Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91980 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Very slow, freezes, Windows Update will not update, 25 suspicious host


  • This topic is locked This topic is locked
79 replies to this topic

#1 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 06 June 2014 - 12:14 AM

Very slow, freezes, Windows Update will not update, 25 suspicious host files, Chrome always shuts down and redirects, IE wont work, 9 unknown files in Winsock LSP, PUP.Optional.Tarma.A, 
 
HP G70 Notebook
Intel Core 2 Duo CPU
32bit Op Sys
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Local Disk © 144 GB free of 287 GB
Recovery Disk (D) 1.28 GB free (!!!) of 10.9 GB
Microsoft Security Essentials
 
Hi-
The computer has been acting weird lately. Everything runs SO slow. I have run a few scans but did not do any repairs or any quarantines. I did a System Restore 3 days ago and the problems continue. In Feb 2014 I had received help from your site with the following problems:Possible malware/virus=Websearch. Searchnewtab, keyword Hijacker, safesaverBHO, searchwebs, statcounter, zedo. I changed my internet provider and didnt have service for awhile, so I was unable to finish the troubleshooting. Im still having issues as you can see below.  :wall:
 
1. MBam showed this in registry files: PUP.Optional.Tarma.
2. HijackThis showed 9 of these files:   Unknown file in Winsock LSP  c:\windows\system32\wpdsp.dll
 
3. Windows Update - When I check for updates, it does a 5sec check and comes back with a message saying . "Updates can't be installed while Windows is running so you should save your work, close any open programs, and then restart your computer to finish the update process. The computer will reboot and 10 sec later a notification pops up saying that I need to update. Nothing ever updates. The process repeats over and over." 
The only Windows updates that show since 8/13/2013 are: Definition Update for Microsoft Security Essentials, which never used to show in Windows Updates!  It shows Most recent check for updates: Never and Updates installed: Never. I know there has been updates and something is blocking them. 
 
Problem Reports and Solutions 5/29/2014 showed this:
 
Windows Update intallation Problem  5/29/2014
Description
A Windows update did not install properly. Sending the following information to Microsoft can help improve the software.
Problem signature
Problem Event Name: WindowsUpdateFailure
ClientVersion: 7.6.7600.256
Win32HResult: 80070bc9
UpdateId: 61CA813A-7585-442E-A66B-B0D15CE6BDC0
Scenario: Scan
SourceId: 101
Environment: Unmanaged
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033
 
4. Internet Explorer- Will not work correctly. The initial page loads, but will freeze if I try to go to any another page or site. It freezes and a small box at the bottom of the page says the page isnt responding and I can click to "recover web page". If I click to recover or click the X to exit the page a Microsoft windows box pops up  saying the website is not responding and windows is checking for a solution to the problem. Then a new page pops up but its frozen. 
 
5. Chrome- Chrome is redirect pages. Chrome always shuts down at least every 15 min, Especially when there is more than 2 tabs open. Keep getting pop-ups. Ive also noticed when filling out usernames and passwords on any site that the color of the box becomes light yellow (instead of white) when I used the saved username that drops down.. 
 
6   I ran OTL and many things dont look right, including these host files(Ive never been on these websites). These may be from a program that one of your techs helped me with in May 2013. It puts these here to avoid ever going to these site. Does that sound possible?
 
 O1 HOSTS File: ([2014/04/16 01:08:32 | 000,449,906 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
 O1 - Hosts: 127.0.0.1 localhost
 O1 - Hosts: 127.0.0.1 www.007guard.com
 O1 - Hosts: 127.0.0.1 007guard.com
 O1 - Hosts: 127.0.0.1 008i.com
 O1 - Hosts: 127.0.0.1 www.008k.com
 O1 - Hosts: 127.0.0.1 008k.com
 O1 - Hosts: 127.0.0.1 www.00hq.com
 O1 - Hosts: 127.0.0.1 00hq.com
 O1 - Hosts: 127.0.0.1 010402.com
 O1 - Hosts: 127.0.0.1 www.032439.com
 O1 - Hosts: 127.0.0.1 032439.com
 O1 - Hosts: 127.0.0.1 www.0scan.com
 O1 - Hosts: 127.0.0.1 0scan.com
 O1 - Hosts: 127.0.0.1 1000gratisproben.com
 O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
 O1 - Hosts: 127.0.0.1 1001namen.com
 O1 - Hosts: 127.0.0.1 www.1001namen.com
 O1 - Hosts: 127.0.0.1 100888290cs.com
 O1 - Hosts: 127.0.0.1 www.100888290cs.com
 O1 - Hosts: 127.0.0.1 www.100sexlinks.com
 O1 - Hosts: 127.0.0.1 100sexlinks.com
 O1 - Hosts: 127.0.0.1 10sek.com
 O1 - Hosts: 127.0.0.1 www.10sek.com
 O1 - Hosts: 127.0.0.1 www.1-2005-search.com
 O1 - Hosts: 127.0.0.1 1-2005-search.com
 O1 - Hosts: 15470 more lines...
 
7. Also this doesnt seem right::
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
I know this is alot of problems and Im not sure if they could all be related. Perhaps I should post different problems in different forums, but Ill wait for your advice. 
Thank you for your help,
 
NoNo
 
Here is the DDS.txt log:
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16502
Run by gogo at 10:45:33 on 2014-06-02
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3002.1933 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
BHO: SDHelper: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdSync.exe
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.10.1.5 192.168.1.1
TCP: Interfaces\{C922B5CC-8097-4DF3-B14B-264696D80453} : DHCPNameServer = 10.10.1.5 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.114\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-15 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-15 174664]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-2-6 20624]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-17 368944]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-5-5 37352]
R1 MpKslea502b46;MpKslea502b46;c:\programdata\microsoft\microsoft antimalware\definition updates\{432af636-6844-4745-99dc-30722e1134c7}\MpKslea502b46.sys [2014-6-2 39464]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-17 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-17 66336]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-5-5 84744]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-1-16 418376]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-20 365952]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-20 193840]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-1-16 22856]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-9 765736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-8-13 105144]
S2 gupdate1ce11e97cd4f97c;Google Update Service (gupdate1ce11e97cd4f97c);c:\program files\google\update\GoogleUpdate.exe [2011-10-31 136176]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-1-16 701512]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-6-18 107392]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-8-12 295376]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-5-13 1103392]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-5-13 1369624]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-5-13 168384]
S3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [2012-6-16 404256]
S3 ssrangdr;ssrangdr;c:\windows\system32\drivers\ssrangdr.sys [2009-7-13 2560]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-8-13 770168]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-9-17 19968]
S4 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S4 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-3-17 513408]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?]
.
=============== Created Last 30 ================
.
2014-06-02 17:38:24 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{432af636-6844-4745-99dc-30722e1134c7}\MpKslea502b46.sys
2014-06-02 05:08:51 -------- d-----w- c:\users\gogo\appdata\roaming\DropboxMaster
2014-06-02 05:02:29 8073384 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{432af636-6844-4745-99dc-30722e1134c7}\mpengine.dll
2014-06-01 00:22:58 8073384 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-05-30 07:18:30 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f4d242a8-ad0f-41a8-bee2-6bd7176e9c33}\gapaengine.dll
2014-05-24 04:37:16 -------- d-----w- c:\program files\Microsoft Home Publishing 2000
2014-05-17 06:49:57 -------- d-----w- c:\users\gogo\appdata\local\Microsoft Help
2014-05-08 13:48:42 225656 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2014-05-06 19:46:08 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M  ====================
.
2014-03-11 20:07:42 4550656 ----a-w- c:\windows\system32\GPhotos.scr
.
============= FINISH: 10:46:42.47 ===============
 
Attach.txt log:
 
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 7/31/2009 10:32:58 AM
System Uptime: 6/2/2014 8:55:08 AM (2 hours ago)
.
Motherboard: Wistron |  | 360C
Processor: Intel® Core™2 Duo CPU     T6500  @ 2.10GHz | CPU | 2100/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 144.615 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.285 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1743: 5/17/2014 12:01:57 AM - Scheduled Checkpoint
RP1744: 5/18/2014 5:56:12 PM - Scheduled Checkpoint
RP1745: 5/19/2014 4:41:42 PM - Scheduled Checkpoint
RP1746: 5/20/2014 1:11:59 PM - Windows Update
RP1747: 5/21/2014 7:28:40 AM - Scheduled Checkpoint
RP1748: 5/21/2014 10:39:23 PM - Scheduled Checkpoint
RP1749: 5/23/2014 12:30:52 AM - Scheduled Checkpoint
RP1750: 5/23/2014 3:47:58 PM - Windows Update
RP1751: 5/23/2014 9:34:09 PM - Installed Microsoft Home Publishing 2000
RP1752: 5/23/2014 11:03:17 PM - Removed Java 7 Update 55
RP1753: 5/24/2014 11:23:02 AM - Scheduled Checkpoint
RP1754: 5/25/2014 12:00:14 AM - Scheduled Checkpoint
RP1755: 5/25/2014 7:08:57 PM - Scheduled Checkpoint
RP1756: 5/26/2014 5:49:27 PM - Windows Update
RP1757: 5/27/2014 5:16:53 PM - Scheduled Checkpoint
RP1758: 5/28/2014 9:47:52 AM - Scheduled Checkpoint
RP1759: 5/29/2014 12:00:07 AM - Scheduled Checkpoint
RP1760: 5/29/2014 8:37:08 PM - Restore Operation
RP1761: 5/30/2014 12:11:16 AM - Windows Update
RP1762: 5/30/2014 10:08:33 PM - Scheduled Checkpoint
RP1763: 5/31/2014 1:46:05 PM - Removed Skype™ 5.10
RP1764: 5/31/2014 1:48:10 PM - Removed The Sims 3
RP1765: 6/1/2014 10:27:33 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player
Adobe Shockwave Player 12.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Auslogics DiskDefrag
Bandizip
Bing Bar
Bing Rewards Client Installer
Bonjour
Cisco Connect
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink DVD Suite
CyberLink PhotoDirector 3
CyberLink YouCam
DFX
Don't Starve
Dropbox
EPSON Artisan 730 Series Printer Uninstall
Epson Connect
Epson Customer Participation
Epson Download Navigator
Epson Event Manager
Epson Print CD
EPSON Scan
EpsonNet Print
ESET Online Scanner v3
ESU for Microsoft Vista
FileHippo.com Update Checker
FUJIFILM MyFinePix Studio 2.0
Garry's Mod
Goat Simulator
Google Chrome
Google Drive
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Quick Launch Buttons 6.40 H2
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
Instant Housecall Remote Support
Intel® Graphics Media Accelerator Driver
Internet Explorer (Enable DEP)
iTunes
Java 7 Update 55
Java Auto Updater
LabelPrint
LightScribe System Software  1.14.17.1
LTCM Client
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1 RC
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
OGA Notifier 2.0.0048.0
Origin
Picasa 3
Pirate101
Pivot Animator version 4.1.10
Power2Go
PowerDirector
Primo
QuickTime 7
RAF
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
ROBLOX Player
ROBLOX Studio 2013
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
SpywareBlaster 5.0
Starbound
Steam
swMSM
Synaptics Pointing Device Driver
Terraria
Tweaking.com - Windows Repair (All in One)
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live ID Sign-in Assistant
Windows Live OneCare safety scanner
Wizard101
.
==== Event Viewer Messages From Past Week ========
.
6/2/2014 8:56:51 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/2/2014 8:55:55 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswSnx
6/2/2014 8:55:53 AM, Error: Service Control Manager [7001]  - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/2/2014 8:55:53 AM, Error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/2/2014 8:55:45 AM, Error: Microsoft-Windows-TaskScheduler [412]  - Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147549183. User Action: restart task scheduler service.
6/1/2014 9:52:24 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/29/2014 9:00:16 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.175.664.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10502.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
5/29/2014 8:49:16 PM, Error: Microsoft Antimalware [2004]  - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.   Signatures Attempted: Current   Error Code: 0x80070002   Error description: The system cannot find the file specified.   Signature version: 0.0.0.0;0.0.0.0   Engine version: 0.0.0.0
5/29/2014 8:33:36 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
5/29/2014 8:29:01 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Network Inspection System   Error Code: 0x80004004   Error description: Operation aborted   Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
5/29/2014 8:23:03 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
5/29/2014 8:22:37 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/29/2014 8:22:19 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
5/29/2014 8:22:10 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD aswRdr aswRvrt aswSnx aswSP aswTdi aswVmm avipbb avkmgr DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr ssmdrv Tcpip tdx Wanarpv6 ws2ifsl
5/29/2014 8:22:10 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
5/29/2014 8:22:10 PM, Error: Service Control Manager [7001]  - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
5/29/2014 8:22:10 PM, Error: Service Control Manager [7001]  - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error:  The dependency service or group failed to start.
5/29/2014 8:22:10 PM, Error: Service Control Manager [7001]  - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
5/29/2014 8:22:10 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
5/29/2014 8:22:10 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
5/29/2014 8:22:10 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
5/29/2014 8:22:10 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
5/29/2014 8:22:10 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error:  A device attached to the system is not functioning.
5/29/2014 8:22:10 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
5/29/2014 8:22:10 PM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
5/29/2014 8:22:10 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
5/29/2014 8:22:10 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
5/29/2014 8:22:10 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
5/29/2014 8:22:10 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
5/29/2014 8:22:10 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
5/29/2014 8:22:10 PM, Error: Service Control Manager [7001]  - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
5/29/2014 8:22:06 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/29/2014 8:22:05 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/29/2014 8:21:30 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/29/2014 8:21:30 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/29/2014 8:21:30 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/29/2014 8:21:26 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/29/2014 8:21:18 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/29/2014 8:21:01 PM, Error: EventLog [6008]  - The previous system shutdown at 4:17:27 PM on 5/29/2014 was unexpected.
5/29/2014 8:20:09 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:.
5/29/2014 11:31:21 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.175.664.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10502.0   Error code: 0x80072ee2   Error description: The operation timed out 
5/28/2014 8:15:06 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.
5/28/2014 2:26:45 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
5/28/2014 2:26:45 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/28/2014 2:26:45 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/27/2014 4:55:31 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
5/27/2014 4:55:31 PM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/27/2014 4:46:24 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Network Inspection service to connect.
5/27/2014 4:46:24 PM, Error: Service Control Manager [7000]  - The Microsoft Network Inspection service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
 
 

    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 10 June 2014 - 04:01 PM

Hi NoNo,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================

bullseye_zpse9eaf36e.gif Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply
=========================

In your next post please provide the following:
  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • FRST.txt
  • Addition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 10 June 2014 - 05:24 PM

Hi OCD- :adios:

You helped me last time. This is the link:  http://forums.whatth...127597&p=840215

 

I lost internet service and we were unable to finish the troubleshooting. I will run those scans right now and post logs later on today.

