-3606042885-2229931398-500 - Administrator - Disabled)Graham (S-1-5-21-3679276584-3606042885-2229931398-1007 - Administrator - Enabled) => C:\Users\GrahamGuest (S-1-5-21-3679276584-3606042885-2229931398-501 - Limited - Enabled)HomeGroupUser$ (S-1-5-21-3679276584-3606042885-2229931398-1005 - Limited - Enabled)JUDY (S-1-5-21-3679276584-3606042885-2229931398-1000 - Administrator - Enabled) => C:\Users\JUDYPublic (S-1-5-21-3679276584-3606042885-2229931398-1006 - Limited - Enabled)removevirus (S-1-5-21-3679276584-3606042885-2229931398-1003 - Administrator - Enabled) => C:\Users\removevirus ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (11/04/2014 10:15:15 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7Faulting module name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7Exception code: 0xc0000005Fault offset: 0x00001ffdFaulting process id: 0xdc0Faulting application start time: 0xExplorer.EXE0Faulting application path: Explorer.EXE1Faulting module path: Explorer.EXE2Report Id: Explorer.EXE3 Error: (11/04/2014 10:14:18 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7Faulting module name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7Exception code: 0xc0000005Fault offset: 0x00001ffdFaulting process id: 0x880Faulting application start time: 0xExplorer.EXE0Faulting application path: Explorer.EXE1Faulting module path: Explorer.EXE2Report Id: Explorer.EXE3 Error: (11/04/2014 09:59:54 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7Faulting module name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7Exception code: 0xc0000005Fault offset: 0x00001ffdFaulting process id: 0xa44Faulting application start time: 0xExplorer.EXE0Faulting application path: Explorer.EXE1Faulting module path: Explorer.EXE2Report Id: Explorer.EXE3 Error: (11/04/2014 09:59:01 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/04/2014 09:42:20 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7Faulting module name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d6727a7Exception code: 0xc0000005Fault offset: 0x00001ffdFaulting process id: 0x640Faulting application start time: 0xExplorer.exe0Faulting application path: Explorer.exe1Faulting module path: Explorer.exe2Report Id: Explorer.exe3 Error: (11/04/2014 09:41:26 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: YahooMessenger.exe, version: 11.5.0.228, time stamp: 0x4fbf6b79Faulting module name: YahooMessenger.exe, version: 11.5.0.228, time stamp: 0x4fbf6b79Exception code: 0xc0000005Fault offset: 0x000fc5dcFaulting process id: 0x146cFaulting application start time: 0xYahooMessenger.exe0Faulting application path: YahooMessenger.exe1Faulting module path: YahooMessenger.exe2Report Id: YahooMessenger.exe3 Error: (11/04/2014 00:37:15 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (11/04/2014 00:35:59 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (11/02/2014 09:05:07 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/02/2014 10:47:27 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis. System errors:=============Error: (11/04/2014 10:11:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: %%1058 Error: (11/04/2014 10:08:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: %%1058 Error: (11/04/2014 10:08:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: %%1058 Error: (11/04/2014 10:08:53 AM) (Source: DCOM) (EventID: 10005) (User: )Description: 1068WDBackup{81213AB4-5937-4340-88CD-66B4BC80DF73} Error: (11/04/2014 10:05:40 AM) (Source: ipnathlp) (EventID: 31004) (User: )Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. Error: (11/04/2014 09:59:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (11/04/2014 09:58:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: bdgwFileDiskkdcmotqqe Error: (11/04/2014 09:57:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: %%1058 Error: (11/04/2014 09:57:54 AM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 9:55:47 AM on 11/4/2014 was unexpected. Error: (11/04/2014 09:49:59 AM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Microsoft Office Sessions:=========================Error: (02/20/2013 10:50:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 58 seconds with 0 seconds of active time. This session ended with a crash. Error: (02/20/2013 10:32:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 884 seconds with 480 seconds of active time. This session ended with a crash. Error: (09/20/2012 11:39:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2836 seconds with 1380 seconds of active time. This session ended with a crash. CodeIntegrity Errors:=================================== Date: 2013-04-11 12:50:08.371 Description: Code Integrity is unable to verify the image integrity of the file \Device\CdRom0\HitmanPro.exe because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:08:27.523 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:08:27.507 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:08:27.507 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:08:27.492 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:08:27.492 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:04:49.404 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:04:49.404 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:04:49.388 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:04:49.388 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E7200 @ 2.53GHzPercentage of memory in use: 53%Total physical RAM: 3326.18 MBAvailable physical RAM: 1537.88 MBTotal Pagefile: 6650.64 MBAvailable Pagefile: 4473.33 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1910.73 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.01 GB) (Free:63.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive e: (WD Unlocker) (CDROM) (Total:0.02 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 166E37A8)Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)Attempted reading MBR returned 0 bytes. Could not read MBR for disk 1. ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
LiquidTension Posted November 5, 2014 ID:902811 Share Posted November 5, 2014 Hi Judy, Did you install the following programmes?Videora iPod Converter 6 Yahoo! Software Update Yahoo! MessengerYouTube Downloader App 3.00 Farbar Recovery Scan Tool (FRST) Script(!) Ensure you load each profile just as you did before. All three must be loaded before running the script below. Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.Copy the entire contents of the codebox below and paste into the Notepad document.startHKU\S-1-5-21-3679276584-3606042885-2229931398-1000\...\Policies\Explorer: [TaskbarNoNotification] 1HKU\S-1-5-21-3679276584-3606042885-2229931398-1003\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?HKU\S-1-5-21-3679276584-3606042885-2229931398-1003\...A8F59079A8D5}\localserver32: <==== ATTENTION!BootExecute: ???HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-3679276584-3606042885-2229931398-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONSearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={F47EDF8B-78FC-425D-9E19-526F2E321E30}&mid=66cf0c85bd7747d09380d16836c66574-92cb9cadec2b0dbada8cf013e8ecaa8cc0a06a88〈=en&ds=tc011&pr=sa&d=2012-04-21 14:52:50&v=11.1.0.12&sap=dsp&q={searchTerms}BHO: No Name -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> No FileBHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No FileBHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()C:\Program Files\AVG Secure SearchToolbar: HKLM - No Name - {837CC356-411E-4654-B2A2-ECA1F037979F} - No FileToolbar: HKCU - No Name - {837CC356-411E-4654-B2A2-ECA1F037979F} - No FileHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No FileHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()C:\Program Files\Common Files\AVG Secure SearchFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xmlFF Extension: Yahoo! Toolbar - C:\Users\JUDY\AppData\Roaming\Mozilla\Firefox\Profiles\h8qyudtn.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-10-21]FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\11.1.0.12C:\ProgramData\AVG Secure SearchFF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\11.1.0.12 [2012-07-10]FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll (AVG Technologies)CHR Extension: (Hola Better Internet) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-09-01]S4 vToolbarUpdater11.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-10] ()2014-10-16 07:50 - 2014-10-16 07:50 - 01054912 _____ (Adobe) C:\Users\JUDY\Desktop\install_flashplayer15x32au_ltr5x32d_awc_aih.exeS0 bdgw; System32\drivers\gjavkl.sys [X]S1 FileDisk; No ImagePathS0 kdcmo; System32\drivers\ejrh.sys [X]S0 tqqe; System32\drivers\hpue.sys [X]Task: {46BCAA68-631E-4472-88AA-CD63784E78D4} - \BrowserSafeguard Update Task No Task File <==== ATTENTIONTask: {D099DA58-58F1-493F-ACC4-4A3D663E8A8B} - \Windows Update Check - 0x127402C5 No Task File <==== ATTENTIONCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Chrome\Application\31.0.1650.57\delegate_execute.exe" No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No FileFolder: C:\Users\JUDY\AppData\Local\{A323528A-2121-4BB8-B742-20C0B4681180}CMD: ipconfig /flushdnsendClick File, Save As and type fixlist.txt as the File Name. Important: The file must be saved in the same location as FRST.exe. NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.Right-Click FRST.exe and select Run as administrator to run the programme.Click Fix.A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply. Link to post Share on other sites More sharing options...
