17:08:14.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:08:14.468 Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OCA0G Size: 305245MB BusType: 3
17:08:14.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294058 MB offset 2048
17:08:14.640 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11183 MB offset 602232832
17:09:06.011 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
17:09:06.026 3 CLASSPNP.SYS[832068b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x866acb98]
17:58:27.889 Disk 0 MBR has been saved successfully to "C:\Users\gogo\Desktop\MBR.dat"
17:58:27.889 The log file has been saved successfully to "C:\Users\gogo\Desktop\aswMBR.txt"
-------------------------------------------------------------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-06-2014
Ran by gogo (administrator) on GOGO on 10-06-2014 16:49:07
Running from C:\Users\gogo\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Program Files\SMINST\BLService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation)
HKU\S-1-5-21-90010376-98873278-4205430638-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-90010376-98873278-4205430638-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk.disabled -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
GroupPolicyUsers\S-1-5-21-90010376-98873278-4205430638-1001\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: SDHelper - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 37 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.10.1.5 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,"");: user_pref("browser.search.order.1,"");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Users\gogo\Downloads\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @unity3d.com/UnityPlayer - C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Program Files\Roblox\Versions\version-bce30591d031432c\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\gogo\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\CONFLICT.1\npsoe.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\gogo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: No Name - C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2013-06-22]
FF Extension: ColorfulTabs - C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(235) [2013-07-30]
FF Extension: YouTube™ Anywhere Player - C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\Extensions\{c9d31470-81c6-4e3e-9a37-46eb9237ed3a} [2013-06-20]
FF Extension: Feedback - C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\Extensions\testpilot@labs.mozilla.com.xpi [2013-05-13]
FF Extension: Adblock Plus - C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
Chrome:
=======
CHR HomePage: hxxp://bing.com/
CHR StartupUrls: "hxxp://www.bing.com/", "hxxp://www.my.msn.com/"
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultNewTabURL:
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Roblox Launcher Plugin) - C:\Program Files\Roblox\Versions\version-bce30591d031432c\\NPRobloxProxy.dll ( ROBLOX Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\gogo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (SOE Web Installer) - C:\Users\gogo\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\CONFLICT.1\npsoe.dll ()
CHR Plugin: (Picasa) - C:\Users\gogo\Downloads\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-03-31]
CHR Extension: (Google Docs) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-11]
CHR Extension: (Google Drive) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-11]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2014-04-15]
CHR Extension: (Hidden Object Games from Big Fish Games) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimlkohpcpfkjdpcflnekhaecfhmcmnc [2014-03-31]
CHR Extension: (Google Search) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-11]
CHR Extension: (Find your way to Oz) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmbnhmcbgnenhcjpmgfhneiiamfijel [2014-03-31]
CHR Extension: (Rush Team) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecdnoeebfjlplfkljdedokbcmebojbpb [2014-03-31]
CHR Extension: (Mahjongg) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop [2014-03-31]
CHR Extension: (Causality Games) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2014-03-31]
CHR Extension: (Songza) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikbbcifofebbnlfffhdlolcgjnleofo [2014-03-30]
CHR Extension: (Planetarium) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2014-03-31]
CHR Extension: (Cargo Bridge: Armor Games Edition) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj [2014-03-31]