 

Thanks,

NoNo



#4 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 10 June 2014 - 07:17 PM

Hi- Here are the logs you requested.

 

checkup.txt:

 Results of screen317's Security Check version 0.99.78  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 SpywareBlaster 5.0    
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 55  
 Java version out of Date!
 Adobe Flash Player 11.8.800.168  
 Adobe Reader 9  
 Adobe Reader XI  
 Google Chrome 34.0.1847.131  
 Google Chrome 35.0.1916.114  
 Google Chrome winmm.dll..  
````````Process Check: objlist.exe by Laurent````````
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Spybot Teatimer.exe is disabled!
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1 % 
````````````````````End of Log``````````````````````
-------------------------------------------------------------------------------------------------------------------------
aswMBR.txt:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-06-10 16:59:01
-----------------------------
16:59:01.382    OS Version: Windows 6.0.6002 Service Pack 2
16:59:01.382    Number of processors: 2 586 0x170A
16:59:01.382    ComputerName: GOGO  UserName: gogo
16:59:03.113    Initialize success
17:06:00.729    AVAST engine defs: 14061002
17:08:14.468    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:08:14.468    Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OCA0G Size: 305245MB BusType: 3
17:08:14.593    Disk 0 MBR read successfully
17:08:14.593    Disk 0 MBR scan
17:08:14.593    Disk 0 unknown MBR code
17:08:14.609    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       294058 MB offset 2048
17:08:14.640    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        11183 MB offset 602232832
17:08:14.640    Disk 0 scanning sectors +625135616
17:08:14.671    Disk 0 scanning C:\Windows\system32\drivers
17:08:26.231    Service scanning
17:08:55.106    Modules scanning
17:09:05.979    Disk 0 trace - called modules:
17:09:06.011    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 
17:09:06.026    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8684d520]
17:09:06.026    3 CLASSPNP.SYS[832068b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x866acb98]
17:09:07.305    AVAST engine scan C:\Windows
17:09:11.424    AVAST engine scan C:\Windows\system32
17:13:02.772    AVAST engine scan C:\Windows\system32\drivers
17:13:21.929    AVAST engine scan C:\Users\gogo
17:36:03.029    AVAST engine scan C:\ProgramData
17:57:40.933    Scan finished successfully
17:58:27.889    Disk 0 MBR has been saved successfully to "C:\Users\gogo\Desktop\MBR.dat"
17:58:27.889    The log file has been saved successfully to "C:\Users\gogo\Desktop\aswMBR.txt"
-------------------------------------------------------------------------------------------------------------------------------
 
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-06-2014
Ran by gogo (administrator) on GOGO on 10-06-2014 16:49:07
Running from C:\Users\gogo\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Program Files\SMINST\BLService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation)
HKU\S-1-5-21-90010376-98873278-4205430638-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-90010376-98873278-4205430638-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk.disabled -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
GroupPolicyUsers\S-1-5-21-90010376-98873278-4205430638-1001\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: SDHelper - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 37 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.10.1.5 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,"");: user_pref("browser.search.order.1,"");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Users\gogo\Downloads\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @unity3d.com/UnityPlayer - C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Program Files\Roblox\Versions\version-bce30591d031432c\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\gogo\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\CONFLICT.1\npsoe.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\gogo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: No Name - C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2013-06-22]
FF Extension: ColorfulTabs - C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(235) [2013-07-30]
FF Extension: YouTube™ Anywhere Player - C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\Extensions\{c9d31470-81c6-4e3e-9a37-46eb9237ed3a} [2013-06-20]
FF Extension: Feedback - C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\Extensions\testpilot@labs.mozilla.com.xpi [2013-05-13]
FF Extension: Adblock Plus - C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
 
Chrome: 
=======
CHR HomePage: hxxp://bing.com/
CHR StartupUrls: "hxxp://www.bing.com/", "hxxp://www.my.msn.com/"
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultNewTabURL: 
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Roblox Launcher Plugin) - C:\Program Files\Roblox\Versions\version-bce30591d031432c\\NPRobloxProxy.dll ( ROBLOX Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\gogo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (SOE Web Installer) - C:\Users\gogo\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\CONFLICT.1\npsoe.dll ()
CHR Plugin: (Picasa) - C:\Users\gogo\Downloads\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-03-31]
CHR Extension: (Google Docs) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-11]
CHR Extension: (Google Drive) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-11]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2014-04-15]
CHR Extension: (Hidden Object Games from Big Fish Games) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimlkohpcpfkjdpcflnekhaecfhmcmnc [2014-03-31]
CHR Extension: (Google Search) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-11]
CHR Extension: (Find your way to Oz) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmbnhmcbgnenhcjpmgfhneiiamfijel [2014-03-31]
CHR Extension: (Rush Team) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecdnoeebfjlplfkljdedokbcmebojbpb [2014-03-31]
CHR Extension: (Mahjongg) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop [2014-03-31]
CHR Extension: (Causality Games) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2014-03-31]
CHR Extension: (Songza) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikbbcifofebbnlfffhdlolcgjnleofo [2014-03-30]
CHR Extension: (Planetarium) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2014-03-31]
CHR Extension: (Cargo Bridge: Armor Games Edition) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj [2014-03-31]
CHR Extension: (iPiccy Photo Editor) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2014-03-31]
CHR Extension: (Legend Of The Golden Mask) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\janlcfemglecoedjapgofmobnokdpaan [2014-05-07]
CHR Extension: (Roomstyler 3D planner) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi [2014-03-31]
CHR Extension: (City Sights - Hello Seattle!) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jihilfhlglomedabonpgmihgbicgpilk [2014-03-31]
CHR Extension: (Autodesk Homestyler) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2014-03-31]
CHR Extension: (Cargo Bridge) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn [2014-03-31]
CHR Extension: (Meme Generator) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcohkjejibbohjcejckhdnkfceagebc [2014-03-31]
CHR Extension: (Quick Earth) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\khodocggeplgfhppgagfdpbjkniadmdh [2014-03-31]
CHR Extension: (CanvasDraw) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfimpamngmggpbamfoomdpebdoleghe [2014-03-31]
CHR Extension: (Little Alchemy) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-03-31]
CHR Extension: (Build with Chrome) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2014-03-31]
CHR Extension: (Planner 5D) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2014-03-31]
CHR Extension: (3D Solar System Web) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaaepplopehigjgkolniddiadbbkphd [2014-03-31]
CHR Extension: (Google Play Books) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-03-31]
CHR Extension: (ROBLOX Outfit Saver Extension) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpaohnjlgfabcooefhihmafmdcbliakf [2014-03-31]
CHR Extension: (Anatronica - 3D Interactive Anatomy) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nalpooddpdnhjicpjgnhaihnnfnmbpee [2014-03-31]
CHR Extension: (Cargo Bridge: Xmas level pack) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdcclndkdgngndhjfccoabooegcgamk [2014-03-31]
CHR Extension: (BeGone) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfpieflbjbdpgklkeolbmbdkfdiicfk [2014-03-31]
CHR Extension: (Google Wallet) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR Extension: (First Person Pacman) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\npalfjppngmabdkpnlbibhmahbbkgobm [2014-03-30]
CHR Extension: (Origami Player) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiomepakkenneiifjocbinkmmampfbdn [2014-03-31]
CHR Extension: (ArcadeFrontier) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl [2014-05-25]
CHR Extension: (Bullet Physics NaCl Test) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgehkhceingafmkkmbeoempaablkkeal [2014-03-31]
CHR Extension: (Psykopaint) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2014-03-31]
CHR Extension: (Mysteriez!) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\phhpkfchfjfeicikkkajdojpjkapdpnd [2014-03-31]
CHR Extension: (Gmail) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-11]
CHR Extension: (Anatomicus - Human Anatomy Atlas) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkgfngehhjplndcgejapgknnjpdgfpag [2014-03-31]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
S4 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S4 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [513408 2011-03-17] (SEIKO EPSON CORPORATION)
S2 gupdate1ce11e97cd4f97c; C:\Program Files\Google\Update\GoogleUpdate.exe [136176 2011-10-31] (Google Inc.)
S3 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-08-12] (Microsoft Corporation)
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
S4 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S4 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2013-05-01] (AVAST Software)
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [20624 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [49760 2013-05-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2013-05-01] ()
S1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [765736 2013-05-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [368944 2013-05-01] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2013-05-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [174664 2013-05-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-05-05] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 SRS_AE_Service; C:\Windows\System32\drivers\SRS_AE_i386.sys [404256 2011-08-01] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-05-05] (Avira GmbH)
S3 ssrangdr; C:\Windows\System32\DRIVERS\ssrangdr.sys [2560 2009-07-13] (SupportSoft Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-20] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\gogo\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U2 TMAgent; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-10 16:49 - 2014-06-10 16:49 - 00024300 _____ () C:\Users\gogo\Desktop\FRST.txt
2014-06-10 16:49 - 2014-06-10 16:49 - 00000000 ____D () C:\FRST
2014-06-10 16:47 - 2014-06-10 16:47 - 00001295 _____ () C:\Users\gogo\Desktop\checkup.txt
2014-06-10 16:15 - 2014-06-10 16:15 - 01072640 _____ (Farbar) C:\Users\gogo\Desktop\FRST.exe
2014-06-04 22:44 - 2014-06-04 22:45 - 00388608 _____ (Trend Micro Inc.) C:\Users\gogo\Desktop\HijackThis.exe
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 ____D () C:\Users\gogo\Documents\ProcAlyzer Dumps
2014-06-02 10:46 - 2014-06-05 22:57 - 00020822 _____ () C:\Users\gogo\Desktop\attach.txt
2014-06-02 10:46 - 2014-06-02 10:46 - 00011087 _____ () C:\Users\gogo\Desktop\dds.txt
2014-06-02 10:44 - 2014-06-02 10:44 - 00006894 _____ () C:\Users\gogo\Desktop\hijackthis.log
2014-06-02 00:48 - 2014-06-02 00:48 - 00688992 ____R (Swearware) C:\Users\gogo\Desktop\dds.scr
2014-06-01 22:08 - 2014-06-02 09:08 - 00000000 ____D () C:\Users\gogo\AppData\Roaming\DropboxMaster
2014-05-23 21:37 - 2014-05-23 22:19 - 00000000 ____D () C:\Program Files\Microsoft Home Publishing 2000
2014-05-16 23:49 - 2014-05-16 23:49 - 00000000 ____D () C:\Users\gogo\AppData\Local\Microsoft Help
 
==================== One Month Modified Files and Folders =======
 
2014-06-10 16:49 - 2014-06-10 16:49 - 00024300 _____ () C:\Users\gogo\Desktop\FRST.txt
2014-06-10 16:49 - 2014-06-10 16:49 - 00000000 ____D () C:\FRST
2014-06-10 16:49 - 2014-01-23 19:51 - 00000000 ____D () C:\Users\gogo\AppData\Local\temp
2014-06-10 16:47 - 2014-06-10 16:47 - 00001295 _____ () C:\Users\gogo\Desktop\checkup.txt
2014-06-10 16:39 - 2009-04-20 05:16 - 00000000 ____D () C:\ProgramData\Temp
2014-06-10 16:37 - 2009-07-31 10:32 - 01936393 _____ () C:\Windows\WindowsUpdate.log
2014-06-10 16:15 - 2014-06-10 16:15 - 01072640 _____ (Farbar) C:\Users\gogo\Desktop\FRST.exe
2014-06-10 16:11 - 2014-01-20 15:47 - 00000000 ____D () C:\Users\gogo\Desktop\Security 2014
2014-06-10 13:09 - 2013-05-13 19:54 - 00000620 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-06-10 13:09 - 2011-10-31 11:19 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-10 13:09 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-10 13:09 - 2006-11-02 05:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 13:09 - 2006-11-02 05:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 00:37 - 2006-11-02 06:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-09 23:48 - 2013-05-13 19:52 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-06-05 22:57 - 2014-06-02 10:46 - 00020822 _____ () C:\Users\gogo\Desktop\attach.txt
2014-06-04 22:45 - 2014-06-04 22:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\gogo\Desktop\HijackThis.exe
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 ____D () C:\Users\gogo\Documents\ProcAlyzer Dumps
2014-06-04 01:27 - 2013-05-13 19:54 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-06-03 00:36 - 2013-05-07 22:30 - 00000000 ____D () C:\Users\gogo\Documents\NoNo
2014-06-02 10:46 - 2014-06-02 10:46 - 00011087 _____ () C:\Users\gogo\Desktop\dds.txt
2014-06-02 10:44 - 2014-06-02 10:44 - 00006894 _____ () C:\Users\gogo\Desktop\hijackthis.log
2014-06-02 09:08 - 2014-06-01 22:08 - 00000000 ____D () C:\Users\gogo\AppData\Roaming\DropboxMaster
2014-06-02 09:08 - 2013-01-20 01:40 - 00000000 ___RD () C:\Users\gogo\Dropbox
2014-06-02 09:08 - 2013-01-20 00:46 - 00000000 ____D () C:\Users\gogo\AppData\Roaming\Dropbox
2014-06-02 00:51 - 2013-04-19 09:50 - 00000000 ____D () C:\Users\gogo\Desktop\Security 2013
2014-06-02 00:48 - 2014-06-02 00:48 - 00688992 ____R (Swearware) C:\Users\gogo\Desktop\dds.scr
2014-06-01 22:16 - 2009-08-28 18:57 - 00146944 _____ () C:\Users\gogo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-01 22:08 - 2013-01-20 01:40 - 00000950 _____ () C:\Users\gogo\Desktop\Dropbox.lnk
2014-06-01 22:08 - 2013-01-20 00:58 - 00000000 ____D () C:\Users\gogo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-31 14:15 - 2014-01-23 19:51 - 00000000 ____D () C:\Users\Kids\AppData\Local\temp
2014-05-31 13:48 - 2009-04-20 04:11 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-31 13:47 - 2010-07-21 23:47 - 00000000 ____D () C:\ProgramData\Skype
2014-05-31 13:46 - 2010-07-25 17:09 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Skype
2014-05-31 13:46 - 2010-07-21 23:47 - 00000000 ___RD () C:\Program Files\Skype
2014-05-31 09:40 - 2006-11-02 03:23 - 00000203 _____ () C:\Windows\win.ini
2014-05-31 09:39 - 2011-06-17 14:15 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-05-31 08:57 - 2009-08-27 18:08 - 00078192 _____ () C:\Users\Kids\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-30 01:14 - 2013-05-13 19:54 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-29 23:29 - 2009-08-19 14:50 - 00078192 _____ () C:\Users\gogo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-29 20:49 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-05-29 20:48 - 2006-11-02 03:22 - 57933824 _____ () C:\Windows\system32\config\software_previous
2014-05-29 20:48 - 2006-11-02 03:22 - 40108032 _____ () C:\Windows\system32\config\components_previous
2014-05-29 20:48 - 2006-11-02 03:22 - 31719424 _____ () C:\Windows\system32\config\system_previous
2014-05-29 20:48 - 2006-11-02 03:22 - 05242880 _____ () C:\Windows\system32\config\default_previous
2014-05-29 20:48 - 2006-11-02 03:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-05-29 20:48 - 2006-11-02 03:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-05-29 20:44 - 2014-05-06 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-29 20:44 - 2014-04-05 23:55 - 00000000 ____D () C:\Program Files\Steam
2014-05-29 20:44 - 2014-04-05 23:55 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-05-29 20:44 - 2013-10-21 06:13 - 00000000 ____D () C:\ProgramData\Pivot Animator
2014-05-29 20:44 - 2013-10-03 16:17 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-29 20:44 - 2013-05-13 19:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-29 20:44 - 2013-05-13 19:52 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-29 20:44 - 2011-10-31 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-29 20:44 - 2009-08-27 18:07 - 00000000 ____D () C:\Users\Kids
2014-05-29 20:44 - 2009-08-19 14:46 - 00000000 ____D () C:\Users\gogo
2014-05-29 20:44 - 2009-04-20 05:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-05-29 20:44 - 2009-04-20 04:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2014-05-29 20:44 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\system32\spool
2014-05-29 20:43 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\registration
2014-05-28 14:27 - 2014-04-07 13:21 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-23 22:19 - 2014-05-23 21:37 - 00000000 ____D () C:\Program Files\Microsoft Home Publishing 2000
2014-05-23 22:00 - 2014-01-06 08:52 - 00000000 ____D () C:\Users\gogo\Documents\Gabriel
2014-05-23 21:38 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Help
2014-05-23 21:38 - 2006-11-02 04:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-05-19 16:29 - 2014-04-30 14:21 - 00000000 ____D () C:\Users\Kids\Desktop\ATL
2014-05-16 23:50 - 2009-04-20 05:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 23:49 - 2014-05-16 23:49 - 00000000 ____D () C:\Users\gogo\AppData\Local\Microsoft Help
2014-05-11 18:38 - 2013-02-02 01:40 - 00000000 ____D () C:\Users\Kids\PSP
 