tasnan49 Posted November 5, 2014 Author ID:902822 Share Posted November 5, 2014 Hi Adam - re your question about installing programmes, I did instal them all but uninstalled Videora iPod Converter 6 before running this fix. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-11-2014Ran by JUDY at 2014-11-05 15:15:42 Run:2Running from C:\Users\JUDY\Dropbox\DesktopLoaded Profiles: JUDY & removevirus & Graham (Available profiles: JUDY & removevirus & Graham)Boot Mode: Normal ============================================== Content of fixlist:*****************startHKU\S-1-5-21-3679276584-3606042885-2229931398-1000\...\Policies\Explorer: [TaskbarNoNotification] 1HKU\S-1-5-21-3679276584-3606042885-2229931398-1003\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?HKU\S-1-5-21-3679276584-3606042885-2229931398-1003\...A8F59079A8D5}\localserver32: <==== ATTENTION!BootExecute: ???HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-3679276584-3606042885-2229931398-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONSearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={F47EDF8B-78FC-425D-9E19-526F2E321E30}&mid=66cf0c85bd7747d09380d16836c66574-92cb9cadec2b0dbada8cf013e8ecaa8cc0a06a88〈=en&ds=tc011&pr=sa&d=2012-04-21 14:52:50&v=11.1.0.12&sap=dsp&q={searchTerms} BHO: No Name -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> No FileBHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No FileBHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()C:\Program Files\AVG Secure SearchToolbar: HKLM - No Name - {837CC356-411E-4654-B2A2-ECA1F037979F} - No FileToolbar: HKCU - No Name - {837CC356-411E-4654-B2A2-ECA1F037979F} - No FileHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No FileHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()C:\Program Files\Common Files\AVG Secure SearchFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xmlFF Extension: Yahoo! Toolbar - C:\Users\JUDY\AppData\Roaming\Mozilla\Firefox\Profiles\h8qyudtn.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-10-21]FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\11.1.0.12C:\ProgramData\AVG Secure SearchFF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\11.1.0.12 [2012-07-10]FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll (AVG Technologies)CHR Extension: (Hola Better Internet) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-09-01]S4 vToolbarUpdater11.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-10] ()2014-10-16 07:50 - 2014-10-16 07:50 - 01054912 _____ (Adobe) C:\Users\JUDY\Desktop\install_flashplayer15x32au_ltr5x32d_awc_aih.exeS0 bdgw; System32\drivers\gjavkl.sys [X]S1 FileDisk; No ImagePathS0 kdcmo; System32\drivers\ejrh.sys [X]S0 tqqe; System32\drivers\hpue.sys [X]Task: {46BCAA68-631E-4472-88AA-CD63784E78D4} - \BrowserSafeguard Update Task No Task File <==== ATTENTIONTask: {D099DA58-58F1-493F-ACC4-4A3D663E8A8B} - \Windows Update Check - 0x127402C5 No Task File <==== ATTENTIONCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Chrome\Application\31.0.1650.57\delegate_execute.exe" No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\JUDY\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe" No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\removevirus\AppData\Local\Google\Update\1.3.22.3\psuser.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No FileFolder: C:\Users\JUDY\AppData\Local\{A323528A-2121-4BB8-B742-20C0B4681180}CMD: ipconfig /flushdnsend***************** HKU\S-1-5-21-3679276584-3606042885-2229931398-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value deleted successfully."HKU\S-1-5-21-3679276584-3606042885-2229931398-1003\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}" => Key deleted successfully."HKU\S-1-5-21-3679276584-3606042885-2229931398-1003\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found."HKU\S-1-5-21-3679276584-3606042885-2229931398-1003\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully."HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully."HKU\S-1-5-21-3679276584-3606042885-2229931398-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully."HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully."HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}" => Key deleted successfully."HKCR\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}" => Key not found."HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key deleted successfully."HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key not found."HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully."HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.C:\Program Files\AVG Secure Search => Moved successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{837CC356-411E-4654-B2A2-ECA1F037979F} => value deleted successfully."HKCR\CLSID\{837CC356-411E-4654-B2A2-ECA1F037979F}" => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{837CC356-411E-4654-B2A2-ECA1F037979F} => value deleted successfully."HKCR\CLSID\{837CC356-411E-4654-B2A2-ECA1F037979F}" => Key not found."HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully."HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key not found."HKCR\PROTOCOLS\Handler\viprotocol" => Key deleted successfully."HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}" => Key deleted successfully.C:\Program Files\Common Files\AVG Secure Search => Moved successfully.C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml => Moved successfully.C:\Users\JUDY\AppData\Roaming\Mozilla\Firefox\Profiles\h8qyudtn.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} => Moved successfully.HKLM\Software\Mozilla\Firefox\Extensions\\avg@toolbar => value deleted successfully.C:\ProgramData\AVG Secure Search => Moved successfully.C:\ProgramData\AVG Secure Search\11.1.0.12 => not found."HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key deleted successfully.C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll not found.C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio => Moved successfully.vToolbarUpdater11.2.0 => Service deleted successfully.C:\Users\JUDY\Desktop\install_flashplayer15x32au_ltr5x32d_awc_aih.exe => Moved successfully.bdgw => Service deleted successfully.FileDisk => Service deleted successfully.kdcmo => Service deleted successfully.tqqe => Service deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46BCAA68-631E-4472-88AA-CD63784E78D4}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46BCAA68-631E-4472-88AA-CD63784E78D4}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D099DA58-58F1-493F-ACC4-4A3D663E8A8B}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D099DA58-58F1-493F-ACC4-4A3D663E8A8B}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows Update Check - 0x127402C5" => Key deleted successfully."HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}" => Key deleted successfully."HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}" => Key deleted successfully."HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}" => Key deleted successfully."HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}" => Key deleted successfully."HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => Key deleted successfully."HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}" => Key deleted successfully."HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}" => Key deleted successfully."HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}" => Key deleted successfully."HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully."HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully."HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully."HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully."HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully. ========================= Folder: C:\Users\JUDY\AppData\Local\{A323528A-2121-4BB8-B742-20C0B4681180} ======================== ====== End of Folder: ====== ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ==== End of Fixlog ==== Link to post Share on other sites More sharing options...