CHR Extension: (iPiccy Photo Editor) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2014-03-31]
CHR Extension: (Legend Of The Golden Mask) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\janlcfemglecoedjapgofmobnokdpaan [2014-05-07]
CHR Extension: (Roomstyler 3D planner) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi [2014-03-31]
CHR Extension: (City Sights - Hello Seattle!) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jihilfhlglomedabonpgmihgbicgpilk [2014-03-31]
CHR Extension: (Autodesk Homestyler) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2014-03-31]
CHR Extension: (Cargo Bridge) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn [2014-03-31]
CHR Extension: (Meme Generator) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcohkjejibbohjcejckhdnkfceagebc [2014-03-31]
CHR Extension: (Quick Earth) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\khodocggeplgfhppgagfdpbjkniadmdh [2014-03-31]
CHR Extension: (CanvasDraw) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfimpamngmggpbamfoomdpebdoleghe [2014-03-31]
CHR Extension: (Little Alchemy) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-03-31]
CHR Extension: (Build with Chrome) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2014-03-31]
CHR Extension: (Planner 5D) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2014-03-31]
CHR Extension: (3D Solar System Web) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaaepplopehigjgkolniddiadbbkphd [2014-03-31]
CHR Extension: (Google Play Books) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-03-31]
CHR Extension: (ROBLOX Outfit Saver Extension) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpaohnjlgfabcooefhihmafmdcbliakf [2014-03-31]
CHR Extension: (Anatronica - 3D Interactive Anatomy) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nalpooddpdnhjicpjgnhaihnnfnmbpee [2014-03-31]
CHR Extension: (Cargo Bridge: Xmas level pack) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdcclndkdgngndhjfccoabooegcgamk [2014-03-31]
CHR Extension: (BeGone) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfpieflbjbdpgklkeolbmbdkfdiicfk [2014-03-31]
CHR Extension: (Google Wallet) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR Extension: (First Person Pacman) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\npalfjppngmabdkpnlbibhmahbbkgobm [2014-03-30]
CHR Extension: (Origami Player) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiomepakkenneiifjocbinkmmampfbdn [2014-03-31]
CHR Extension: (ArcadeFrontier) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl [2014-05-25]
CHR Extension: (Bullet Physics NaCl Test) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgehkhceingafmkkmbeoempaablkkeal [2014-03-31]
CHR Extension: (Psykopaint) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2014-03-31]
CHR Extension: (Mysteriez!) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\phhpkfchfjfeicikkkajdojpjkapdpnd [2014-03-31]
CHR Extension: (Gmail) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-11]
CHR Extension: (Anatomicus - Human Anatomy Atlas) - C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkgfngehhjplndcgejapgknnjpdgfpag [2014-03-31]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
S4 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S4 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [513408 2011-03-17] (SEIKO EPSON CORPORATION)
S2 gupdate1ce11e97cd4f97c; C:\Program Files\Google\Update\GoogleUpdate.exe [136176 2011-10-31] (Google Inc.)
S3 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-08-12] (Microsoft Corporation)
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
S4 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S4 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [X]
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2013-05-01] (AVAST Software)
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [20624 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [49760 2013-05-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2013-05-01] ()
S1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [765736 2013-05-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [368944 2013-05-01] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2013-05-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [174664 2013-05-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-05-05] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 SRS_AE_Service; C:\Windows\System32\drivers\SRS_AE_i386.sys [404256 2011-08-01] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-05-05] (Avira GmbH)