Files to move or delete:
====================
C:\Users\gogo\jagex_runescape_preferences.dat
C:\Users\gogo\jagex_runescape_preferences2.dat
 
 
Some content of TEMP:
====================
C:\Users\gogo\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyjy7so.dll
C:\Users\gogo\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-10 13:15
 
==================== End Of Log ============================
----------------------------------------------------------------------------------------------------------------
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-06-2014
Ran by gogo at 2014-06-10 16:49:47
Running from C:\Users\gogo\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 1.1.18.0 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.168 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 7.7 - Atheros)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.4.2.0 - Auslogics Labs Pty Ltd)
Bandizip (HKCU\...\Bandizip) (Version: 3.09 - Bandisoft.com)
Bing Bar (HKLM\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.4.12263.1 - Cisco Consumer Products LLC)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.1.0 - Conexant)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2203 - CyberLink Corp.)
CyberLink DVD Suite (Version: 6.0.2203 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 3 (HKLM\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3618 - CyberLink Corp.)
CyberLink PhotoDirector 3 (Version: 3.0.3618 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2328 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.2328 - CyberLink Corp.) Hidden
DFX (HKLM\...\DFX) (Version: 10.137.0.0 - Power Technology)
Don't Starve (HKLM\...\Steam App 219740) (Version:  - Klei Entertainment)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
EPSON Artisan 730 Series Printer Uninstall (HKLM\...\EPSON Artisan 730 Series) (Version:  - SEIKO EPSON Corporation)
Epson Connect (HKLM\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.05.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
FUJIFILM MyFinePix Studio 2.0 (HKLM\...\FinePix Genie_is1) (Version:  - )
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Goat Simulator (HKLM\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Drive (HKLM\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.5723 - Hewlett-Packard)
HP Help and Support (HKLM\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.3.0 - Hewlett-Packard Company)
HP Quick Launch Buttons 6.40 H2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard)
HP Total Care Advisor (HKLM\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.4941.2798 - Hewlett-Packard)
HP Total Care Setup (HKLM\...\{38058455-8C21-4C2F-B2F6-14ED166039CB}) (Version: 1.1.1983.2818 - Hewlett-Packard Company)
HP Update (HKLM\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)
HP User Guides 0118 (HKLM\...\{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.0.7 - Hewlett-Packard) Hidden
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
Instant Housecall Remote Support (HKLM\...\Instant Housecall) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
iTunes (HKLM\...\{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}) (Version: 9.0.2.25 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0926 - CyberLink Corp.)
LabelPrint (Version: 2.5.0926 - CyberLink Corp.) Hidden
LightScribe System Software  1.14.17.1 (HKLM\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
LTCM Client (HKLM\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC (Version: 4.5.50861 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.3.0219.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.219.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Origin (HKLM\...\Origin) (Version: 8.3.7.3619 - Electronic Arts, Inc.)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pirate101 (HKLM\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Pivot Animator version 4.1.10 (HKLM\...\Pivot Animator_is1) (Version: 4.1.10 - Motus Software Ltd)
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2202 - CyberLink Corp.)
Power2Go (Version: 6.0.2202 - CyberLink Corp.) Hidden
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2201 - CyberLink Corp.)
PowerDirector (Version: 7.0.2201 - CyberLink Corp.) Hidden
Primo (Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RAF (HKLM\...\{E6B43401-E818-4961-AFED-118DD8E87642}) (Version: 1.00.0001 - FUJIFILM Corporation)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
ROBLOX Player (HKLM\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 (HKLM\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Starbound (HKLM\...\Steam App 211820) (Version:  - )
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.18 - Tweaking.com)
Unity Web Player (HKLM\...\UnityWebPlayer) (Version: 2.5.1f5_24931 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2836940) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live OneCare safety scanner (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Wizard101 (HKLM\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
 
==================== Restore Points  =========================
 
23-05-2014 22:47:58 Windows Update
24-05-2014 04:34:09 Installed Microsoft Home Publishing 2000
24-05-2014 06:03:17 Removed Java 7 Update 55
24-05-2014 18:23:02 Scheduled Checkpoint
25-05-2014 07:00:14 Scheduled Checkpoint
26-05-2014 02:08:57 Scheduled Checkpoint
27-05-2014 00:49:27 Windows Update
28-05-2014 00:16:53 Scheduled Checkpoint
28-05-2014 16:47:52 Scheduled Checkpoint
29-05-2014 07:00:07 Scheduled Checkpoint
30-05-2014 03:37:08 Restore Operation
30-05-2014 07:11:16 Windows Update
31-05-2014 05:08:33 Scheduled Checkpoint
31-05-2014 20:46:05 Removed Skype™ 5.10
31-05-2014 20:48:10 Removed The Sims 3
02-06-2014 05:27:33 Scheduled Checkpoint
03-06-2014 05:25:16 Scheduled Checkpoint
03-06-2014 05:34:46 Windows Update
04-06-2014 02:59:56 Scheduled Checkpoint
05-06-2014 03:58:46 Scheduled Checkpoint
06-06-2014 05:01:50 Scheduled Checkpoint
07-06-2014 05:07:34 Windows Update
07-06-2014 19:18:55 Scheduled Checkpoint
08-06-2014 23:54:06 Scheduled Checkpoint
09-06-2014 21:21:07 Scheduled Checkpoint
10-06-2014 20:41:44 Scheduled Checkpoint
10-06-2014 23:00:03 Windows Update
 
==================== Hosts content: ==========================
 
2006-11-02 03:23 - 2014-04-16 01:08 - 00449906 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0990F3C9-C12F-4225-8A4E-2FA726BF1259} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {0D45B17E-3939-4126-9273-95C41DD3E7CF} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {176B70BC-F8C2-4E88-BEBA-2AA3056A0B97} - System32\Tasks\HPCeeScheduleForKids => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {1B39D9D6-06DF-44D2-8B23-F57913375A5C} - System32\Tasks\{2CC1AD11-B2AF-4307-A3D8-2BE3041BF0E7} => Iexplore.exe http://ui.skype.com/...e=tsProgressBar
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {24455800-B29E-44FB-A6AF-F87CE78DD7BC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-90010376-98873278-4205430638-1000UA => C:\Users\gogo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {384912DF-AAE1-47D0-8F07-6995AF9B14F6} - System32\Tasks\{73C66FC9-E3CE-4661-9DB8-C78E1EF8337B} => C:\Program Files\Skype\Phone\Skype.exe
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {50155478-1807-40AC-BCB8-111A524C1489} - System32\Tasks\Microsoft\Windows\RestartManager\{0FE6708B-B25F-4093-A506-2493531C679D} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {5CF98E48-AE84-4D56-B92A-083F14F7CF58} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {5E58B69B-DB70-4D30-A63D-3E570D197FE7} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Daisy => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-10] (Microsoft Corporation)
Task: {65D462A7-C925-4A93-B7CC-649E14787B51} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {773B05BD-380C-4BA9-BE69-499349EF8401} - System32\Tasks\{D9781CE2-DDD5-49E0-86F7-DC561F21F110} => Firefox.exe http://ui.skype.com/...;page=tsInstall
Task: {7A70FABD-76D4-4F20-8997-0E33742D73BC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {7EFC77CF-3A3F-44BA-9011-20640B117996} - System32\Tasks\{F43187E0-C22B-41F3-8D30-8E902F2FC59F} => Iexplore.exe http://ui.skype.com/...e=tsProgressBar
Task: {A0A19FFC-C289-4596-8308-6ED128D39504} - System32\Tasks\{BD791FFC-E3BE-43D4-B04B-8533D805EA1F} => Iexplore.exe http://ui.skype.com/...led;madedefault
Task: {A2B80266-552F-4AB3-A1EA-B63B300D9A8A} - System32\Tasks\{47F92AB0-1C90-43A4-A955-EFD7EA9286F2} => Iexplore.exe http://ui.skype.com/...;alreadyoffered
Task: {A61A20C2-0B08-4205-9672-B0296FF919F7} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {AD808393-9B14-433D-8AF7-139331640C88} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-90010376-98873278-4205430638-1000Core => C:\Users\gogo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {AF85EB61-8126-4A96-A81B-E2B57DCEB0AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-30] (Adobe Systems Incorporated)
Task: {BA764AAA-5C1D-4110-B008-90851C3A279B} - System32\Tasks\{D0CC3C9C-8DD9-4590-B0DA-688718B0B53E} => Iexplore.exe http://ui.skype.com/...led;madedefault
Task: {C2EDF72F-2EBC-4F15-9BD4-D558A6DB1396} - System32\Tasks\FileCure Default => C:\Program Files\ParetoLogic\FileCure\FileCure.exe
Task: {C9AA6220-D059-48E1-A322-4596DF3CABDF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-31] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {EAB1E20C-69E1-43C6-B9F1-2AB8231FA0F2} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {EF36320F-3A91-46F4-8913-055A46EA481D} - System32\Tasks\{27821713-3A25-4159-BC48-93B6A15C0729} => Iexplore.exe http://ui.skype.com/...;alreadyoffered
Task: {FC17B86B-F6A0-4D72-924A-6C31A30F5C0E} - System32\Tasks\{F9830058-08BC-4981-BA85-21DF1580AAF8} => Iexplore.exe http://ui.skype.com/...;alreadyoffered
Task: {FC405E91-4863-4ADE-9B53-B3D791FFC9AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-31] (Google Inc.)
Task: {FDA2B530-1AB3-4A8B-AD88-2151DEF4DE4C} - System32\Tasks\{C4186231-FC0D-4C99-99DD-49C9FF6C0E2F} => Iexplore.exe http://ui.skype.com/...;alreadyoffered
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKids.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-04-20 05:31 - 2008-10-06 09:54 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe
2009-04-20 05:31 - 2008-10-06 09:54 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll
2013-05-13 19:54 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-05-13 19:54 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-05-13 19:54 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-05-13 19:54 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-05-13 19:54 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:7757A6D4
AlternateDataStreams: C:\ProgramData\Temp:AA6C7C38
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BBSvc => 2
MSCONFIG\Services: EpsonCustomerParticipation => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DFX.lnk => C:\Windows\pss\DFX.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^gogo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^gogo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPAdvisor => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
MSCONFIG\startupreg: hpWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: LTCM Client => C:\Program Files\LTCM Client\ltcmClient.exe /startup
MSCONFIG\startupreg: QPService => "C:\Program Files\HP\QuickPlay\QPService.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDIRShortCut => "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/08/2014 07:20:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x03cf0fef,
process id 0xd54, application start time 0xExplorer.EXE0.
 
Error: (06/04/2014 10:32:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDTools.exe version 2.0.12.150 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 148c
Start Time: 01cf807ce70f3fbd
Termination Time: 9
 
Error: (06/02/2014 11:06:46 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (06/02/2014 11:06:46 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4
 
Error: (05/31/2014 02:07:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16502 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1160
Start Time: 01cf7d142de74a36
Termination Time: 16
 
Error: (05/31/2014 02:06:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16502 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: c88
Start Time: 01cf7d12d16aac86
Termination Time: 16
 
Error: (05/31/2014 09:46:42 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\KIDS\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZLQ0FZ3Q\ASSET[1]> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (05/31/2014 09:45:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 35.0.1916.114, time stamp 0x53726019, faulting module chrome.dll, version 35.0.1916.114, time stamp 0x53725d18, exception code 0x80000003, fault offset 0x004761eb,
process id 0x1080, application start time 0xchrome.exe0.
 
Error: (05/31/2014 09:39:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 35.0.1916.114, time stamp 0x53726019, faulting module chrome.dll, version 35.0.1916.114, time stamp 0x53725d18, exception code 0xc0000005, fault offset 0x00728bc8,
process id 0x113c, application start time 0xchrome.exe0.
 
Error: (05/31/2014 09:39:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 35.0.1916.114, time stamp 0x53726019, faulting module chrome.dll, version 35.0.1916.114, time stamp 0x53725d18, exception code 0x80000003, fault offset 0x004761eb,
process id 0x113c, application start time 0xchrome.exe0.
 