LiquidTension Posted November 5, 2014 ID:902827 Share Posted November 5, 2014 Good job. Please work your way through the following, and let me know how you get on. STEP 1 Revo UninstallerPlease download and install Revo Uninstaller Free.Double-click Revo Uninstaller to run the programme. From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.Snap.DoUpdate Manager for SweetPacks 1.1Web Assistant 2.0.0.445 Double-click the programme. When prompted if you want to uninstall click Yes.Ensure the Moderate option is selected and click Next.The programme uninstaller will run. If prompted again click Yes.Work your way through the uninstaller, ensuring you read each page thoroughly.Note: Ensure you decline offers of additional software if applicable. Once the built-in uninstaller is finished click Next.Once the programme has searched for leftovers click Next.Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.When prompted click Yes, followed by Next.Click Select all, followed by Delete.When prompted click Yes, followed by Next.Once done click Finish. STEP 2 AdwCleanerPlease download AdwCleaner and save the file to your Desktop.Right-Click AdwCleaner.exe and select Run as administrator to run the programme.Follow the prompts. Click Scan. Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. Ensure anything you know to be legitimate does not have a checkmark, and click Clean. Follow the prompts and allow your computer to reboot. After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt. STEP 3 Junkware Removal Tool (JRT)Please download Junkware Removal Tool and save the file to your Desktop.Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.Temporarily disable your anti-virus software. For instructions, please refer to the following link.Right-Click JRT.exe and select Run as administrator to run the programme.Follow the prompts and allow the scan to run uninterrupted. Upon completion, a log (JRT.txt) will open on your desktop.Re-enable your anti-virus software.Copy the contents of JRT.txt and paste in your next reply. STEP 4 Farbar Recovery Scan Tool (FRST) Scan(!) Load each profile before running the scan. Right-Click FRST.exe and select Run as administrator to run the programme.Click Yes to the disclaimer.Ensure the Addition.txt box is checked.Click the Scan button and let the programme run.Upon completion, click OK, then OK on the Addition.txt pop up screen.Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. ======================================================STEP 5 LogsIn your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.Did the programmes uninstall OK?AdwCleaner[s0].txtJRT.txtFRST.txtAddition.txt Link to post Share on other sites More sharing options...
tasnan49 Posted November 5, 2014 Author ID:902862 Share Posted November 5, 2014 Hi Adam: Snap.Do Could not find file, neither could IUpdate Manager for SweetPacks 1.1 Could not find file, neither could I . I had tried previously to uinstall this via Control Panel and could notWeb Assistant 2.0.0.445 Removed complletelyAlso removed the Video Convertor which was still there!removed AvSynth 2.5# AdwCleaner v3.311 - Report created 05/11/2014 at 16:30:27# Updated 30/09/2014 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (32 bits)# Username : JUDY - JUDY-PC# Running from : C:\Users\JUDY\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** [#] Service Deleted : vToolbarUpdater11.2.0 ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\SweetIMFolder Deleted : C:\Users\JUDY\AppData\Local\AVG Secure SearchFolder Deleted : C:\Users\JUDY\AppData\Local\PackageAwareFolder Deleted : C:\Users\JUDY\AppData\LocalLow\AVG Secure SearchFolder Deleted : C:\Users\JUDY\AppData\LocalLow\ConduitFolder Deleted : C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmnaFile Deleted : C:\Users\JUDY\AppData\Roaming\Mozilla\Firefox\Profiles\h8qyudtn.default\user.jsFile Deleted : C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorageFile Deleted : C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** Shortcut Disinfected : C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Mahjong Games\Uninstall.lnk ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLLKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPIKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObjKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApiKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLEKey Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kodak-easyshare_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kodak-easyshare_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\AVG Secure SearchKey Deleted : HKCU\Software\IGearSettingsKey Deleted : HKCU\Software\IMKey Deleted : HKCU\Software\ImInstallerKey Deleted : HKCU\Software\WebplayerKey Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKLM\SOFTWARE\AVG Secure SearchKey Deleted : HKLM\SOFTWARE\ConduitKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556AKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228EKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADBKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7CKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2BKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992CKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199DKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50BKey Deleted : HKLM\SOFTWARE\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50BKey Deleted : HKLM\SOFTWARE\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50BKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17344 -\\ Mozilla Firefox v32.0.3 (x86 en-GB) [ File : C:\Users\JUDY\AppData\Roaming\Mozilla\Firefox\Profiles\h8qyudtn.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [10404 octets] - [05/11/2014 16:28:02]AdwCleaner[s0].txt - [10487 octets] - [05/11/2014 16:30:27] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10548 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.3.5 (10.31.2014:1)OS: Windows 7 Professional x86Ran by JUDY on Wed 05/11/2014 at 16:49:18.70~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASMANCS ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\JUDY\appdata\local\{8D4C5E4E-A671-4BA6-BD19-242FA44214C6}Successfully deleted: [Empty Folder] C:\Users\JUDY\appdata\local\{A323528A-2121-4BB8-B742-20C0B4681180}Successfully deleted: [Empty Folder] C:\Users\JUDY\appdata\local\{C485D0C4-DAC5-4419-99E3-6D3A870FB7F4}Successfully deleted: [Empty Folder] C:\Users\JUDY\appdata\local\{CC4C4E79-F2A3-4CE1-83E7-F48E537514A5}Successfully deleted: [Empty Folder] C:\Users\JUDY\appdata\local\{E20FAF53-5EDD-4581-AA5D-21064EA12770}Successfully deleted: [Empty Folder] C:\Users\JUDY\appdata\local\{EF68F226-9C3F-4349-98CF-53AA638B67D6} ~~~ FireFox Successfully deleted: [File] C:\user.jsEmptied folder: C:\Users\JUDY\AppData\Roaming\mozilla\firefox\profiles\h8qyudtn.default\minidumps [28 files] ~~~ Chrome Successfully deleted: [Folder] C:\Users\JUDY\appdata\local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmnaSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\cdjbnddbclciabnckgeahmneohjlahdm ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 05/11/2014 at 16:53:25.82End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ LastRegBack: 2014-11-05 00:12 ==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2014Ran by JUDY at 2014-11-05 17:00:26Running from C:\Users\JUDY\Dropbox\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) HiddenAdobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)Adobe Creative Suite 4 Master Collection (HKLM\...\Adobe_7e74552a59eaf9fafd13f90894ac9bd) (Version: 4.0 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon)Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)AUSkey software 1.4.4 (HKLM\...\{24D37B30-83B4-46A7-A691-30F2FCEAE58E}) (Version: 1.4.4 - ABR)Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)CameraHelperMsi (Version: 13.31.1038.0 - Logitech) HiddenCashbook Complete (HKLM\...\Cashbook Complete) (Version: - )CCScore (Version: 7.00.0000.0001 - EASTMAN KODAK Company) HiddenConnect (Version: 1.0.0.1 - Adobe Systems Incorporated) HiddenD3DX10 (Version: 15.4.2368.0902 - Microsoft) HiddenDHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)Dropbox (HKCU\...\Dropbox) (Version: 2.11.33 - Dropbox, Inc.)EasyRotator Wizard (HKLM\...\com.dwuser.erwizard.EasyRotatorWizard) (Version: 1.0.124 - Magnetic Marketing Corp)EasyRotator Wizard (Version: 1.0.124 - Magnetic Marketing Corp) HiddeneM Client (HKLM\...