S3 ssrangdr; C:\Windows\System32\DRIVERS\ssrangdr.sys [2560 2009-07-13] (SupportSoft Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-20] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\gogo\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U2 TMAgent;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-10 16:49 - 2014-06-10 16:49 - 00024300 _____ () C:\Users\gogo\Desktop\FRST.txt
2014-06-10 16:49 - 2014-06-10 16:49 - 00000000 ____D () C:\FRST
2014-06-10 16:47 - 2014-06-10 16:47 - 00001295 _____ () C:\Users\gogo\Desktop\checkup.txt
2014-06-10 16:15 - 2014-06-10 16:15 - 01072640 _____ (Farbar) C:\Users\gogo\Desktop\FRST.exe
2014-06-04 22:44 - 2014-06-04 22:45 - 00388608 _____ (Trend Micro Inc.) C:\Users\gogo\Desktop\HijackThis.exe
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 ____D () C:\Users\gogo\Documents\ProcAlyzer Dumps
2014-06-02 10:46 - 2014-06-05 22:57 - 00020822 _____ () C:\Users\gogo\Desktop\attach.txt
2014-06-02 10:46 - 2014-06-02 10:46 - 00011087 _____ () C:\Users\gogo\Desktop\dds.txt
2014-06-02 10:44 - 2014-06-02 10:44 - 00006894 _____ () C:\Users\gogo\Desktop\hijackthis.log
2014-06-02 00:48 - 2014-06-02 00:48 - 00688992 ____R (Swearware) C:\Users\gogo\Desktop\dds.scr
2014-06-01 22:08 - 2014-06-02 09:08 - 00000000 ____D () C:\Users\gogo\AppData\Roaming\DropboxMaster
2014-05-23 21:37 - 2014-05-23 22:19 - 00000000 ____D () C:\Program Files\Microsoft Home Publishing 2000
2014-05-16 23:49 - 2014-05-16 23:49 - 00000000 ____D () C:\Users\gogo\AppData\Local\Microsoft Help
==================== One Month Modified Files and Folders =======
2014-06-10 16:49 - 2014-06-10 16:49 - 00024300 _____ () C:\Users\gogo\Desktop\FRST.txt
2014-06-10 16:49 - 2014-06-10 16:49 - 00000000 ____D () C:\FRST
2014-06-10 16:49 - 2014-01-23 19:51 - 00000000 ____D () C:\Users\gogo\AppData\Local\temp
2014-06-10 16:47 - 2014-06-10 16:47 - 00001295 _____ () C:\Users\gogo\Desktop\checkup.txt
2014-06-10 16:39 - 2009-04-20 05:16 - 00000000 ____D () C:\ProgramData\Temp
2014-06-10 16:37 - 2009-07-31 10:32 - 01936393 _____ () C:\Windows\WindowsUpdate.log
2014-06-10 16:15 - 2014-06-10 16:15 - 01072640 _____ (Farbar) C:\Users\gogo\Desktop\FRST.exe
2014-06-10 16:11 - 2014-01-20 15:47 - 00000000 ____D () C:\Users\gogo\Desktop\Security 2014
2014-06-10 13:09 - 2013-05-13 19:54 - 00000620 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-06-10 13:09 - 2011-10-31 11:19 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-10 13:09 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-10 13:09 - 2006-11-02 05:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 13:09 - 2006-11-02 05:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 00:37 - 2006-11-02 06:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-09 23:48 - 2013-05-13 19:52 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-06-05 22:57 - 2014-06-02 10:46 - 00020822 _____ () C:\Users\gogo\Desktop\attach.txt
2014-06-04 22:45 - 2014-06-04 22:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\gogo\Desktop\HijackThis.exe
2014-06-04 22:14 - 2014-06-04 22:14 - 00000000 ____D () C:\Users\gogo\Documents\ProcAlyzer Dumps
2014-06-04 01:27 - 2013-05-13 19:54 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-06-03 00:36 - 2013-05-07 22:30 - 00000000 ____D () C:\Users\gogo\Documents\NoNo
2014-06-02 10:46 - 2014-06-02 10:46 - 00011087 _____ () C:\Users\gogo\Desktop\dds.txt
2014-06-02 10:44 - 2014-06-02 10:44 - 00006894 _____ () C:\Users\gogo\Desktop\hijackthis.log
2014-06-02 09:08 - 2014-06-01 22:08 - 00000000 ____D () C:\Users\gogo\AppData\Roaming\DropboxMaster
2014-06-02 09:08 - 2013-01-20 01:40 - 00000000 ___RD () C:\Users\gogo\Dropbox
2014-06-02 09:08 - 2013-01-20 00:46 - 00000000 ____D () C:\Users\gogo\AppData\Roaming\Dropbox
2014-06-02 00:51 - 2013-04-19 09:50 - 00000000 ____D () C:\Users\gogo\Desktop\Security 2013
2014-06-02 00:48 - 2014-06-02 00:48 - 00688992 ____R (Swearware) C:\Users\gogo\Desktop\dds.scr
2014-06-01 22:16 - 2009-08-28 18:57 - 00146944 _____ () C:\Users\gogo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-01 22:08 - 2013-01-20 01:40 - 00000950 _____ () C:\Users\gogo\Desktop\Dropbox.lnk
2014-06-01 22:08 - 2013-01-20 00:58 - 00000000 ____D () C:\Users\gogo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-31 14:15 - 2014-01-23 19:51 - 00000000 ____D () C:\Users\Kids\AppData\Local\temp
2014-05-31 13:48 - 2009-04-20 04:11 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-31 13:47 - 2010-07-21 23:47 - 00000000 ____D () C:\ProgramData\Skype
2014-05-31 13:46 - 2010-07-25 17:09 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Skype
2014-05-31 13:46 - 2010-07-21 23:47 - 00000000 ___RD () C:\Program Files\Skype