 
System errors:
=============
Error: (06/10/2014 01:19:29 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.175.1689.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.3.0219.00
 
Source Path: 4.3.0219.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (06/10/2014 01:10:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/10/2014 01:10:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (06/10/2014 01:09:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: aswSnx
 
Error: (06/10/2014 01:09:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Internet Connection Sharing (ICS)Remote Access Connection Manager%%1058
 
Error: (06/10/2014 01:09:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (06/10/2014 01:09:15 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: 2147549183
 
Error: (06/09/2014 10:24:46 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000stisvc
 
Error: (06/09/2014 08:38:47 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.175.1689.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.3.0219.00
 
Source Path: 4.3.0219.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (06/09/2014 01:50:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-03-30 02:58:26.284
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-30 02:58:25.968
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-04 02:21:24.985
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-04 02:21:24.746
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-04 02:19:45.851
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-04 02:19:45.619
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-04 02:19:25.528
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-04 02:19:25.299
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-04 02:15:07.336
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-04 02:15:07.111
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 48%
Total physical RAM: 3002.45 MB
Available physical RAM: 1534.05 MB
Total Pagefile: 6233.14 MB
Available Pagefile: 5133.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.42 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:287.17 GB) (Free:144.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.92 GB) (Free:1.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 33957100)
Partition 1: (Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
--------------------------------------------------------------------------------------------------------------------
MBR.zip attached
 
Attached File  MBR.zip   545bytes   60 downloads
 
 
 
 
 


#5 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 11 June 2014 - 12:03 AM

Hi NoNo,

Just to answer a few of your initial comments from your opening post.
  • Files listed in Winsock are fine
  • The items listed in the Host File is normal
  • We will address the Windows Update issue when we get the computer clean.
=========================

Have you run ComboFix recently?

=========================

bullseye_zpse9eaf36e.gif Reset Internet Explorer

Go to the Start menu > Control Panel > Look in the upper right hand corner and make sure the "Category" drop down menu says Small or Large Icons
Locate Internet Options > Advanced tab > Reset button at the bottom of the menu.

=========================

bullseye_zpse9eaf36e.gif Delete cache and other browser data in Chrome
  • Click the Chrome menu chromebrowsertoolbar.png on the browser toolbar.
  • Select Tools.
  • Select Clear browsing data.
  • In the dialogue that appears, select the highlighted check-boxes for the types of information that you want to remove.
    • Clear browsing history
    • Clear download history
    • Empty the cache
    • Delete cookies and other site and plug-in data
    • Clear saved passwords
    • Clear saved Auto-fill form data
    • Clear data from hosted apps
    • De-authorize content licenses
  • Use the menu at the top to select the amount of data that you want to delete. Select beginning of time to delete everything.
  • Click Clear browsing data.
=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S4 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [X]
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

bullseye_zpse9eaf36e.gif RogueKiller

Download to your desktop RogueKiller (by tigzy)

RogueKiller_zps5799200f.gif
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Quit all programs
  • Wait until Prescan has finished ...
  • Click on Scan, Do Not Fix Anything at this point.
  • Click the Report button, save the report to your desktop
=========================

bullseye_zpse9eaf36e.gif Please download AdwCleaner by Xplode and save to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a log file (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of all log files are saved in the C:\AdwCleaner folder which was created when running the tool.
=========================

In your next post please provide the following:
  • Fixlog.txt
  • RogueKiller log
  • AdwCleaner[R0].txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#6 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 13 June 2014 - 11:16 PM

Hi-

I have not run OCD since Jan.

AdwCleaner only took 2 minutes to complete. You had said it could take some time, so I thought you should know.

Here are the logs you requested:

 

Fixlog.txt-

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:11-06-2014

Ran by gogo at 2014-06-13 21:44:06 Run:1
Running from C:\Users\gogo\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S4 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [X]
*****************
 
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
McAfee SiteAdvisor Service => Service deleted successfully.
 
==== End of Fixlog ====
-------------------------------------------------------------------------------------------------------------------------------
RougeKiller-
RogueKiller V9.0.2.0 [Jun  3 2014] by Adlice Software
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : gogo [Admin rights]
Mode : Scan -- Date : 06/13/2014  21:51:57
 
¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] explorer.exe -- C:\Users\gogo\AppData\Local\Bandizip\bdzshl32.dll[7] -> UNLOADED
 
¤¤¤ Registry Entries : 15 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme -> FOUND
[Root.Necurs] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gupdate1ce11e97cd4f97c -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme -> FOUND
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate1ce11e97cd4f97c -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme -> FOUND
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gupdate1ce11e97cd4f97c -> FOUND
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Desktop] HKEY_USERS\S-1-5-21-90010376-98873278-4205430638-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-90010376-98873278-4205430638-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-90010376-98873278-4205430638-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-90010376-98873278-4205430638-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> FOUND
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-90010376-98873278-4205430638-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-90010376-98873278-4205430638-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 8 ¤¤¤
[SSDT:Addr] NtCreateSection[75] : Unknown @ 0x8c8d3ad6
[SSDT:Addr] NtRequestWaitReplyPort[276] : Unknown @ 0x8c8d3ae0
[SSDT:Addr] NtSetContextThread[289] : Unknown @ 0x8c8d3adb
[SSDT:Addr] NtSetSecurityObject[314] : Unknown @ 0x8c8d3ae5
[SSDT:Addr] NtSystemDebugControl[332] : Unknown @ 0x8c8d3aea
[SSDT:Addr] NtTerminateProcess[334] : Unknown @ 0x8c8d3a77
[ShwSSDT:Addr] NtUserSetWindowsHookEx[573] : Unknown @ 0x8c8d3afe
[ShwSSDT:Addr] NtUserSetWinEventHook[576] : Unknown @ 0x8c8d3b03
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545032B9A300 ATA Device +++++
--- User ---
[MBR] 9405e584f848ec74f900fa8b4320c9e6
[BSP] 39522565e9bcb1711b03147ba1d55482 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 294058 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 602232832 | Size: 11183 MB
User = LL1 ... OK
User = LL2 ... OK
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
AdwCleaner-
# AdwCleaner v3.212 - Report created 13/06/2014 at 21:57:23
# Updated 05/06/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : gogo - GOGO
# Running from : C:\Users\gogo\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\ProgramData\FileCure
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16502
 
 
-\\ Mozilla Firefox v23.0 (en-US)
 
[ File : C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\prefs.js ]
 
 
[ File : C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\c2cjdqpi.default\prefs.js ]
 
 
-\\ Google Chrome v35.0.1916.114
 
[ File : C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3875 octets] - [08/01/2014 08:53:23]
AdwCleaner[R1].txt - [1078 octets] - [13/06/2014 21:57:23]
AdwCleaner[S0].txt - [4026 octets] - [08/01/2014 08:58:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1198 octets] ##########
------------------------------------------------------------------------------------------------------------------------------------------------------------
 
Thank you,
NoNo


#7 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 14 June 2014 - 12:01 AM

Hi NoNo,

I asked about ComboFix, not OTL. Have you run ComboFix recently?

bullseye_zpse9eaf36e.gif Re-run RogueKiller

Right click and select "Run as Administrator"
  • Quit all programs
  • Wait until Prescan has finished ...
  • Click on Scan.
  • After the scan has completed click on the Registry tab
  • Wait until the Status box shows "Scan Finished"
  • Click the Delete button
  • Wait until the Status box shows "Deleting Finished"
  • Click the Report button, save the report to your desktop
=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

In your next post please provide the following:
  • RogueKiller log
  • New FRST.txt
  • How is the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#8 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 15 June 2014 - 12:00 AM

Hi- Last time I ran ComboFix was also in Jan 2014. The logs you requested are below. I will reply later on tonight, after I have used the computer and can let you know how it is running.

 

RogueKiller: 

RogueKiller V9.0.2.0 [Jun  3 2014] by Adlice Software

 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : gogo [Admin rights]
Mode : Remove -- Date : 06/14/2014  22:38:07
 
¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] explorer.exe -- C:\Users\gogo\AppData\Local\Bandizip\bdzshl32.dll[7] -> UNLOADED
 
¤¤¤ Registry Entries : 15 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme -> NOT SELECTED
[Root.Necurs] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gupdate1ce11e97cd4f97c -> DELETED
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme -> NOT SELECTED
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate1ce11e97cd4f97c -> DELETED
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme -> NOT SELECTED
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gupdate1ce11e97cd4f97c -> DELETED
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Desktop] HKEY_USERS\S-1-5-21-90010376-98873278-4205430638-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> NOT SELECTED
[PUM.StartMenu] HKEY_USERS\S-1-5-21-90010376-98873278-4205430638-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> NOT SELECTED
[PUM.StartMenu] HKEY_USERS\S-1-5-21-90010376-98873278-4205430638-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> NOT SELECTED
[PUM.StartMenu] HKEY_USERS\S-1-5-21-90010376-98873278-4205430638-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> NOT SELECTED
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-90010376-98873278-4205430638-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-90010376-98873278-4205430638-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> NOT SELECTED
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 123 ¤¤¤
[SSDT:Addr] NtCreateSection[75] : Unknown @ 0x8c8a8f36
[SSDT:Addr] NtRequestWaitReplyPort[276] : Unknown @ 0x8c8a8f40
[SSDT:Addr] NtSetContextThread[289] : Unknown @ 0x8c8a8f3b
[SSDT:Addr] NtSetSecurityObject[314] : Unknown @ 0x8c8a8f45
[SSDT:Addr] NtSystemDebugControl[332] : Unknown @ 0x8c8a8f4a
[SSDT:Addr] NtTerminateProcess[334] : Unknown @ 0x8c8a8ed7
[ShwSSDT:Addr] NtUserSetWindowsHookEx[573] : Unknown @ 0x8c8a8f5e
[ShwSSDT:Addr] NtUserSetWinEventHook[576] : Unknown @ 0x8c8a8f63
[EAT:Addr] (explorer.exe) MSIMG32.dll - AddGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x752e152c
[EAT:Addr] (explorer.exe) MSIMG32.dll - AttachWndProcA : C:\Windows\system32\DUser.dll @ 0x752ec80a
[EAT:Addr] (explorer.exe) MSIMG32.dll - AttachWndProcW : C:\Windows\system32\DUser.dll @ 0x752ddd2c
[EAT:Addr] (explorer.exe) MSIMG32.dll - AutoTrace : C:\Windows\system32\DUser.dll @ 0x752e7041
[EAT:Addr] (explorer.exe) MSIMG32.dll - BeginTransition : C:\Windows\system32\DUser.dll @ 0x752ec9a7
[EAT:Addr] (explorer.exe) MSIMG32.dll - BuildAnimation : C:\Windows\system32\DUser.dll @ 0x752e1135
[EAT:Addr] (explorer.exe) MSIMG32.dll - BuildDropTarget : C:\Windows\system32\DUser.dll @ 0x752e7131
[EAT:Addr] (explorer.exe) MSIMG32.dll - BuildInterpolation : C:\Windows\system32\DUser.dll @ 0x752e118c
[EAT:Addr] (explorer.exe) MSIMG32.dll - CreateAction : C:\Windows\system32\DUser.dll @ 0x752d7339
[EAT:Addr] (explorer.exe) MSIMG32.dll - CreateGadget : C:\Windows\system32\DUser.dll @ 0x752d5197
[EAT:Addr] (explorer.exe) MSIMG32.dll - CreateTransition : C:\Windows\system32\DUser.dll @ 0x752ec83a
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserBuildGadget : C:\Windows\system32\DUser.dll @ 0x752eb7e8
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserCastClass : C:\Windows\system32\DUser.dll @ 0x752ec776
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserCastDirect : C:\Windows\system32\DUser.dll @ 0x752ec7b9
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserCastHandle : C:\Windows\system32\DUser.dll @ 0x752eb81e
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserDeleteGadget : C:\Windows\system32\DUser.dll @ 0x752eb9c1
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserFindClass : C:\Windows\system32\DUser.dll @ 0x752ec6e7
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserFlushDeferredMessages : C:\Windows\system32\DUser.dll @ 0x752e0020
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserFlushMessages : C:\Windows\system32\DUser.dll @ 0x752e0096
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserGetAlphaPRID : C:\Windows\system32\DUser.dll @ 0x752e78fd
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserGetGutsData : C:\Windows\system32\DUser.dll @ 0x752ec7c9
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserGetRectPRID : C:\Windows\system32\DUser.dll @ 0x752e7908
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserGetRotatePRID : C:\Windows\system32\DUser.dll @ 0x752e7913
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserGetScalePRID : C:\Windows\system32\DUser.dll @ 0x752e791e
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserInstanceOf : C:\Windows\system32\DUser.dll @ 0x752ec735
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserPostEvent : C:\Windows\system32\DUser.dll @ 0x752d630f
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserPostMethod : C:\Windows\system32\DUser.dll @ 0x752eb639
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserRegisterGuts : C:\Windows\system32\DUser.dll @ 0x752da5b1
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserRegisterStub : C:\Windows\system32\DUser.dll @ 0x752d9f93
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserRegisterSuper : C:\Windows\system32\DUser.dll @ 0x752db046
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserSendEvent : C:\Windows\system32\DUser.dll @ 0x752d3258
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserSendMethod : C:\Windows\system32\DUser.dll @ 0x752eb5b0
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserStopAnimation : C:\Windows\system32\DUser.dll @ 0x752e84e4
[EAT:Addr] (explorer.exe) MSIMG32.dll - DeleteHandle : C:\Windows\system32\DUser.dll @ 0x752d3ef8
[EAT:Addr] (explorer.exe) MSIMG32.dll - DetachWndProc : C:\Windows\system32\DUser.dll @ 0x752d657d
[EAT:Addr] (explorer.exe) MSIMG32.dll - DllMain : C:\Windows\system32\DUser.dll @ 0x752d76f9
[EAT:Addr] (explorer.exe) MSIMG32.dll - DrawGadgetTree : C:\Windows\system32\DUser.dll @ 0x752ec646
[EAT:Addr] (explorer.exe) MSIMG32.dll - EndTransition : C:\Windows\system32\DUser.dll @ 0x752eca90
[EAT:Addr] (explorer.exe) MSIMG32.dll - EnumGadgets : C:\Windows\system32\DUser.dll @ 0x752ec30f
[EAT:Addr] (explorer.exe) MSIMG32.dll - FindGadgetFromPoint : C:\Windows\system32\DUser.dll @ 0x752d6da8
[EAT:Addr] (explorer.exe) MSIMG32.dll - FindGadgetMessages : C:\Windows\system32\DUser.dll @ 0x752ec19d
[EAT:Addr] (explorer.exe) MSIMG32.dll - FindStdColor : C:\Windows\system32\DUser.dll @ 0x752ddc66
[EAT:Addr] (explorer.exe) MSIMG32.dll - FireGadgetMessages : C:\Windows\system32\DUser.dll @ 0x752ec06b
[EAT:Addr] (explorer.exe) MSIMG32.dll - ForwardGadgetMessage : C:\Windows\system32\DUser.dll @ 0x752e1cb5
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x752ecb05
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetDebug : C:\Windows\system32\DUser.dll @ 0x752e705d
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadget : C:\Windows\system32\DUser.dll @ 0x752ec527
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetAnimation : C:\Windows\system32\DUser.dll @ 0x752d7083
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x752e2d45
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x752ebe6f
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x752dce28
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x752ec5ba
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x752d7135
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetRect : C:\Windows\system32\DUser.dll @ 0x752d2d8e
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetRgn : C:\Windows\system32\DUser.dll @ 0x752d540a
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x752ebfbb
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x752ebd35
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetScale : C:\Windows\system32\DUser.dll @ 0x752ebbe9
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetSize : C:\Windows\system32\DUser.dll @ 0x752ec3ca
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x752e232c
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetTicket : C:\Windows\system32\DUser.dll @ 0x752dc94f
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetMessageExA : C:\Windows\system32\DUser.dll @ 0x752df459
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetMessageExW : C:\Windows\system32\DUser.dll @ 0x752eb6c3
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetStdColorBrushF : C:\Windows\system32\DUser.dll @ 0x752ecbea
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetStdColorBrushI : C:\Windows\system32\DUser.dll @ 0x752d2c3b
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetStdColorF : C:\Windows\system32\DUser.dll @ 0x752ece45
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetStdColorI : C:\Windows\system32\DUser.dll @ 0x752dfaf7
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetStdColorName : C:\Windows\system32\DUser.dll @ 0x752ecd46
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetStdColorPenF : C:\Windows\system32\DUser.dll @ 0x752eccd2
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetStdColorPenI : C:\Windows\system32\DUser.dll @ 0x752ecc5e
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetStdPalette : C:\Windows\system32\DUser.dll @ 0x752eb82e
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetTransitionInterface : C:\Windows\system32\DUser.dll @ 0x752ec933
[EAT:Addr] (explorer.exe) MSIMG32.dll - InitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x752eb8be
[EAT:Addr] (explorer.exe) MSIMG32.dll - InitGadgets : C:\Windows\system32\DUser.dll @ 0x752de373
[EAT:Addr] (explorer.exe) MSIMG32.dll - InvalidateGadget : C:\Windows\system32\DUser.dll @ 0x752d3de5
[EAT:Addr] (explorer.exe) MSIMG32.dll - IsGadgetParentChainStyle : C:\Windows\system32\DUser.dll @ 0x752eba7f
[EAT:Addr] (explorer.exe) MSIMG32.dll - IsInsideContext : C:\Windows\system32\DUser.dll @ 0x752eb56c
[EAT:Addr] (explorer.exe) MSIMG32.dll - IsStartDelete : C:\Windows\system32\DUser.dll @ 0x752e121d
[EAT:Addr] (explorer.exe) MSIMG32.dll - LookupGadgetTicket : C:\Windows\system32\DUser.dll @ 0x752ecdbc
[EAT:Addr] (explorer.exe) MSIMG32.dll - MapGadgetPoints : C:\Windows\system32\DUser.dll @ 0x752e3861
[EAT:Addr] (explorer.exe) MSIMG32.dll - PeekMessageExA : C:\Windows\system32\DUser.dll @ 0x752eb710
[EAT:Addr] (explorer.exe) MSIMG32.dll - PeekMessageExW : C:\Windows\system32\DUser.dll @ 0x752eb75e
[EAT:Addr] (explorer.exe) MSIMG32.dll - PlayTransition : C:\Windows\system32\DUser.dll @ 0x752ec8b0
[EAT:Addr] (explorer.exe) MSIMG32.dll - PrintTransition : C:\Windows\system32\DUser.dll @ 0x752eca1c
[EAT:Addr] (explorer.exe) MSIMG32.dll - RegisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x752d7ba3
[EAT:Addr] (explorer.exe) MSIMG32.dll - RegisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x752ec149
[EAT:Addr] (explorer.exe) MSIMG32.dll - RegisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x752d7d5d
[EAT:Addr] (explorer.exe) MSIMG32.dll - RemoveGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x752ec21a
[EAT:Addr] (explorer.exe) MSIMG32.dll - RemoveGadgetProperty : C:\Windows\system32\DUser.dll @ 0x752e0dee
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x752ecb82
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x752e2c09
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x752ebf0a
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetFillF : C:\Windows\system32\DUser.dll @ 0x752ebb47
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetFillI : C:\Windows\system32\DUser.dll @ 0x752e2149
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x752dcebb
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetFocusEx : C:\Windows\system32\DUser.dll @ 0x752e3188
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x752d5a70
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetOrder : C:\Windows\system32\DUser.dll @ 0x752ec45d
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetParent : C:\Windows\system32\DUser.dll @ 0x752d55f8
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x752e1284
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetRect : C:\Windows\system32\DUser.dll @ 0x752d5305
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x752de857
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x752ebdc9
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetScale : C:\Windows\system32\DUser.dll @ 0x752ebc84
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x752d4c48
[EAT:Addr] (explorer.exe) MSIMG32.dll - UninitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x752eb93f
[EAT:Addr] (explorer.exe) MSIMG32.dll - UnregisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x752ec171
[EAT:Addr] (explorer.exe) MSIMG32.dll - UnregisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x752ec149
[EAT:Addr] (explorer.exe) MSIMG32.dll - UnregisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x752ec2e3
[EAT:Addr] (explorer.exe) MSIMG32.dll - UtilBuildFont : C:\Windows\system32\DUser.dll @ 0x752eb83a
[EAT:Addr] (explorer.exe) MSIMG32.dll - UtilDrawBlendRect : C:\Windows\system32\DUser.dll @ 0x752eb84a
[EAT:Addr] (explorer.exe) MSIMG32.dll - UtilDrawOutlineRect : C:\Windows\system32\DUser.dll @ 0x752eb85a
[EAT:Addr] (explorer.exe) MSIMG32.dll - UtilGetColor : C:\Windows\system32\DUser.dll @ 0x752eb86a
[EAT:Addr] (explorer.exe) MSIMG32.dll - UtilSetBackground : C:\Windows\system32\DUser.dll @ 0x752ecd78
[EAT:Addr] (explorer.exe) MSIMG32.dll - WaitMessageEx : C:\Windows\system32\DUser.dll @ 0x752eb7ac
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545032B9A300 ATA Device +++++
--- User ---
[MBR] 9405e584f848ec74f900fa8b4320c9e6
[BSP] 39522565e9bcb1711b03147ba1d55482 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 294058 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 602232832 | Size: 11183 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_06132014_215156.log - RKreport_SCN_06142014_223616.log
---------------------------------------------------------------------------------------------------------------------------------------------------------------
 