\{8A33684C-A2EF-4A49-A4A9-BD6EF80EC12A}) (Version: 6.0.21040.0 - eM Client Inc.)erLT (Version: 1.20.138.34 - Logitech, Inc.) HiddenESSBrwr (Version: 7.00.0000.0003 - EASTMAN KODAK Company) HiddenESSCDBK (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenESScore (Version: 7.00.0000.0008 - EASTMAN KODAK Company) HiddenESSgui (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenESSini (Version: 7.00.0000.0003 - EASTMAN KODAK Company) HiddenESSPCD (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) HiddenESSSONIC (Version: 6.4.0000.0001 - EASTMAN KODAK Company) HiddenESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hiddenessvatgt (Version: 7.00.0000.0002 - EASTMAN KODAK Company) Hiddene-tax 2014 (HKLM\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.10.788 - Australian Taxation Office)Fences 2 (HKLM\...\Fences 22.01) (Version: 2.01 - Stardock Corporation)fflink (Version: 6.02.1001.0001 - EASTMAN KODAK Company) HiddenFileZilla Client 3.9.0.5 (HKLM\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)Fotosizer 2.08 (HKLM\...\Fotosizer) (Version: 2.08.0.545 - Fotosizer.com)GanttProject (HKLM\...\GanttProject) (Version: - )GIMP 2.6.12-2 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.12 - The GIMP Team)Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)Google Drive (HKLM\...\{56D4499E-AC3E-4B8D-91C9-C700C148C44B}) (Version: 1.13.5782.599 - Google, Inc.)Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (Version: 1.3.22.3 - Google Inc.) HiddenHP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)iCloud (HKLM\...\{AC6EE263-E4DD-4150-9014-689B1D4A3315}) (Version: 4.0.5.20 - Apple Inc.)ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)Internode Monthly Usage Meter 8.2a (HKLM\...\Internode Monthly Usage Meter_is1) (Version: - )iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)kgcbase (Version: 5.03.0000.0004 - EASTMAN KODAK Company) HiddenKobo (HKLM\...\Kobo) (Version: 3.0.4 - Kobo Inc.)Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)Korean Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5670-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)kuler (Version: 2.0 - Adobe Systems Incorporated) HiddenLogitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)Lyrics Plugin for Windows Media Player (HKLM\...\{43002AE2-4093-49E0-A03D-990EE184C568}) (Version: 0.4 - Lyrics Plugin)Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)MariusSoft Bulk Image Resizer (HKLM\...\{DE563E12-A92C-4547-A3E4-D93D744164D7}) (Version: 1.0.0 - MariusSoft LLC)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)MSVCRT (Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)netbrdg (Version: 7.00.0000.0003 - EASTMAN KODAK Company) HiddenOfotoXMI (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenOpera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)OverDrive Media Console (HKLM\...\{D647F06F-2908-487E-9CDA-DE52148CBF49}) (Version: 3.2.10 - OverDrive, Inc.)PASSAGE 3 (English version) (HKLM\...\P3E) (Version: - )Password Generator (remove only) (HKCU\...\Password Generator) (Version: - WinCatalog.com)PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) HiddenPhotoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) HiddenPixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) HiddenProject Viewer 2010 SP1 (HKLM\...\{E0993C3B-5CCB-4160-A9CE-86604DAC20BE}) (Version: 17.3.0 - Viewer Central)PSPad editor (HKLM\...\PSPad editor_is1) (Version: - Jan Fiala)QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)SFR (Version: 7.00.0000.0004 - Eastman Kodak Company) HiddenSHASTA (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hiddenskin0001 (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenSKINXSDK (Version: 7.00.0000.0001 - EASTMAN KODAK Company) HiddenSnap.Do (HKLM\...\{F33C8209-E8E0-49C8-8D7E-363CD346C801}) (Version: 11.117.1.19710 - ReSoft Ltd.) <==== ATTENTIONstaticcr (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenSuite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) HiddenTeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)tooltips (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenUpdate for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)VPRINTOL (Version: 7.00.0000.0001 - EASTMAN KODAK Company) HiddenWD SmartWare (HKLM\...\{A6813E19-244A-476E-8AE5-A1176739EEE5}) (Version: 1.6.0.25 - Western Digital)Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)WIRELESS (Version: 7.00.0000.0002 - EASTMAN KODAK Company) HiddenWOW Slider (HKLM\...\WOW Slider_is1) (Version: - )XAMPP 1.7.7 (HKLM\...\xampp) (Version: - )Yahoo!7 Messenger (HKLM\...\Yahoo!7 Messenger) (Version: - Yahoo! Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{20C62CA0-15DA-101B-B9A8-444553540000}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{20C62CAB-15DA-101B-B9A8-444553540000}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\delegate_execute.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{6FBA474B-43AC-11CE-9A0E-00AA0062BB4C}\InprocServer32 -> C:\Windows\system32\sysinfo.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BB1AE0D0-634E-11CF-8996-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BB1AE0D1-634E-11CF-8996-00AA00688B10}\InprocServer32 -> C:\Windows\system32\msmapi32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\JUDY\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JUDY\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\removevirus\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No FileCustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-3679276584-3606042885-2229931398-1003_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.) ==================== Restore Points ========================= 01-11-2014 20:19:35 Windows Backup03-11-2014 22:38:47 ComboFix created restore point04-11-2014 11:19:46 Windows Update05-11-2014 05:01:24 Revo Uninstaller Pro's restore point - Snap.Do05-11-2014 05:06:43 Revo Uninstaller Pro's restore point - Yahoo! Software Update05-11-2014 05:08:52 Revo Uninstaller Pro's restore point - Update Manager for SweetPacks 1.105-11-2014 05:10:47 Revo Uninstaller Pro's restore point - Web Assistant 2.0.0.44505-11-2014 05:15:27 Revo Uninstaller Pro's restore point - Videora iPod Converter 605-11-2014 05:17:30 Revo Uninstaller Pro's restore point - AviSynth 2.505-11-2014 05:21:21 Revo Uninstaller Pro's restore point - YouTube Downloader App 3.00 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 21:23 - 2014-11-04 09:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbsTask: {21F2886D-9563-41E3-B8C5-95BDB221CDC5} - System32\Tasks\SDMsgUpdate (Local) => C:\Program Files\SmartDraw CI\Messages\SDNotify.exe [2012-08-14] ()Task: {3674A452-9074-4D18-87C3-FC55398DB483} - System32\Tasks\HP AR Program Upload - 9bcc7fd55bd04f98b9848c21cb4fee10f8d5d3240f3c44208ada20b20a7f0d85 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)Task: {386DF063-9C35-431D-8683-E9DAE84E9651} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files\SmartDraw CI\Messages\SDNotify.exe [2012-08-14] ()Task: {391BB1EF-867C-4839-9B8C-396910A5E44D} - System32\Tasks\HP AR Program Upload - 6f2b85e691014a32b2dbda37ff2ee6c4a392746e39ef41818d4e9e816a03fa2d => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)Task: {4BB46668-3F6B-409D-8DB3-94333546E251} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbsTask: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {745039D9-7BF1-41E3-97D2-5B60E330E2DB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exeTask: {75E37D6C-CBC4-493F-B1B7-483D95D6B643} - System32\Tasks\HP AR Program Upload - 6a1b909d73cf47668c635d1b70c737f0df200fce71c9499d8fe5fa4d11bad297 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)Task: {7C2A209A-4AFB-4724-B6CD-66C82A14B26D} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)Task: {9A8E8E42-C684-45C0-9DCD-FF01AAC4010E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)Task: {BDF21EC8-095B-4549-A19E-81B537B27472} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-03] (Adobe Systems Incorporated)Task: {BF0BDD64-C447-4609-A36B-1B1CA457F183} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.)Task: {CD262629-5463-42A9-8239-3C2F3552F4DB} - System32\Tasks\HP AR Program Upload - af41b27368bd45959bdc19a601e84794810127de4b2249b3be3a20b59b9b1845 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)Task: {D0604AD8-A356-494A-B4B5-97352F740746} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)Task: {D947123D-86E4-49CF-8F49-F98144E956F7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {F0AA8786-B93A-4845-B679-48E9B7228712} - System32\Tasks\eM Client Database Backup => C:\Program Files\eM Client\DbBackup.exe [2014-10-16] ()Task: {F1A343BC-AB6D-4640-A1C3-BBB4ACE7B2E9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exeTask: {F56D68F0-0162-4134-B52C-68906D1D09B3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exeTask: {FC9F2ABD-785C-4736-B580-7F629C05BDAE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core.job => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA.job => C:\Users\JUDY\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\SDMsgUpdate (Local).