New FRST log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-06-2014
Ran by gogo (administrator) on GOGO on 10-06-2014 16:49:07
Running from C:\Users\gogo\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Program Files\SMINST\BLService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation)
HKU\S-1-5-21-90010376-98873278-4205430638-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-90010376-98873278-4205430638-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk.disabled -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
GroupPolicyUsers\S-1-5-21-90010376-98873278-4205430638-1001\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: SDHelper - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 37 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.10.1.5 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,"");: user_pref("browser.search.order.1,"");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Users\gogo\Downloads\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @unity3d.com/UnityPlayer - C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Program Files\Roblox\Versions\version-bce30591d031432c\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\gogo\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\CONFLICT.1\npsoe.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\gogo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: No Name - C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2013-06-22]
FF Extension: ColorfulTabs - C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(235) [2013-07-30]
FF Extension: YouTube™ Anywhere Player - C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\Extensions\{c9d31470-81c6-4e3e-9a37-46eb9237ed3a} [2013-06-20]
FF Extension: Feedback - C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\Extensions\testpilot@labs.mozilla.com.xpi [2013-05-13]
FF Extension: Adblock Plus - C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
 
Chrome: 
=======
CHR HomePage: hxxp://bing.com/
CHR StartupUrls: "hxxp://www.bing.com/", "hxxp://www.my.msn.com/"
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultNewTabURL: 
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Roblox Launcher Plugin) - C:\Program Files\Roblox\Versions\version-bce30591d031432c\\NPRobloxProxy.dll ( ROBLOX Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\gogo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (SOE Web Installer) - C:\Users\gogo\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\CONFLICT.1\npsoe.dll ()
CHR Plugin: (Picasa) - C:\Users\gogo\Downloads\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-03-31]
CHR Extension: (Google Docs) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-11]
CHR Extension: (Google Drive) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-11]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2014-04-15]
CHR Extension: (Hidden Object Games from Big Fish Games) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimlkohpcpfkjdpcflnekhaecfhmcmnc [2014-03-31]
CHR Extension: (Google Search) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-11]
CHR Extension: (Find your way to Oz) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmbnhmcbgnenhcjpmgfhneiiamfijel [2014-03-31]
CHR Extension: (Rush Team) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecdnoeebfjlplfkljdedokbcmebojbpb [2014-03-31]
CHR Extension: (Mahjongg) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop [2014-03-31]
CHR Extension: (Causality Games) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2014-03-31]
CHR Extension: (Songza) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikbbcifofebbnlfffhdlolcgjnleofo [2014-03-30]
CHR Extension: (Planetarium) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2014-03-31]
CHR Extension: (Cargo Bridge: Armor Games Edition) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj [2014-03-31]
CHR Extension: (iPiccy Photo Editor) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2014-03-31]
CHR Extension: (Legend Of The Golden Mask) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\janlcfemglecoedjapgofmobnokdpaan [2014-05-07]
CHR Extension: (Roomstyler 3D planner) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi [2014-03-31]
CHR Extension: (City Sights - Hello Seattle!) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jihilfhlglomedabonpgmihgbicgpilk [2014-03-31]
CHR Extension: (Autodesk Homestyler) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2014-03-31]
CHR Extension: (Cargo Bridge) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn [2014-03-31]
CHR Extension: (Meme Generator) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcohkjejibbohjcejckhdnkfceagebc [2014-03-31]
CHR Extension: (Quick Earth) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\khodocggeplgfhppgagfdpbjkniadmdh [2014-03-31]
CHR Extension: (CanvasDraw) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfimpamngmggpbamfoomdpebdoleghe [2014-03-31]
CHR Extension: (Little Alchemy) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-03-31]
CHR Extension: (Build with Chrome) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2014-03-31]
CHR Extension: (Planner 5D) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2014-03-31]
CHR Extension: (3D Solar System Web) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaaepplopehigjgkolniddiadbbkphd [2014-03-31]
CHR Extension: (Google Play Books) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-03-31]
CHR Extension: (ROBLOX Outfit Saver Extension) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpaohnjlgfabcooefhihmafmdcbliakf [2014-03-31]
CHR Extension: (Anatronica - 3D Interactive Anatomy) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nalpooddpdnhjicpjgnhaihnnfnmbpee [2014-03-31]
CHR Extension: (Cargo Bridge: Xmas level pack) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdcclndkdgngndhjfccoabooegcgamk [2014-03-31]
CHR Extension: (BeGone) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfpieflbjbdpgklkeolbmbdkfdiicfk [2014-03-31]
CHR Extension: (Google Wallet) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR Extension: (First Person Pacman) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\npalfjppngmabdkpnlbibhmahbbkgobm [2014-03-30]
CHR Extension: (Origami Player) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiomepakkenneiifjocbinkmmampfbdn [2014-03-31]
CHR Extension: (ArcadeFrontier) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl [2014-05-25]
CHR Extension: (Bullet Physics NaCl Test) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgehkhceingafmkkmbeoempaablkkeal [2014-03-31]
CHR Extension: (Psykopaint) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2014-03-31]
CHR Extension: (Mysteriez!) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\phhpkfchfjfeicikkkajdojpjkapdpnd [2014-03-31]
CHR Extension: (Gmail) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-11]
CHR Extension: (Anatomicus - Human Anatomy Atlas) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkgfngehhjplndcgejapgknnjpdgfpag [2014-03-31]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
S4 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S4 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [513408 2011-03-17] (SEIKO EPSON CORPORATION)
S2 gupdate1ce11e97cd4f97c; C:\Program Files\Google\Update\GoogleUpdate.exe [136176 2011-10-31] (Google Inc.)
S3 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-08-12] (Microsoft Corporation)
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
S4 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S4 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2013-05-01] (AVAST Software)
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [20624 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [49760 2013-05-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2013-05-01] ()
S1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [765736 2013-05-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [368944 2013-05-01] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2013-05-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [174664 2013-05-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-05-05] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 SRS_AE_Service; C:\Windows\System32\drivers\SRS_AE_i386.sys [404256 2011-08-01] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-05-05] (Avira GmbH)
S3 ssrangdr; C:\Windows\System32\DRIVERS\ssrangdr.sys [2560 2009-07-13] (SupportSoft Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-20] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\gogo\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U2 TMAgent; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-10 16:49 - 2014-06-10 16:49 - 00024300 _____ () C:\Users\gogo\Desktop\FRST.txt
2014-06-10 16:49 - 2014-06-10 16:49 - 00000000 ____D () C:\FRST
2014-06-10 16:47 - 2014-06-10 16:47 - 00001295 _____ () C:\Users\gogo\Desktop\checkup.txt
2014-06-10 16:15 - 2014-06-10 16:15 - 01072640 _____ (Farbar) C:\Users\gogo\Desktop\FRST.exe
2014-06-04 22:44 - 2014-06-04 22:45 - 00388608 _____ (Trend Micro Inc.) C:\Users\gogo\Desktop\HijackThis.exe
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 ____D () C:\Users\gogo\Documents\ProcAlyzer Dumps
2014-06-02 10:46 - 2014-06-05 22:57 - 00020822 _____ () C:\Users\gogo\Desktop\attach.txt
2014-06-02 10:46 - 2014-06-02 10:46 - 00011087 _____ () C:\Users\gogo\Desktop\dds.txt
2014-06-02 10:44 - 2014-06-02 10:44 - 00006894 _____ () C:\Users\gogo\Desktop\hijackthis.log
2014-06-02 00:48 - 2014-06-02 00:48 - 00688992 ____R (Swearware) C:\Users\gogo\Desktop\dds.scr
2014-06-01 22:08 - 2014-06-02 09:08 - 00000000 ____D () C:\Users\gogo\AppData\Roaming\DropboxMaster
2014-05-23 21:37 - 2014-05-23 22:19 - 00000000 ____D () C:\Program Files\Microsoft Home Publishing 2000
2014-05-16 23:49 - 2014-05-16 23:49 - 00000000 ____D () C:\Users\gogo\AppData\Local\Microsoft Help
 
==================== One Month Modified Files and Folders =======
 
2014-06-10 16:49 - 2014-06-10 16:49 - 00024300 _____ () C:\Users\gogo\Desktop\FRST.txt
2014-06-10 16:49 - 2014-06-10 16:49 - 00000000 ____D () C:\FRST
2014-06-10 16:49 - 2014-01-23 19:51 - 00000000 ____D () C:\Users\gogo\AppData\Local\temp
2014-06-10 16:47 - 2014-06-10 16:47 - 00001295 _____ () C:\Users\gogo\Desktop\checkup.txt
2014-06-10 16:39 - 2009-04-20 05:16 - 00000000 ____D () C:\ProgramData\Temp
2014-06-10 16:37 - 2009-07-31 10:32 - 01936393 _____ () C:\Windows\WindowsUpdate.log
2014-06-10 16:15 - 2014-06-10 16:15 - 01072640 _____ (Farbar) C:\Users\gogo\Desktop\FRST.exe
2014-06-10 16:11 - 2014-01-20 15:47 - 00000000 ____D () C:\Users\gogo\Desktop\Security 2014
2014-06-10 13:09 - 2013-05-13 19:54 - 00000620 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-06-10 13:09 - 2011-10-31 11:19 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-10 13:09 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-10 13:09 - 2006-11-02 05:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 13:09 - 2006-11-02 05:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 00:37 - 2006-11-02 06:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-09 23:48 - 2013-05-13 19:52 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-06-05 22:57 - 2014-06-02 10:46 - 00020822 _____ () C:\Users\gogo\Desktop\attach.txt
2014-06-04 22:45 - 2014-06-04 22:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\gogo\Desktop\HijackThis.exe
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 ____D () C:\Users\gogo\Documents\ProcAlyzer Dumps
2014-06-04 01:27 - 2013-05-13 19:54 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-06-03 00:36 - 2013-05-07 22:30 - 00000000 ____D () C:\Users\gogo\Documents\NoNo
2014-06-02 10:46 - 2014-06-02 10:46 - 00011087 _____ () C:\Users\gogo\Desktop\dds.txt
2014-06-02 10:44 - 2014-06-02 10:44 - 00006894 _____ () C:\Users\gogo\Desktop\hijackthis.log
2014-06-02 09:08 - 2014-06-01 22:08 - 00000000 ____D () C:\Users\gogo\AppData\Roaming\DropboxMaster
2014-06-02 09:08 - 2013-01-20 01:40 - 00000000 ___RD () C:\Users\gogo\Dropbox
2014-06-02 09:08 - 2013-01-20 00:46 - 00000000 ____D () C:\Users\gogo\AppData\Roaming\Dropbox
2014-06-02 00:51 - 2013-04-19 09:50 - 00000000 ____D () C:\Users\gogo\Desktop\Security 2013
2014-06-02 00:48 - 2014-06-02 00:48 - 00688992 ____R (Swearware) C:\Users\gogo\Desktop\dds.scr
2014-06-01 22:16 - 2009-08-28 18:57 - 00146944 _____ () C:\Users\gogo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-01 22:08 - 2013-01-20 01:40 - 00000950 _____ () C:\Users\gogo\Desktop\Dropbox.lnk
2014-06-01 22:08 - 2013-01-20 00:58 - 00000000 ____D () C:\Users\gogo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-31 14:15 - 2014-01-23 19:51 - 00000000 ____D () C:\Users\Kids\AppData\Local\temp
2014-05-31 13:48 - 2009-04-20 04:11 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-31 13:47 - 2010-07-21 23:47 - 00000000 ____D () C:\ProgramData\Skype
2014-05-31 13:46 - 2010-07-25 17:09 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Skype
2014-05-31 13:46 - 2010-07-21 23:47 - 00000000 ___RD () C:\Program Files\Skype
2014-05-31 09:40 - 2006-11-02 03:23 - 00000203 _____ () C:\Windows\win.ini
2014-05-31 09:39 - 2011-06-17 14:15 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-05-31 08:57 - 2009-08-27 18:08 - 00078192 _____ () C:\Users\Kids\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-30 01:14 - 2013-05-13 19:54 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-29 23:29 - 2009-08-19 14:50 - 00078192 _____ () C:\Users\gogo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-29 20:49 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-05-29 20:48 - 2006-11-02 03:22 - 57933824 _____ () C:\Windows\system32\config\software_previous
2014-05-29 20:48 - 2006-11-02 03:22 - 40108032 _____ () C:\Windows\system32\config\components_previous
2014-05-29 20:48 - 2006-11-02 03:22 - 31719424 _____ () C:\Windows\system32\config\system_previous
2014-05-29 20:48 - 2006-11-02 03:22 - 05242880 _____ () C:\Windows\system32\config\default_previous
2014-05-29 20:48 - 2006-11-02 03:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-05-29 20:48 - 2006-11-02 03:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-05-29 20:44 - 2014-05-06 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-29 20:44 - 2014-04-05 23:55 - 00000000 ____D () C:\Program Files\Steam
2014-05-29 20:44 - 2014-04-05 23:55 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-05-29 20:44 - 2013-10-21 06:13 - 00000000 ____D () C:\ProgramData\Pivot Animator
2014-05-29 20:44 - 2013-10-03 16:17 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-29 20:44 - 2013-05-13 19:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-29 20:44 - 2013-05-13 19:52 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-29 20:44 - 2011-10-31 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-29 20:44 - 2009-08-27 18:07 - 00000000 ____D () C:\Users\Kids
2014-05-29 20:44 - 2009-08-19 14:46 - 00000000 ____D () C:\Users\gogo
2014-05-29 20:44 - 2009-04-20 05:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-05-29 20:44 - 2009-04-20 04:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2014-05-29 20:44 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\system32\spool
2014-05-29 20:43 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\registration
2014-05-28 14:27 - 2014-04-07 13:21 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-23 22:19 - 2014-05-23 21:37 - 00000000 ____D () C:\Program Files\Microsoft Home Publishing 2000
2014-05-23 22:00 - 2014-01-06 08:52 - 00000000 ____D () C:\Users\gogo\Documents\Gabriel
2014-05-23 21:38 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Help
2014-05-23 21:38 - 2006-11-02 04:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-05-19 16:29 - 2014-04-30 14:21 - 00000000 ____D () C:\Users\Kids\Desktop\ATL
2014-05-16 23:50 - 2009-04-20 05:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 23:49 - 2014-05-16 23:49 - 00000000 ____D () C:\Users\gogo\AppData\Local\Microsoft Help
2014-05-11 18:38 - 2013-02-02 01:40 - 00000000 ____D () C:\Users\Kids\PSP
 
Files to move or delete:
====================
C:\Users\gogo\jagex_runescape_preferences.dat
C:\Users\gogo\jagex_runescape_preferences2.dat
 
 
Some content of TEMP:
====================
C:\Users\gogo\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyjy7so.dll
C:\Users\gogo\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-10 13:15
 
==================== End Of Log ============================
------------------------------------------------------------------------------------------------------------------------------------------------------------
 
Have a good night, 
NoNo 


#9 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 15 June 2014 - 12:30 AM

Hi NoNo,

You did not complete the last step with RogueKiller correctly, please run it again.

bullseye_zpse9eaf36e.gif Re-run RogueKiller

Right click and select "Run as Administrator"

  • Quit all programs
  • Wait until Prescan has finished ...
  • Click on Scan.
  • After the scan has completed click on the Registry tab
  • Make sure all items are selected
  • Wait until the Status box shows "Scan Finished"
  • Click the Delete button
  • Wait until the Status box shows "Deleting Finished"
  • Click the Report button, save the report to your desktop

=========================

The last FRST log you provided is also the wrong one. Please run a fresh scan with FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-06-2014
Ran by gogo (administrator) on GOGO on 10-06-2014 16:49:07

=========================

In your next post please provide the following:

  • RogueKiller log
  • Fresh FRST.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#10 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 15 June 2014 - 03:00 AM

Hi- Sorry about that. Since I didn't see that I needed to redo them until a little bit ago, I will test out how the computer is running in the morning and let you know then. Here are the logs:

 

RogueKiller-

 RogueKiller V9.0.2.0 [Jun  3 2014] by Adlice Software

 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : gogo [Admin rights]
Mode : Remove -- Date : 06/15/2014  01:38:06
 
¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] explorer.exe -- C:\Users\gogo\AppData\Local\Bandizip\bdzshl32.dll[7] -> UNLOADED
 
¤¤¤ Registry Entries : 12 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme -> DELETED
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme -> DELETED
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme -> DELETED
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> DELETED
[PUM.Desktop] HKEY_USERS\S-1-5-21-90010376-98873278-4205430638-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> DELETED
[PUM.StartMenu] HKEY_USERS\S-1-5-21-90010376-98873278-4205430638-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> REPLACED (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-90010376-98873278-4205430638-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> REPLACED (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-90010376-98873278-4205430638-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> REPLACED (1)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-90010376-98873278-4205430638-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> REPLACED (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-90010376-98873278-4205430638-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 123 ¤¤¤
[SSDT:Addr] NtCreateSection[75] : Unknown @ 0x8db24726
[SSDT:Addr] NtRequestWaitReplyPort[276] : Unknown @ 0x8db24730
[SSDT:Addr] NtSetContextThread[289] : Unknown @ 0x8db2472b
[SSDT:Addr] NtSetSecurityObject[314] : Unknown @ 0x8db24735
[SSDT:Addr] NtSystemDebugControl[332] : Unknown @ 0x8db2473a
[SSDT:Addr] NtTerminateProcess[334] : Unknown @ 0x8db246c7
[ShwSSDT:Addr] NtUserSetWindowsHookEx[573] : Unknown @ 0x8db2474e
[ShwSSDT:Addr] NtUserSetWinEventHook[576] : Unknown @ 0x8db24753
[EAT:Addr] (explorer.exe) MSIMG32.dll - AddGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x74be152c
[EAT:Addr] (explorer.exe) MSIMG32.dll - AttachWndProcA : C:\Windows\system32\DUser.dll @ 0x74bec80a
[EAT:Addr] (explorer.exe) MSIMG32.dll - AttachWndProcW : C:\Windows\system32\DUser.dll @ 0x74bddd2c
[EAT:Addr] (explorer.exe) MSIMG32.dll - AutoTrace : C:\Windows\system32\DUser.dll @ 0x74be7041
[EAT:Addr] (explorer.exe) MSIMG32.dll - BeginTransition : C:\Windows\system32\DUser.dll @ 0x74bec9a7
[EAT:Addr] (explorer.exe) MSIMG32.dll - BuildAnimation : C:\Windows\system32\DUser.dll @ 0x74be1135
[EAT:Addr] (explorer.exe) MSIMG32.dll - BuildDropTarget : C:\Windows\system32\DUser.dll @ 0x74be7131
[EAT:Addr] (explorer.exe) MSIMG32.dll - BuildInterpolation : C:\Windows\system32\DUser.dll @ 0x74be118c
[EAT:Addr] (explorer.exe) MSIMG32.dll - CreateAction : C:\Windows\system32\DUser.dll @ 0x74bd7339
[EAT:Addr] (explorer.exe) MSIMG32.dll - CreateGadget : C:\Windows\system32\DUser.dll @ 0x74bd5197
[EAT:Addr] (explorer.exe) MSIMG32.dll - CreateTransition : C:\Windows\system32\DUser.dll @ 0x74bec83a
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserBuildGadget : C:\Windows\system32\DUser.dll @ 0x74beb7e8
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserCastClass : C:\Windows\system32\DUser.dll @ 0x74bec776
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserCastDirect : C:\Windows\system32\DUser.dll @ 0x74bec7b9
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserCastHandle : C:\Windows\system32\DUser.dll @ 0x74beb81e
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserDeleteGadget : C:\Windows\system32\DUser.dll @ 0x74beb9c1
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserFindClass : C:\Windows\system32\DUser.dll @ 0x74bec6e7
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserFlushDeferredMessages : C:\Windows\system32\DUser.dll @ 0x74be0020
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserFlushMessages : C:\Windows\system32\DUser.dll @ 0x74be0096
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserGetAlphaPRID : C:\Windows\system32\DUser.dll @ 0x74be78fd
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserGetGutsData : C:\Windows\system32\DUser.dll @ 0x74bec7c9
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserGetRectPRID : C:\Windows\system32\DUser.dll @ 0x74be7908
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserGetRotatePRID : C:\Windows\system32\DUser.dll @ 0x74be7913
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserGetScalePRID : C:\Windows\system32\DUser.dll @ 0x74be791e
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserInstanceOf : C:\Windows\system32\DUser.dll @ 0x74bec735
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserPostEvent : C:\Windows\system32\DUser.dll @ 0x74bd630f
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserPostMethod : C:\Windows\system32\DUser.dll @ 0x74beb639
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserRegisterGuts : C:\Windows\system32\DUser.dll @ 0x74bda5b1
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserRegisterStub : C:\Windows\system32\DUser.dll @ 0x74bd9f93
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserRegisterSuper : C:\Windows\system32\DUser.dll @ 0x74bdb046
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserSendEvent : C:\Windows\system32\DUser.dll @ 0x74bd3258
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserSendMethod : C:\Windows\system32\DUser.dll @ 0x74beb5b0
[EAT:Addr] (explorer.exe) MSIMG32.dll - DUserStopAnimation : C:\Windows\system32\DUser.dll @ 0x74be84e4
[EAT:Addr] (explorer.exe) MSIMG32.dll - DeleteHandle : C:\Windows\system32\DUser.dll @ 0x74bd3ef8
[EAT:Addr] (explorer.exe) MSIMG32.dll - DetachWndProc : C:\Windows\system32\DUser.dll @ 0x74bd657d
[EAT:Addr] (explorer.exe) MSIMG32.dll - DllMain : C:\Windows\system32\DUser.dll @ 0x74bd76f9
[EAT:Addr] (explorer.exe) MSIMG32.dll - DrawGadgetTree : C:\Windows\system32\DUser.dll @ 0x74bec646
[EAT:Addr] (explorer.exe) MSIMG32.dll - EndTransition : C:\Windows\system32\DUser.dll @ 0x74beca90
[EAT:Addr] (explorer.exe) MSIMG32.dll - EnumGadgets : C:\Windows\system32\DUser.dll @ 0x74bec30f
[EAT:Addr] (explorer.exe) MSIMG32.dll - FindGadgetFromPoint : C:\Windows\system32\DUser.dll @ 0x74bd6da8
[EAT:Addr] (explorer.exe) MSIMG32.dll - FindGadgetMessages : C:\Windows\system32\DUser.dll @ 0x74bec19d
[EAT:Addr] (explorer.exe) MSIMG32.dll - FindStdColor : C:\Windows\system32\DUser.dll @ 0x74bddc66
[EAT:Addr] (explorer.exe) MSIMG32.dll - FireGadgetMessages : C:\Windows\system32\DUser.dll @ 0x74bec06b
[EAT:Addr] (explorer.exe) MSIMG32.dll - ForwardGadgetMessage : C:\Windows\system32\DUser.dll @ 0x74be1cb5
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x74becb05
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetDebug : C:\Windows\system32\DUser.dll @ 0x74be705d
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadget : C:\Windows\system32\DUser.dll @ 0x74bec527
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetAnimation : C:\Windows\system32\DUser.dll @ 0x74bd7083
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x74be2d45
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x74bebe6f
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x74bdce28
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x74bec5ba
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x74bd7135
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetRect : C:\Windows\system32\DUser.dll @ 0x74bd2d8e
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetRgn : C:\Windows\system32\DUser.dll @ 0x74bd540a
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x74bebfbb
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x74bebd35
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetScale : C:\Windows\system32\DUser.dll @ 0x74bebbe9
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetSize : C:\Windows\system32\DUser.dll @ 0x74bec3ca
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x74be232c
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetGadgetTicket : C:\Windows\system32\DUser.dll @ 0x74bdc94f
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetMessageExA : C:\Windows\system32\DUser.dll @ 0x74bdf459
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetMessageExW : C:\Windows\system32\DUser.dll @ 0x74beb6c3
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetStdColorBrushF : C:\Windows\system32\DUser.dll @ 0x74becbea
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetStdColorBrushI : C:\Windows\system32\DUser.dll @ 0x74bd2c3b
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetStdColorF : C:\Windows\system32\DUser.dll @ 0x74bece45
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetStdColorI : C:\Windows\system32\DUser.dll @ 0x74bdfaf7
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetStdColorName : C:\Windows\system32\DUser.dll @ 0x74becd46
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetStdColorPenF : C:\Windows\system32\DUser.dll @ 0x74beccd2
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetStdColorPenI : C:\Windows\system32\DUser.dll @ 0x74becc5e
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetStdPalette : C:\Windows\system32\DUser.dll @ 0x74beb82e
[EAT:Addr] (explorer.exe) MSIMG32.dll - GetTransitionInterface : C:\Windows\system32\DUser.dll @ 0x74bec933
[EAT:Addr] (explorer.exe) MSIMG32.dll - InitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x74beb8be
[EAT:Addr] (explorer.exe) MSIMG32.dll - InitGadgets : C:\Windows\system32\DUser.dll @ 0x74bde373
[EAT:Addr] (explorer.exe) MSIMG32.dll - InvalidateGadget : C:\Windows\system32\DUser.dll @ 0x74bd3de5
[EAT:Addr] (explorer.exe) MSIMG32.dll - IsGadgetParentChainStyle : C:\Windows\system32\DUser.dll @ 0x74beba7f
[EAT:Addr] (explorer.exe) MSIMG32.dll - IsInsideContext : C:\Windows\system32\DUser.dll @ 0x74beb56c
[EAT:Addr] (explorer.exe) MSIMG32.dll - IsStartDelete : C:\Windows\system32\DUser.dll @ 0x74be121d
[EAT:Addr] (explorer.exe) MSIMG32.dll - LookupGadgetTicket : C:\Windows\system32\DUser.dll @ 0x74becdbc
[EAT:Addr] (explorer.exe) MSIMG32.dll - MapGadgetPoints : C:\Windows\system32\DUser.dll @ 0x74be3861
[EAT:Addr] (explorer.exe) MSIMG32.dll - PeekMessageExA : C:\Windows\system32\DUser.dll @ 0x74beb710
[EAT:Addr] (explorer.exe) MSIMG32.dll - PeekMessageExW : C:\Windows\system32\DUser.dll @ 0x74beb75e
[EAT:Addr] (explorer.exe) MSIMG32.dll - PlayTransition : C:\Windows\system32\DUser.dll @ 0x74bec8b0
[EAT:Addr] (explorer.exe) MSIMG32.dll - PrintTransition : C:\Windows\system32\DUser.dll @ 0x74beca1c
[EAT:Addr] (explorer.exe) MSIMG32.dll - RegisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x74bd7ba3
[EAT:Addr] (explorer.exe) MSIMG32.dll - RegisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x74bec149
[EAT:Addr] (explorer.exe) MSIMG32.dll - RegisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x74bd7d5d
[EAT:Addr] (explorer.exe) MSIMG32.dll - RemoveGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x74bec21a
[EAT:Addr] (explorer.exe) MSIMG32.dll - RemoveGadgetProperty : C:\Windows\system32\DUser.dll @ 0x74be0dee
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x74becb82
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x74be2c09
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x74bebf0a
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetFillF : C:\Windows\system32\DUser.dll @ 0x74bebb47
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetFillI : C:\Windows\system32\DUser.dll @ 0x74be2149
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x74bdcebb
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetFocusEx : C:\Windows\system32\DUser.dll @ 0x74be3188
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x74bd5a70
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetOrder : C:\Windows\system32\DUser.dll @ 0x74bec45d
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetParent : C:\Windows\system32\DUser.dll @ 0x74bd55f8
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x74be1284
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetRect : C:\Windows\system32\DUser.dll @ 0x74bd5305
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x74bde857
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x74bebdc9
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetScale : C:\Windows\system32\DUser.dll @ 0x74bebc84
[EAT:Addr] (explorer.exe) MSIMG32.dll - SetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x74bd4c48
[EAT:Addr] (explorer.exe) MSIMG32.dll - UninitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x74beb93f
[EAT:Addr] (explorer.exe) MSIMG32.dll - UnregisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x74bec171
[EAT:Addr] (explorer.exe) MSIMG32.dll - UnregisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x74bec149
[EAT:Addr] (explorer.exe) MSIMG32.dll - UnregisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x74bec2e3
[EAT:Addr] (explorer.exe) MSIMG32.dll - UtilBuildFont : C:\Windows\system32\DUser.dll @ 0x74beb83a
[EAT:Addr] (explorer.exe) MSIMG32.dll - UtilDrawBlendRect : C:\Windows\system32\DUser.dll @ 0x74beb84a
[EAT:Addr] (explorer.exe) MSIMG32.dll - UtilDrawOutlineRect : C:\Windows\system32\DUser.dll @ 0x74beb85a
[EAT:Addr] (explorer.exe) MSIMG32.dll - UtilGetColor : C:\Windows\system32\DUser.dll @ 0x74beb86a
[EAT:Addr] (explorer.exe) MSIMG32.dll - UtilSetBackground : C:\Windows\system32\DUser.dll @ 0x74becd78
[EAT:Addr] (explorer.exe) MSIMG32.dll - WaitMessageEx : C:\Windows\system32\DUser.dll @ 0x74beb7ac
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545032B9A300 ATA Device +++++
--- User ---
[MBR] 9405e584f848ec74f900fa8b4320c9e6
[BSP] 39522565e9bcb1711b03147ba1d55482 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 294058 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 602232832 | Size: 11183 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_DEL_06142014_223807.log - RKreport_SCN_06132014_215156.log - RKreport_SCN_06142014_223616.log - RKreport_SCN_06152014_013706.log
 