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeTask: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2012-04-26 12:45 - 2001-07-26 16:17 - 00692224 _____ () C:\Program Files\Internode\libeay32.dll2012-04-26 12:45 - 2001-07-26 16:18 - 00151552 _____ () C:\Program Files\Internode\ssleay32.dll2013-12-03 00:29 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll2013-12-03 00:28 - 2012-05-25 04:25 - 00078336 _____ () C:\Program Files\Yahoo!\Messenger\pcre.dll2014-10-21 16:16 - 2014-10-21 16:16 - 00750080 _____ () C:\Users\JUDY\AppData\Roaming\Dropbox\bin\libGLESv2.dll2014-11-05 16:42 - 2014-11-05 16:42 - 00043008 _____ () c:\users\judy\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvl3qsy.dll2014-10-21 16:16 - 2014-10-21 16:16 - 00047616 _____ () C:\Users\JUDY\AppData\Roaming\Dropbox\bin\libEGL.dll2014-10-21 16:16 - 2014-10-21 16:16 - 00863744 _____ () C:\Users\JUDY\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll2014-10-21 16:16 - 2014-10-21 16:16 - 00200704 _____ () C:\Users\JUDY\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll2014-09-07 03:44 - 2014-09-07 03:44 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll2014-05-25 03:41 - 2014-05-25 03:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll2014-05-25 03:41 - 2014-05-25 03:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll2012-04-21 15:00 - 2009-11-16 21:31 - 00069632 _____ () C:\Program Files\PSPad editor\PSPadShell.dll2014-10-30 00:29 - 2014-10-22 15:04 - 01042760 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll2014-10-30 00:29 - 2014-10-22 15:04 - 00211272 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll2014-10-30 00:29 - 2014-10-22 15:04 - 08910664 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll2014-10-30 00:29 - 2014-10-22 15:04 - 01681224 _____ () C:\Users\JUDY\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll2014-11-03 14:51 - 2014-11-03 14:51 - 16832176 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCT_SKMScan => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: vseamps => 2MSCONFIG\Services: vsedsps => 2MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-3679276584-3606042885-2229931398-500 - Administrator - Disabled)Graham (S-1-5-21-3679276584-3606042885-2229931398-1007 - Administrator - Enabled) => C:\Users\GrahamGuest (S-1-5-21-3679276584-3606042885-2229931398-501 - Limited - Enabled)HomeGroupUser$ (S-1-5-21-3679276584-3606042885-2229931398-1005 - Limited - Enabled)JUDY (S-1-5-21-3679276584-3606042885-2229931398-1000 - Administrator - Enabled) => C:\Users\JUDYPublic (S-1-5-21-3679276584-3606042885-2229931398-1006 - Limited - Enabled)removevirus (S-1-5-21-3679276584-3606042885-2229931398-1003 - Administrator - Enabled) => C:\Users\removevirus ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:================== System errors:=============Error: (11/05/2014 04:59:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: %%1058 Error: (11/05/2014 04:58:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: %%1058 Error: (11/05/2014 04:58:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: %%1058 Error: (11/05/2014 04:57:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error: %%1058 Error: (11/05/2014 04:57:26 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1068WDBackup{81213AB4-5937-4340-88CD-66B4BC80DF73} Microsoft Office Sessions:=========================Error: (02/20/2013 10:50:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 58 seconds with 0 seconds of active time. This session ended with a crash. Error: (02/20/2013 10:32:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 884 seconds with 480 seconds of active time. This session ended with a crash. Error: (09/20/2012 11:39:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2836 seconds with 1380 seconds of active time. This session ended with a crash. CodeIntegrity Errors:=================================== Date: 2013-04-11 12:50:08.371 Description: Code Integrity is unable to verify the image integrity of the file \Device\CdRom0\HitmanPro.exe because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:08:27.523 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:08:27.507 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:08:27.507 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:08:27.492 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:08:27.492 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:04:49.404 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:04:49.404 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:04:49.388 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2012-04-20 19:04:49.388 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E7200 @ 2.53GHzPercentage of memory in use: 55%Total physical RAM: 3326.18 MBAvailable physical RAM: 1496.67 MBTotal Pagefile: 6650.64 MBAvailable Pagefile: 4411.16 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1906.73 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.01 GB) (Free:63.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (Steamfest 2014) (CDROM) (Total:1.1 GB) (Free:0 GB) UDFDrive e: (WD Unlocker) (CDROM) (Total:0.02 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 166E37A8)Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)Attempted reading MBR returned 0 bytes. Could not read MBR for disk 1. ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
LiquidTension Posted November 5, 2014 ID:902880 Share Posted November 5, 2014 Hi Judy, Please post the contents of FRST.txt as well. Link to post Share on other sites More sharing options...
tasnan49 Posted November 5, 2014 Author ID:902931 Share Posted November 5, 2014 Sorry here it isScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014Ran by JUDY (administrator) on JUDY-PC on 05-11-2014 20:44:42Running from C:\Users\JUDY\Dropbox\DesktopLoaded Profiles: JUDY & removevirus & Graham (Available profiles: JUDY & removevirus & Graham)Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: "https://www.google.com.au/webhp?" CHR Profile: C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-04]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]CHR Extension: (Web Developer) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2012-04-20]CHR Extension: (ColorZilla) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2012-11-17]CHR Extension: (YouTube) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-20]CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2012-04-20]CHR Extension: (QR Code Generator) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cicimfkkbejhggfjaabggafffgdnjgjp [2012-08-29]CHR Extension: (Google Search) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-20]CHR Extension: (20-20 3D Viewer for Virtual Studio) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbhljkhbideandpbhpinhedfgdhkpdc [2014-01-11]CHR Extension: (Lorem Ipsum Generator) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpfoncmmihgkooacnplecaopcefceam [2012-08-29]CHR Extension: (Google Earth The Instant Way) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpifhlbldgbpgcgpcmiakanpghoddbme [2012-05-12]CHR Extension: (The QR Code Generator) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2012-08-29]CHR Extension: (Pin It Button) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-10-24]CHR Extension: (ManageWP) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfehlfmidmihiohmobbfnbpgkckijbjj [2012-08-06]CHR Extension: (HTML5 Web Development IDE) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kheidghjolippfddjfloeinafjkcgcic [2012-11-17]CHR Extension: (Google Maps) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2012-05-12]CHR Extension: (Google Wallet) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]CHR Extension: (SEO for Chrome) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2012-04-20]CHR Extension: (Gmail) - C:\Users\JUDY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-20]CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JUDY\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-04]CHR StartMenuInternet: Google Chrome - C:\Users\JUDY\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)S4 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)S2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1150368 2012-04-24] (Western Digital )S4 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [247704 2012-04-11] (Western Digital) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.)S3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.)R3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [22176 2012-01-18] (Logitech Inc.)R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-12-03] (EldoS Corporation)R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-10-01] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)U4 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-05] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [28256 2014-08-13] (EldoS Corporation)R1 SCT_SKMScan; C:\Windows\System32\DRIVERS\sct_skmscan.sys [33096 2012-10-12] (Sophos Limited)S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-01-15] ()S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]S3 catchme; \??