________________________________________________________________________________________
New FRST-
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-06-2014
Ran by gogo (administrator) on GOGO on 15-06-2014 01:46:19
Running from C:\Users\gogo\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Program Files\SMINST\BLService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation)
HKU\S-1-5-21-90010376-98873278-4205430638-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-90010376-98873278-4205430638-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\gogo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk.disabled -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
GroupPolicyUsers\S-1-5-21-90010376-98873278-4205430638-1001\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=EIE9HP&PC=UP50
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP50
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SDHelper - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 37 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.10.1.5 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,"");: user_pref("browser.search.order.1,"");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Users\gogo\Downloads\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @unity3d.com/UnityPlayer - C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Program Files\Roblox\Versions\version-bce30591d031432c\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\gogo\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\CONFLICT.1\npsoe.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\gogo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: No Name - C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2013-06-22]
FF Extension: ColorfulTabs - C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(235) [2013-07-30]
FF Extension: YouTube™ Anywhere Player - C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\Extensions\{c9d31470-81c6-4e3e-9a37-46eb9237ed3a} [2013-06-20]
FF Extension: Feedback - C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\Extensions\testpilot@labs.mozilla.com.xpi [2013-05-13]
FF Extension: Adblock Plus - C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
 
Chrome: 
=======
CHR HomePage: hxxp://bing.com/
CHR StartupUrls: "hxxp://www.bing.com/", "hxxp://www.my.msn.com/"
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultNewTabURL: 
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Roblox Launcher Plugin) - C:\Program Files\Roblox\Versions\version-bce30591d031432c\\NPRobloxProxy.dll ( ROBLOX Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\gogo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (SOE Web Installer) - C:\Users\gogo\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\CONFLICT.1\npsoe.dll ()
CHR Plugin: (Picasa) - C:\Users\gogo\Downloads\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-03-31]
CHR Extension: (Google Docs) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-11]
CHR Extension: (Google Drive) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-11]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2014-04-15]
CHR Extension: (Hidden Object Games from Big Fish Games) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimlkohpcpfkjdpcflnekhaecfhmcmnc [2014-03-31]
CHR Extension: (Google Search) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-11]
CHR Extension: (Find your way to Oz) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmbnhmcbgnenhcjpmgfhneiiamfijel [2014-03-31]
CHR Extension: (Rush Team) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecdnoeebfjlplfkljdedokbcmebojbpb [2014-03-31]
CHR Extension: (Mahjongg) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop [2014-03-31]
CHR Extension: (Causality Games) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2014-03-31]
CHR Extension: (Songza) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikbbcifofebbnlfffhdlolcgjnleofo [2014-03-30]
CHR Extension: (Planetarium) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2014-03-31]
CHR Extension: (Cargo Bridge: Armor Games Edition) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj [2014-03-31]
CHR Extension: (iPiccy Photo Editor) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2014-03-31]
CHR Extension: (Legend Of The Golden Mask) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\janlcfemglecoedjapgofmobnokdpaan [2014-05-07]
CHR Extension: (Roomstyler 3D planner) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi [2014-03-31]
CHR Extension: (City Sights - Hello Seattle!) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jihilfhlglomedabonpgmihgbicgpilk [2014-03-31]
CHR Extension: (Autodesk Homestyler) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2014-03-31]
CHR Extension: (Cargo Bridge) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn [2014-03-31]
CHR Extension: (Meme Generator) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcohkjejibbohjcejckhdnkfceagebc [2014-03-31]
CHR Extension: (Quick Earth) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\khodocggeplgfhppgagfdpbjkniadmdh [2014-03-31]
CHR Extension: (CanvasDraw) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfimpamngmggpbamfoomdpebdoleghe [2014-03-31]
CHR Extension: (Little Alchemy) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-03-31]
CHR Extension: (Build with Chrome) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2014-03-31]
CHR Extension: (Planner 5D) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2014-03-31]
CHR Extension: (3D Solar System Web) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaaepplopehigjgkolniddiadbbkphd [2014-03-31]
CHR Extension: (Google Play Books) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-03-31]
CHR Extension: (ROBLOX Outfit Saver Extension) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpaohnjlgfabcooefhihmafmdcbliakf [2014-03-31]
CHR Extension: (Anatronica - 3D Interactive Anatomy) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nalpooddpdnhjicpjgnhaihnnfnmbpee [2014-03-31]
CHR Extension: (Cargo Bridge: Xmas level pack) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdcclndkdgngndhjfccoabooegcgamk [2014-03-31]
CHR Extension: (BeGone) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfpieflbjbdpgklkeolbmbdkfdiicfk [2014-03-31]
CHR Extension: (Google Wallet) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR Extension: (First Person Pacman) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\npalfjppngmabdkpnlbibhmahbbkgobm [2014-03-30]
CHR Extension: (Origami Player) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiomepakkenneiifjocbinkmmampfbdn [2014-03-31]
CHR Extension: (ArcadeFrontier) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl [2014-05-25]
CHR Extension: (Bullet Physics NaCl Test) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgehkhceingafmkkmbeoempaablkkeal [2014-03-31]
CHR Extension: (Psykopaint) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2014-03-31]
CHR Extension: (Mysteriez!) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\phhpkfchfjfeicikkkajdojpjkapdpnd [2014-03-31]
CHR Extension: (Gmail) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-11]
CHR Extension: (Anatomicus - Human Anatomy Atlas) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkgfngehhjplndcgejapgknnjpdgfpag [2014-03-31]
 
========================== Services (Whitelisted) =================
 
S4 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S4 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [513408 2011-03-17] (SEIKO EPSON CORPORATION)
S3 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-08-12] (Microsoft Corporation)
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
S4 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2013-05-01] (AVAST Software)
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [20624 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [49760 2013-05-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2013-05-01] ()
S1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [765736 2013-05-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [368944 2013-05-01] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2013-05-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [174664 2013-05-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-05-05] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 SRS_AE_Service; C:\Windows\System32\drivers\SRS_AE_i386.sys [404256 2011-08-01] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-05-05] (Avira GmbH)
S3 ssrangdr; C:\Windows\System32\DRIVERS\ssrangdr.sys [2560 2009-07-13] (SupportSoft Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-20] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U2 TMAgent; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-15 01:46 - 2014-06-15 01:46 - 00024167 _____ () C:\Users\gogo\Desktop\FRST.txt
2014-06-15 01:39 - 2014-06-15 01:39 - 00015595 _____ () C:\Users\gogo\Desktop\RKreport_DEL_06152014_013806.log
2014-06-13 22:06 - 2014-06-13 22:06 - 00001278 _____ () C:\Users\gogo\Desktop\AdwCleaner[R1].txt
2014-06-13 21:53 - 2014-06-13 21:53 - 00003779 _____ () C:\Users\gogo\Desktop\RKreport_SCN_06132014_215156.log
2014-06-13 21:48 - 2014-06-15 01:34 - 00000000 ____D () C:\Users\gogo\AppData\Local\CrashDumps
2014-06-13 21:45 - 2014-06-15 01:33 - 00026624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-06-13 21:45 - 2014-06-13 21:45 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-11 11:13 - 2014-06-11 11:13 - 01333465 _____ () C:\Users\gogo\Desktop\AdwCleaner.exe
2014-06-11 11:12 - 2014-06-11 11:12 - 04686336 _____ () C:\Users\gogo\Desktop\RogueKiller.exe
2014-06-10 18:01 - 2014-06-10 18:01 - 00000545 _____ () C:\Users\gogo\Desktop\MBR.zip
2014-06-10 17:58 - 2014-06-10 17:58 - 00001856 _____ () C:\Users\gogo\Desktop\aswMBR.txt
2014-06-10 17:58 - 2014-06-10 17:58 - 00000512 _____ () C:\Users\gogo\Desktop\MBR.dat
2014-06-10 16:49 - 2014-06-15 01:46 - 00000000 ____D () C:\FRST
2014-06-10 16:49 - 2014-06-10 16:54 - 00042406 _____ () C:\Users\gogo\Desktop\Addition.txt
2014-06-10 16:47 - 2014-06-10 16:47 - 00001295 _____ () C:\Users\gogo\Desktop\checkup.txt
2014-06-10 16:15 - 2014-06-10 16:15 - 01072640 _____ (Farbar) C:\Users\gogo\Desktop\FRST.exe
2014-06-04 22:44 - 2014-06-04 22:45 - 00388608 _____ (Trend Micro Inc.) C:\Users\gogo\Desktop\HijackThis.exe
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 ____D () C:\Users\gogo\Documents\ProcAlyzer Dumps
2014-06-02 10:46 - 2014-06-05 22:57 - 00020822 _____ () C:\Users\gogo\Desktop\attach.txt
2014-06-02 10:46 - 2014-06-02 10:46 - 00011087 _____ () C:\Users\gogo\Desktop\dds.txt
2014-06-02 10:44 - 2014-06-02 10:44 - 00006894 _____ () C:\Users\gogo\Desktop\hijackthis.log
2014-06-02 00:48 - 2014-06-02 00:48 - 00688992 ____R (Swearware) C:\Users\gogo\Desktop\dds.scr
2014-06-01 22:08 - 2014-06-02 09:08 - 00000000 ____D () C:\Users\gogo\AppData\Roaming\DropboxMaster
2014-05-23 21:37 - 2014-05-23 22:19 - 00000000 ____D () C:\Program Files\Microsoft Home Publishing 2000
2014-05-16 23:49 - 2014-05-16 23:49 - 00000000 ____D () C:\Users\gogo\AppData\Local\Microsoft Help
 