\C:\Users\JUDY\AppData\Local\Temp\catchme.sys [X]S3 massfilter_hs; \??\C:\Windows\system32\drivers\massfilter_hs.sys [X]S3 zghsdiag; system32\DRIVERS\zghsdiag.sys [X]S3 zghsmdm; system32\DRIVERS\zghsmdm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-05 19:56 - 2014-11-05 19:56 - 00045719 _____ () C:\Users\JUDY\.recently-used.xbel2014-11-05 19:37 - 2014-11-05 19:37 - 00000162 ____H () C:\Users\JUDY\Desktop\~$010336027.dotx2014-11-05 16:57 - 2014-11-05 16:57 - 00000000 ____D () C:\Users\removevirus\AppData\Local\VS Revo Group2014-11-05 16:53 - 2014-11-05 16:53 - 00001922 _____ () C:\Users\JUDY\Desktop\JRT.txt2014-11-05 16:49 - 2014-11-05 16:49 - 00000000 ____D () C:\Windows\ERUNT2014-11-05 16:46 - 2014-11-05 16:46 - 01706359 _____ (Thisisu) C:\Users\JUDY\Desktop\JRT.exe2014-11-05 16:27 - 2014-11-05 16:30 - 00000000 ____D () C:\AdwCleaner2014-11-05 16:25 - 2014-11-05 16:26 - 01375089 _____ () C:\Users\JUDY\Desktop\AdwCleaner.exe2014-11-05 15:59 - 2014-11-05 15:59 - 00001234 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk2014-11-05 15:59 - 2014-11-05 15:59 - 00000000 ____D () C:\Users\JUDY\AppData\Local\VS Revo Group2014-11-05 15:59 - 2014-11-05 15:59 - 00000000 ____D () C:\ProgramData\VS Revo Group2014-11-05 15:59 - 2014-11-05 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro2014-11-05 15:59 - 2014-11-05 15:59 - 00000000 ____D () C:\Program Files\VS Revo Group2014-11-05 15:59 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys2014-11-05 15:57 - 2014-11-05 15:57 - 10691640 _____ (VS Revo Group ) C:\Users\JUDY\Desktop\RevoUninProSetup.exe2014-11-05 15:57 - 2014-11-05 15:57 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\JUDY\Desktop\revosetup.exe2014-11-05 08:18 - 2014-11-05 08:18 - 00871527 _____ () C:\Users\JUDY\Desktop\graphicriver-263359-four-coffee-design-templates.zip2014-11-05 08:15 - 2014-11-05 08:15 - 02338942 _____ () C:\Users\JUDY\Desktop\codecanyon-7127218-book-a-place-pro-wordpress-plugin.zip2014-11-05 08:15 - 2014-11-05 08:15 - 02338942 _____ () C:\Users\JUDY\Desktop\codecanyon-7127218-book-a-place-pro-wordpress-plugin (1).zip2014-11-04 18:57 - 2014-11-04 18:57 - 06126536 _____ (Tim Kosse) C:\Users\JUDY\Downloads\FileZilla_3.9.0.6_win32-setup.exe2014-11-04 15:03 - 2014-11-04 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud2014-11-04 15:01 - 2014-11-04 15:01 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-11-04 15:01 - 2014-11-04 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-11-04 15:00 - 2014-11-04 15:01 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB2014-11-04 15:00 - 2014-11-04 15:00 - 00000000 ____D () C:\Program Files\iPod2014-11-04 11:12 - 2014-11-04 13:26 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics2014-11-04 10:14 - 2014-11-04 10:14 - 00000000 ____D () C:\Users\removevirus\AppData\Local\Google2014-11-04 10:07 - 2014-11-04 10:07 - 00019827 _____ () C:\ComboFix.txt2014-11-04 09:19 - 2014-11-04 09:19 - 05591672 _____ (Swearware) C:\Users\JUDY\Desktop\ComboFix.exe2014-11-03 14:51 - 2014-11-05 20:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-11-03 14:51 - 2014-11-03 14:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2014-11-03 14:51 - 2014-11-03 14:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2014-10-30 19:11 - 2010-11-20 23:21 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll2014-10-30 11:11 - 2014-11-05 20:44 - 00000000 ____D () C:\FRST2014-10-30 01:46 - 2014-10-30 01:46 - 00000097 _____ () C:\Users\JUDY\Desktop\FRST.txt2014-10-30 00:55 - 2014-10-30 00:56 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\JUDY\Desktop\tdsskiller.exe2014-10-30 00:54 - 2014-10-30 01:46 - 00044517 _____ () C:\Users\JUDY\Desktop\Addition.txt2014-10-30 00:49 - 2014-10-30 00:49 - 01105408 _____ (Farbar) C:\Users\JUDY\Desktop\FRST.exe2014-10-29 19:19 - 2014-10-29 19:24 - 00000000 ____D () C:\.Trash-9992014-10-28 19:02 - 2014-11-05 16:30 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Mahjong Games2014-10-26 15:24 - 2014-10-26 15:26 - 25491968 _____ () C:\Users\JUDY\Desktop\Steamfest 2014 - Exhibits & Stall Holders (Mick Smith's conflicted copy 2014-03-05).xls2014-10-15 18:27 - 2014-06-27 12:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll2014-10-15 17:51 - 2014-09-18 12:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-10-15 17:51 - 2014-06-25 12:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-10-15 17:51 - 2014-06-24 13:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2014-10-15 17:50 - 2014-09-25 12:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2014-10-15 17:50 - 2014-09-05 12:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-10-15 17:50 - 2014-08-01 22:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL2014-10-15 17:50 - 2014-07-09 12:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL2014-10-15 17:50 - 2014-07-09 12:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL2014-10-15 17:50 - 2014-07-09 09:30 - 00419992 _____ () C:\Windows\system32\locale.nls2014-10-15 17:49 - 2014-09-10 08:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-10-15 17:35 - 2014-09-29 11:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-10-15 17:32 - 2014-09-04 16:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-10-15 17:31 - 2014-07-17 12:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-10-15 17:31 - 2014-07-17 12:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-10-15 17:31 - 2014-07-17 12:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-10-15 17:31 - 2014-07-17 12:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-10-15 17:31 - 2014-07-17 12:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-10-15 17:31 - 2014-07-17 12:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-10-15 17:30 - 2014-07-17 12:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-10-15 17:30 - 2014-07-17 12:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2014-10-15 17:29 - 2014-10-07 13:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-10-15 17:29 - 2014-09-26 09:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-15 17:29 - 2014-09-26 09:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-15 17:29 - 2014-09-26 09:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-15 17:29 - 2014-09-26 09:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-15 17:29 - 2014-09-26 09:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-15 17:29 - 2014-09-19 12:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-15 17:29 - 2014-09-19 12:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-15 17:29 - 2014-09-19 12:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-15 17:29 - 2014-09-19 12:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-10-15 17:29 - 2014-09-19 12:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-15 17:29 - 2014-09-19 12:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-10-15 17:29 - 2014-09-19 12:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-10-15 17:29 - 2014-09-19 11:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-10-15 17:29 - 2014-09-19 11:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-15 17:29 - 2014-09-19 11:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-15 17:29 - 2014-09-19 11:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-10-15 17:29 - 2014-09-19 11:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-15 17:29 - 2014-09-19 11:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-15 17:29 - 2014-09-19 11:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-10-15 17:29 - 2014-09-19 11:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-10-15 17:29 - 2014-09-19 11:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-10-15 