==================== One Month Modified Files and Folders =======
 
2014-06-15 01:46 - 2014-06-15 01:46 - 00024167 _____ () C:\Users\gogo\Desktop\FRST.txt
2014-06-15 01:46 - 2014-06-10 16:49 - 00000000 ____D () C:\FRST
2014-06-15 01:46 - 2014-01-23 19:51 - 00000000 ____D () C:\Users\gogo\AppData\Local\temp
2014-06-15 01:44 - 2013-05-13 19:54 - 00000620 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-06-15 01:44 - 2011-10-31 11:19 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-15 01:44 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-15 01:44 - 2006-11-02 05:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-15 01:44 - 2006-11-02 05:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-15 01:43 - 2009-07-31 10:32 - 02036878 _____ () C:\Windows\WindowsUpdate.log
2014-06-15 01:43 - 2006-11-02 06:01 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-15 01:39 - 2014-06-15 01:39 - 00015595 _____ () C:\Users\gogo\Desktop\RKreport_DEL_06152014_013806.log
2014-06-15 01:34 - 2014-06-13 21:48 - 00000000 ____D () C:\Users\gogo\AppData\Local\CrashDumps
2014-06-15 01:33 - 2014-06-13 21:45 - 00026624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-06-13 22:06 - 2014-06-13 22:06 - 00001278 _____ () C:\Users\gogo\Desktop\AdwCleaner[R1].txt
2014-06-13 21:57 - 2014-01-08 08:51 - 00000000 ____D () C:\AdwCleaner
2014-06-13 21:53 - 2014-06-13 21:53 - 00003779 _____ () C:\Users\gogo\Desktop\RKreport_SCN_06132014_215156.log
2014-06-13 21:45 - 2014-06-13 21:45 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-12 22:44 - 2010-03-08 17:16 - 00000000 ____D () C:\Users\gogo\Downloads\Picasa3
2014-06-12 22:44 - 2009-08-28 00:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-06-12 22:30 - 2009-08-28 18:57 - 00150016 _____ () C:\Users\gogo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-12 22:23 - 2006-11-02 03:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-12 00:00 - 2014-01-10 00:01 - 00000879 _____ () C:\Users\gogo\Desktop\Internet Explorer.lnk
2014-06-11 11:13 - 2014-06-11 11:13 - 01333465 _____ () C:\Users\gogo\Desktop\AdwCleaner.exe
2014-06-11 11:12 - 2014-06-11 11:12 - 04686336 _____ () C:\Users\gogo\Desktop\RogueKiller.exe
2014-06-11 09:31 - 2014-02-01 02:54 - 00000000 ____D () C:\Users\gogo\Documents\Accounts
2014-06-11 09:23 - 2014-04-30 13:25 - 00000000 ____D () C:\Users\gogo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ATLauncher
2014-06-11 09:23 - 2011-12-24 22:50 - 00005496 ___SH () C:\Users\gogo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneNote Table Of Contents.onetoc2
2014-06-11 09:23 - 2011-11-28 17:36 - 00000000 ____D () C:\Users\Kids\Documents\Noelle
2014-06-11 09:11 - 2010-01-30 12:20 - 00000000 ____D () C:\Users\gogo\Documents\Office Depot
2014-06-11 00:55 - 2013-05-13 19:54 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-06-10 22:35 - 2014-01-20 15:47 - 00000000 ____D () C:\Users\gogo\Desktop\Security 2014
2014-06-10 22:34 - 2013-05-07 22:30 - 00000000 ____D () C:\Users\gogo\Documents\NoNo
2014-06-10 22:30 - 2010-04-17 15:53 - 00000000 ____D () C:\Users\gogo\Documents\Geneology Files
2014-06-10 18:01 - 2014-06-10 18:01 - 00000545 _____ () C:\Users\gogo\Desktop\MBR.zip
2014-06-10 17:58 - 2014-06-10 17:58 - 00001856 _____ () C:\Users\gogo\Desktop\aswMBR.txt
2014-06-10 17:58 - 2014-06-10 17:58 - 00000512 _____ () C:\Users\gogo\Desktop\MBR.dat
2014-06-10 16:54 - 2014-06-10 16:49 - 00042406 _____ () C:\Users\gogo\Desktop\Addition.txt
2014-06-10 16:47 - 2014-06-10 16:47 - 00001295 _____ () C:\Users\gogo\Desktop\checkup.txt
2014-06-10 16:39 - 2009-04-20 05:16 - 00000000 ____D () C:\ProgramData\Temp
2014-06-10 16:15 - 2014-06-10 16:15 - 01072640 _____ (Farbar) C:\Users\gogo\Desktop\FRST.exe
2014-06-09 23:48 - 2013-05-13 19:52 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-06-05 22:57 - 2014-06-02 10:46 - 00020822 _____ () C:\Users\gogo\Desktop\attach.txt
2014-06-04 22:45 - 2014-06-04 22:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\gogo\Desktop\HijackThis.exe
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 ____D () C:\Users\gogo\Documents\ProcAlyzer Dumps
2014-06-02 10:46 - 2014-06-02 10:46 - 00011087 _____ () C:\Users\gogo\Desktop\dds.txt
2014-06-02 10:44 - 2014-06-02 10:44 - 00006894 _____ () C:\Users\gogo\Desktop\hijackthis.log
2014-06-02 09:08 - 2014-06-01 22:08 - 00000000 ____D () C:\Users\gogo\AppData\Roaming\DropboxMaster
2014-06-02 09:08 - 2013-01-20 01:40 - 00000000 ___RD () C:\Users\gogo\Dropbox
2014-06-02 09:08 - 2013-01-20 00:46 - 00000000 ____D () C:\Users\gogo\AppData\Roaming\Dropbox
2014-06-02 00:51 - 2013-04-19 09:50 - 00000000 ____D () C:\Users\gogo\Desktop\Security 2013
2014-06-02 00:48 - 2014-06-02 00:48 - 00688992 ____R (Swearware) C:\Users\gogo\Desktop\dds.scr
2014-06-01 22:08 - 2013-01-20 01:40 - 00000950 _____ () C:\Users\gogo\Desktop\Dropbox.lnk
2014-06-01 22:08 - 2013-01-20 00:58 - 00000000 ____D () C:\Users\gogo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-31 14:15 - 2014-01-23 19:51 - 00000000 ____D () C:\Users\Kids\AppData\Local\temp
2014-05-31 13:48 - 2009-04-20 04:11 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-31 13:47 - 2010-07-21 23:47 - 00000000 ____D () C:\ProgramData\Skype
2014-05-31 13:46 - 2010-07-25 17:09 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Skype
2014-05-31 13:46 - 2010-07-21 23:47 - 00000000 ___RD () C:\Program Files\Skype
2014-05-31 09:40 - 2006-11-02 03:23 - 00000203 _____ () C:\Windows\win.ini
2014-05-31 09:39 - 2011-06-17 14:15 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-05-31 08:57 - 2009-08-27 18:08 - 00078192 _____ () C:\Users\Kids\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-30 01:14 - 2013-05-13 19:54 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-29 23:29 - 2009-08-19 14:50 - 00078192 _____ () C:\Users\gogo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-29 20:49 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-05-29 20:48 - 2006-11-02 03:22 - 57933824 _____ () C:\Windows\system32\config\software_previous
2014-05-29 20:48 - 2006-11-02 03:22 - 40108032 _____ () C:\Windows\system32\config\components_previous
2014-05-29 20:48 - 2006-11-02 03:22 - 31719424 _____ () C:\Windows\system32\config\system_previous
2014-05-29 20:48 - 2006-11-02 03:22 - 05242880 _____ () C:\Windows\system32\config\default_previous
2014-05-29 20:48 - 2006-11-02 03:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-05-29 20:48 - 2006-11-02 03:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-05-29 20:44 - 2014-05-06 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-29 20:44 - 2014-04-05 23:55 - 00000000 ____D () C:\Program Files\Steam
2014-05-29 20:44 - 2014-04-05 23:55 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-05-29 20:44 - 2013-10-21 06:13 - 00000000 ____D () C:\ProgramData\Pivot Animator
2014-05-29 20:44 - 2013-10-03 16:17 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-29 20:44 - 2013-05-13 19:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-29 20:44 - 2013-05-13 19:52 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-29 20:44 - 2011-10-31 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-29 20:44 - 2009-08-27 18:07 - 00000000 ____D () C:\Users\Kids
2014-05-29 20:44 - 2009-08-19 14:46 - 00000000 ____D () C:\Users\gogo
2014-05-29 20:44 - 2009-04-20 05:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-05-29 20:44 - 2009-04-20 04:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2014-05-29 20:44 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\system32\spool
2014-05-29 20:43 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\registration
2014-05-28 14:27 - 2014-04-07 13:21 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-23 22:19 - 2014-05-23 21:37 - 00000000 ____D () C:\Program Files\Microsoft Home Publishing 2000
2014-05-23 22:00 - 2014-01-06 08:52 - 00000000 ____D () C:\Users\gogo\Documents\Gabriel
2014-05-23 21:38 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Help
2014-05-23 21:38 - 2006-11-02 04:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-05-19 16:29 - 2014-04-30 14:21 - 00000000 ____D () C:\Users\Kids\Desktop\ATL
2014-05-16 23:50 - 2009-04-20 05:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 23:49 - 2014-05-16 23:49 - 00000000 ____D () C:\Users\gogo\AppData\Local\Microsoft Help
 
Files to move or delete:
====================
C:\Users\gogo\jagex_runescape_preferences.dat
C:\Users\gogo\jagex_runescape_preferences2.dat
 
 
Some content of TEMP:
====================
C:\Users\gogo\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyjy7so.dll
C:\Users\gogo\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-14 22:48
 
==================== End Of Log ============================
 

    Advertisements

Register to Remove


#11 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 16 June 2014 - 01:04 AM

Hi- ok so the computer seems to be running ok.
I was on Chrome and It worked fine with no shutdowns. IE ran fine when i ran with no Add-ons. But when I started it normally, the main page (www.msn.com/?ocid=EIE9HP+PC=UP50)
Would not load at all. I opened wither tab to search on Bing and it loaded quickly. I searched and the search results loaded quickly. Then a box on the bottom of page said bing.com is not responding with an option to 'recover webpage', I clicked it, it reloaded, froze, and the whe process would repeat. I tried another site with the same results.
My son went on one of his games (Roblox) which runs on Chrome and played for awhile. It worked fine with no shutdowns like it was doing before(Chrome would shut down his game).
I'll wait for your next instructions.
Goodnight,
NoNo

#12 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 16 June 2014 - 08:46 AM

Hi NoNo,

bullseye_zpse9eaf36e.gif Reset Homepage in Internet ExplorerReset homepage.

Open Internet Explorer >Tools >Internet Option >General.

InternetExplorerResetHomepage_zpsf28d672

You have two options:
  • One is to set homepage as a blank page.
  • The other is to set a certain website as the homepage. ( www.msn.com )
  • Then click OK to save the change.
=========================

bullseye_zpse9eaf36e.gif Clear Browser Cache in IE9
  • Close all Internet Explorer and Windows Explorer windows that are currently open.
  • Open Internet Explorer.
  • Click the Tools button ietoolsbutton.jpg, and then expand theSafety menu, then select Delete browsing history.
  • Select the check box next to each of the following categories.
    • Temporary Internet files and website files
    • History
  • Click Delete
=========================

bullseye_zpse9eaf36e.gif Reboot and test

=========================

If that did not resolve the issue, please continue.

=========================

bullseye_zpse9eaf36e.gif Manage Add-Ons in Internet Explorer
  • Locate the ietoolsbutton.jpg in the upper right hand corner of the Internet Explorer browser window.
  • Left click, then choose Manage add-ons > Toolbars and Extensions
  • Disable all add-ons.Close and reboot again.
=========================

Test Internet Explorer with No add-ons running. If everything runs smoothly, enable the add-ons one at a time to try and isolate the one causing the issue.

=========================

Report back with your findings.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#13 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 16 June 2014 - 08:37 PM

Hi- Ok I did the above and the problem is Shockwave Flash Object 11.7.700.169. Ive left them all disabled for now. Which ones should I have enabled, including Microsoft add-ons. We can cover that later if u want to, 

-NoNo



#14 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 16 June 2014 - 09:07 PM

Hi NoNo,
 

the problem is Shockwave Flash Object 11.7.700.169. Ive left them all disabled for now. Which ones should I have enabled, including Microsoft add-ons.


It's your choice which add-ons you re-enable.

=========================

In your original post you stated Windows Updates was not working. Please check and see if you are able to get the current updates available.

bullseye_zpse9eaf36e.gif Windows Update
  • Open Windows Update by clicking the Start button start.jpg. In the search box, type Update, and then, in the list of results, click Windows Update.
  • In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your computer.
  • If you see a message telling you that important updates are available, or telling you to review important updates, click the message to view and select the important updates to install.
  • Click Install updates.
  • Read and accept the license terms, and then click Finish if the update requires it. adminshield.jpg Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
=========================

How is the computer running?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#15 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 17 June 2014 - 01:03 AM

 Hi -  I checked for updates, after about 5 sec a message pops up saying . "Windows can't update important files and services while windows is using them. Save any open files and restart the computer, and then try to check for new updates".There is an option to restart computer. After rebooting the whole thing repeats.


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users