17:29 - 2014-09-19 11:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-10-15 17:29 - 2014-09-19 11:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-10-15 17:29 - 2014-09-19 11:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-10-15 17:29 - 2014-09-19 11:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-15 17:29 - 2014-09-19 11:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-10-15 17:29 - 2014-09-19 10:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-15 17:29 - 2014-09-19 10:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-15 17:29 - 2014-09-19 10:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-10-15 17:29 - 2014-06-19 09:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-15 17:29 - 2014-06-19 09:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-15 17:29 - 2014-06-19 09:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-15 17:28 - 2014-09-13 12:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-10-15 17:28 - 2014-08-29 12:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll2014-10-15 17:27 - 2014-07-07 12:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll2014-10-15 17:27 - 2014-07-07 12:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll2014-10-15 17:27 - 2014-07-07 12:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll2014-10-15 17:27 - 2014-07-07 12:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll2014-10-15 17:27 - 2014-07-07 12:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe2014-10-15 17:27 - 2014-07-07 12:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-10-15 17:27 - 2014-07-07 12:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys2014-10-15 17:27 - 2014-06-28 11:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe2014-10-15 17:27 - 2014-06-28 11:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe2014-10-15 17:27 - 2014-06-28 11:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll2014-10-15 17:26 - 2014-08-19 13:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll2014-10-15 17:26 - 2014-08-19 13:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll2014-10-15 17:26 - 2014-08-19 13:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll2014-10-15 17:26 - 2014-08-19 13:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe2014-10-15 17:26 - 2014-08-19 13:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe2014-10-15 17:26 - 2014-08-19 12:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys2014-10-15 17:26 - 2014-07-07 12:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2014-10-15 17:26 - 2014-07-07 12:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll2014-10-15 17:26 - 2014-07-07 12:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx2014-10-15 17:26 - 2014-07-07 12:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll2014-10-15 17:26 - 2014-07-07 12:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL2014-10-15 17:26 - 2014-07-07 12:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe2014-10-15 17:26 - 2014-07-07 12:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe2014-10-15 17:26 - 2014-07-07 12:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe2014-10-15 17:26 - 2014-07-07 12:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll2014-10-14 18:30 - 2014-10-14 18:30 - 00474271 _____ () C:\Users\JUDY\Desktop\Dimensions.xlsx2014-10-13 13:25 - 2014-10-30 00:15 - 00000408 _____ () C:\Windows\system32\iolo.ini2014-10-13 13:10 - 2014-10-13 13:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-10-10 09:02 - 2014-10-10 09:02 - 00007435 _____ () C:\Users\JUDY\Desktop\2014-June.txt.gz2014-10-09 20:33 - 2014-10-09 20:33 - 00000000 ____D () C:\Users\JUDY\Desktop\2014+TasTourismAwards+Finalist+Logos2014-10-09 13:35 - 2014-10-09 13:35 - 00000064 _____ () C:\Users\JUDY\Desktop\Steamfest call tracker.laccdb2014-10-07 14:44 - 2014-10-07 14:44 - 00000000 ____D () C:\Users\JUDY\NZBDriveCache2014-10-07 14:37 - 2014-10-07 14:37 - 00000000 ____D () C:\Users\JUDY\AppData\Local\ByteFountain2014-10-07 14:35 - 2014-10-07 15:00 - 00000000 ____D () C:\Program Files\NZBDrive2014-10-07 14:35 - 2014-01-08 23:34 - 00051712 _____ () C:\Windows\system32\dokanx.dll2014-10-07 14:27 - 2014-10-07 14:28 - 05194104 _____ (ByteFountain ) C:\Users\JUDY\Desktop\nzbdrive-setup-1.1.1-win.exe2014-10-06 16:42 - 2014-10-06 16:43 - 00000000 ____D () C:\Users\JUDY\Desktop\TOSHIBA ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-05 20:28 - 2012-04-20 22:25 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000UA.job2014-11-05 20:01 - 2012-04-21 14:45 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\FileZilla2014-11-05 19:56 - 2014-09-17 18:04 - 00000000 ____D () C:\Users\JUDY\.gimp-2.62014-11-05 19:56 - 2012-04-20 20:30 - 00000000 ____D () C:\Users\JUDY2014-11-05 19:19 - 2014-07-07 23:07 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-11-05 17:35 - 2012-04-21 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client2014-11-05 17:35 - 2012-04-21 14:44 - 00000000 ____D () C:\Program Files\FileZilla FTP Client2014-11-05 17:34 - 2012-06-11 00:49 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\eM Client2014-11-05 16:56 - 2013-12-08 22:31 - 00000478 _____ () C:\Windows\Tasks\SDMsgUpdate (Local).job2014-11-05 16:56 - 2013-12-08 22:31 - 00000470 _____ () C:\Windows\Tasks\SDMsgUpdate (TE).job2014-11-05 16:50 - 2012-04-20 20:36 - 01799370 _____ () C:\Windows\WindowsUpdate.log2014-11-05 16:44 - 2012-05-09 17:30 - 00000000 ___RD () C:\Users\JUDY\Dropbox2014-11-05 16:43 - 2012-05-09 16:35 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Dropbox2014-11-05 16:40 - 2012-04-20 20:29 - 00010080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-11-05 16:40 - 2012-04-20 20:29 - 00010080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-11-05 16:33 - 2014-09-27 22:25 - 00075453 _____ () C:\Windows\setupact.log2014-11-05 16:33 - 2009-07-14 15:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-11-05 16:32 - 2012-04-20 20:33 - 02524592 _____ () C:\Windows\PFRO.log2014-11-05 16:07 - 2013-12-03 00:29 - 00000000 ____D () C:\ProgramData\Yahoo!2014-11-05 16:07 - 2012-04-21 14:01 - 00000000 ____D () C:\Program Files\Yahoo!2014-11-05 16:02 - 2013-07-08 18:15 - 00016896 ___SH () C:\Users\JUDY\Thumbs.db2014-11-05 15:29 - 2009-07-14 15:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2014-11-05 05:28 - 2012-04-20 22:25 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679276584-3606042885-2229931398-1000Core.job2014-11-05 01:42 - 2012-12-20 11:11 - 00000000 ____D () C:\Users\JUDY\Documents\eM Client2014-11-04 15:43 - 2012-04-22 19:52 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\gtk-2.02014-11-04 15:01 - 2013-10-18 16:49 - 00000000 ____D () C:\Program Files\iTunes2014-11-04 15:00 - 2014-08-15 15:59 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-11-04 15:00 - 2012-08-27 22:56 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-11-04 13:32 - 2012-04-20 20:43 - 00786474 _____ () C:\Windows\system32\PerfStringBackup.INI2014-11-04 10:15 - 2013-03-26 21:58 - 00116576 _____ () C:\Users\removevirus\AppData\Local\GDIPFONTCACHEV1.DAT2014-11-04 10:07 - 2014-01-22 22:44 - 00000000 ____D () C:\Qoobox2014-11-04 09:58 - 2009-07-14 13:04 - 00000215 _____ () C:\Windows\system.ini2014-11-04 09:56 - 2014-01-22 22:43 - 00000000 ____D () C:\Windows\erdnt2014-11-04 09:37 - 2012-04-21 13:59 - 00000000 ____D () C:\Users\JUDY\Documents\INSTALLS TO KEEP2014-11-03 20:14 - 2014-09-29 10:51 - 01802240 _____ () C:\Users\JUDY\Documents\RWCSHS.accdb2014-11-03 14:59 - 2012-04-20 22:50 - 00000000 ____D () C:\Users\JUDY\AppData\Local\Adobe2014-11-01 05:20 - 2013-10-24 09:54 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-10-30 12:34 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\system32\LogFiles2014-10-30 12:16 - 2013-07-04 01:39 - 00000000 ____D () C:\Program Files\etax20132014-10-30 09:11 - 2012-04-21 14:19 - 00000000 ____D () C:\Users\JUDY\Documents\WEB DESIGN TOOLS2014-10-30 07:52 - 2014-07-10 11:11 - 00000000 ____D () C:\Users\Graham2014-10-30 07:52 - 2013-03-26 21:57 - 00000000 ____D () C:\Users\removevirus2014-10-30 07:52 - 2012-04-21 15:00 - 00000000 ____D () C:\Program Files\PSPad editor2014-10-30 07:52 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\system32\wfp2014-10-30 07:52 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\registration2014-10-30 03:24 - 2012-05-20 01:17 - 00000000 ____D () C:\Users\JUDY\AppData\Local\Western_Digital2014-10-30 00:15 - 2012-04-20 23:18 - 00000392 _____ () C:\Windows\system32\iolo.ini.txt2014-10-28 06:35 - 2012-04-20 21:13 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-10-27 18:39 - 2012-04-21 15:44 - 00000000 ____D () C:\Windows\system32\config\SM Registry Backup2014-10-24 17:19 - 2012-04-21 13:45 - 00000000 ____D () C:\Users\JUDY\Documents\Cashbook Data2014-10-24 17:19 - 2012-04-21 13:44 - 00000000 ____D () C:\ProgramData\Cashbook Complete2014-10-23 11:57 - 2014-07-13 19:34 - 00000000 ____D () C:\Users\JUDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-tax 20142014-10-23 11:57 - 2014-07-13 19:34 - 00000000 ____D () C:\Program Files\etax20142014-10-21 16:07 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\PLA2014-10-17 10:04 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\Microsoft.NET2014-10-17 09:56 - 2012-06-11 00:48 - 00000924 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk2014-10-17 09:56 - 2012-06-11 00:48 - 00000000 ____D () C:\Program Files\eM Client2014-10-15 20:08 - 2009-07-14 13:37 - 00000000 ____D () C:\Windows\rescache2014-10-15 19:26 - 2014-07-07 22:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-10-15 19:26 - 2009-07-14 15:33 - 02355440 _____ () C:\Windows\system32\FNTCACHE.DAT2014-10-15 18:32 - 2012-04-21 21:43 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-10-15 18:23 - 2013-08-15 04:06 - 00000000 ____D () C:\Windows\system32\MRT2014-10-15 18:08 - 2012-04-22 10:17 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-10-15 14:22 - 2012-09-03 12:47 - 00000000 ____D () C:\Users\JUDY\Documents\My Kindle Content2014-10-14 08:54 - 2014-07-07 22:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-10-13 13:10 - 2012-04-20 22:22 - 00000000 ____D () C:\Program Files\Common Files\Adobe2014-10-13 13:10 - 2012-04-20 22:22 - 00000000 ____D () C:\Program Files\Adobe2014-10-10 18:43 - 2013-02-23 13:54 - 00000000 ___SD () C:\Users\JUDY\Documents\My Data Sources Some content of TEMP:====================C:\Users\JUDY\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvl3qsy.dllC:\Users\JUDY\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-05 00:12 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
LiquidTension Posted November 5, 2014 ID:903165 Share Posted November 5, 2014 Hi Judy, Please do the following. STEP 1 Uninstall SoftwarePress the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.Search for the following programmes, right-click and click Uninstall.Note: Ensure you decline offers of additional software if applicable.Snap.DoFollow the prompts.Reboot if necessary. STEP 2 SystemLookPlease download SystemLook (x32) and save the file to your Desktop.Right-Click SystemLook.exe and select Run as administrator to run the programme.Copy the entire contents of the codebox below and paste into the textfield.:filefind*Snap.Do**ReSoft**SweetPacks* *SweetIM*:folderfind*Snap.Do**ReSoft**SweetPacks* *SweetIM*:regfindSnap.DoReSoftSweetPacks SweetIMClick the button to start the scan.Upon completion, a log (SystemLook.txt) will open. Copy the contents of the log and paste in your next reply.Click the button. ====================================================== STEP 3 LogsIn your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.Could you uninstall Snap.Do?SystemLook.txt Link to post Share on other sites More sharing options...
tasnan49 Posted November 5, 2014 Author ID:903303 Share Posted November 5, 2014 Hi Adam first up, Malwarebytes is bringing up a window that says it is unable to load the Anti-Rootkill DDA Driver, this may be caused by rootkit activity, and do I want to reboot to re install the driver? I have rebooted twice so far in response. Is this due to what we are doing on the pc or something else? Cannot uninstall Snap Do - it is on a network resource that is unavailable. It occurred to me it could be on the backup on my external HDD device (though how that would apply I didn't see) so I deleted the backup altogether and rebooted, still with the HDD connected. Unlocked the HDD and checked and the folder is gone. But it is still sitting there in my control panel!! I did this before I ran SystemLook.exe ystemLook 30.07.11 by jpshortstuffLog created at 09:05 on 06/11/2014 by JUDYAdministrator - Elevation successful ========== filefind ========== Searching for "*Snap.Do*"No files found. Searching for "*ReSoft*"C:\ProgramData\Western Digital\WD SmartWare\SmartWareSoftwareUpdater.txt --a---- 580 bytes [02:15 13/06/2012] [02:18 13/06/2012] ECA7D5952DC0502210FB956860D42B13C:\Users\All Users\Western Digital\WD SmartWare\SmartWareSoftwareUpdater.txt --a---- 580 bytes [02:15 13/06/2012] [02:18 13/06/2012] ECA7D5952DC0502210FB956860D42B13 Searching for "*SweetPacks* "No files found. Searching for "*SweetIM*"No files found. ========== folderfind ========== Searching for "*Snap.Do*"No folders found. Searching for "*ReSoft*"No folders found. Searching for "*SweetPacks* "No folders found. Searching for "*SweetIM*"C:\AdwCleaner\Quarantine\C\ProgramData\SweetIM d------ [05:30 05/11/2014] ========== regfind ========== Searching for "Snap.Do"No data found. Searching for "ReSoft"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3679276584-3606042885-2229931398-1000\Products\9028C33F0E8E8C94D8E763C33D648C10\InstallProperties]"Publisher"="ReSoft Ltd."[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F33C8209-E8E0-49C8-8D7E-363CD346C801}]"Publisher"="ReSoft Ltd." Searching for "SweetPacks "No data found. Searching for "SweetIM"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\ProgramData\SweetIM\"="1"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\ProgramData\SweetIM\Communicator\"="1"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\ProgramData\SweetIM\Communicator\Logs\"="1"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"C:\ProgramData\SweetIM\Communicator\conf\"=""[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{DC1F45BB-9CAB-465A-8F46-97307AEE465F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{BE95D885-9F7C-4D85-AE03-3D8998524789}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{DC1F45BB-9CAB-465A-8F46-97307AEE465F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{BE95D885-9F7C-4D85-AE03-3D8998524789}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{DC1F45BB-9CAB-465A-8F46-97307AEE465F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{BE95D885-9F7C-4D85-AE03-3D8998524789}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|" -= EOF =- Link to post Share on other sites More sharing options...
LiquidTension Posted November 6, 2014 ID:903351 Share Posted November 6, 2014 first up, Malwarebytes is bringing up a window that says it is unable to load the Anti-Rootkill DDA Driver, this may be caused by rootkit activity, and do I want to reboot to re install the driver? I have rebooted twice so far in response. Is this due to what we are doing on the pc or something else?This could be due to an issue with your MBAM installation, or the presence of a rootkit. We'll check for the latter now, and come back to Snap.Do later. STEP 1aswMBRPlease download aswMBR and save the file to your Desktop.Temporarily disable your anti-virus software. For instructions, please refer to the following link.Right-Click aswMBR.exe and select Run as administrator to run the programme.Click Yes when prompted to download avast! virus definitions. Wait until AVAST engine defs: ### appears.If you are prompted to enable the use of "Virtualization Technology", click Yes.Click the AV Scan: drop down box and click C:\.Click Scan.Upon completion, you will see Scan finished successfully. Click Save log. Save the log to your Desktop.Re-enable your anti-virus software.Copy the contents of the log and paste in your next reply.Note: Do NOT click Fix or FixMBR.Note: A file (MBR.dat) will be created on your Desktop. Do NOT click or delete it.STEP 2Malwarebytes Anti-Rootkit (MBAR)Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.Double-click MBAR.exe to run the installer.Select a convenient location to extract the contents and click OK. Navigate to the location you selected.Double-click MBAR.exe to run the programme.Right-Click MBAR.exe and select Run as administrator to run the programme.Follow the prompts to update the programme and scan your computer.Upon completion, click Cleanup and reboot your computer.After the reboot, rerun the programme to verify no threats remain. If threats are still detected, click the Cleanup button once more.Upon completion, two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.======================================================STEP 3LogsIn your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.aswMBR logmbar-log.txtsystem-log.txt Link to post Share on other sites More sharing options...
Recommended Posts