2014-05-31 09:40 - 2006-11-02 03:23 - 00000203 _____ () C:\Windows\win.ini
2014-05-31 09:39 - 2011-06-17 14:15 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-05-31 08:57 - 2009-08-27 18:08 - 00078192 _____ () C:\Users\Kids\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-30 01:14 - 2013-05-13 19:54 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-29 23:29 - 2009-08-19 14:50 - 00078192 _____ () C:\Users\gogo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-29 20:49 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-05-29 20:48 - 2006-11-02 03:22 - 57933824 _____ () C:\Windows\system32\config\software_previous
2014-05-29 20:48 - 2006-11-02 03:22 - 40108032 _____ () C:\Windows\system32\config\components_previous
2014-05-29 20:48 - 2006-11-02 03:22 - 31719424 _____ () C:\Windows\system32\config\system_previous
2014-05-29 20:48 - 2006-11-02 03:22 - 05242880 _____ () C:\Windows\system32\config\default_previous
2014-05-29 20:48 - 2006-11-02 03:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-05-29 20:48 - 2006-11-02 03:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-05-29 20:44 - 2014-05-06 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-29 20:44 - 2014-04-05 23:55 - 00000000 ____D () C:\Program Files\Steam
2014-05-29 20:44 - 2014-04-05 23:55 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-05-29 20:44 - 2013-10-21 06:13 - 00000000 ____D () C:\ProgramData\Pivot Animator
2014-05-29 20:44 - 2013-10-03 16:17 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-29 20:44 - 2013-05-13 19:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-29 20:44 - 2013-05-13 19:52 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-29 20:44 - 2011-10-31 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-29 20:44 - 2009-08-27 18:07 - 00000000 ____D () C:\Users\Kids
2014-05-29 20:44 - 2009-08-19 14:46 - 00000000 ____D () C:\Users\gogo
2014-05-29 20:44 - 2009-04-20 05:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-05-29 20:44 - 2009-04-20 04:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2014-05-29 20:44 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\system32\spool
2014-05-29 20:43 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\registration
2014-05-28 14:27 - 2014-04-07 13:21 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-23 22:19 - 2014-05-23 21:37 - 00000000 ____D () C:\Program Files\Microsoft Home Publishing 2000
2014-05-23 22:00 - 2014-01-06 08:52 - 00000000 ____D () C:\Users\gogo\Documents\Gabriel
2014-05-23 21:38 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Help
2014-05-23 21:38 - 2006-11-02 04:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-05-19 16:29 - 2014-04-30 14:21 - 00000000 ____D () C:\Users\Kids\Desktop\ATL
2014-05-16 23:50 - 2009-04-20 05:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 23:49 - 2014-05-16 23:49 - 00000000 ____D () C:\Users\gogo\AppData\Local\Microsoft Help
2014-05-11 18:38 - 2013-02-02 01:40 - 00000000 ____D () C:\Users\Kids\PSP
Files to move or delete:
====================
C:\Users\gogo\jagex_runescape_preferences.dat
C:\Users\gogo\jagex_runescape_preferences2.dat
Some content of TEMP:
====================
C:\Users\gogo\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyjy7so.dll
C:\Users\gogo\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-10 13:15
==================== End Of Log ============================
----------------------------------------------------------------------------------------------------------------
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-06-2014
Ran by gogo at 2014-06-10 16:49:47
Running from C:\Users\gogo\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 1.1.18.0 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.168 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 7.7 - Atheros)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.4.2.0 - Auslogics Labs Pty Ltd)
Bandizip (HKCU\...\Bandizip) (Version: 3.09 - Bandisoft.com)
Bing Bar (HKLM\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.4.12263.1 - Cisco Consumer Products LLC)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.1.0 - Conexant)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2203 - CyberLink Corp.)
CyberLink DVD Suite (Version: 6.0.2203 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 3 (HKLM\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3618 - CyberLink Corp.)
CyberLink PhotoDirector 3 (Version: 3.0.3618 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2328 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.2328 - CyberLink Corp.) Hidden
DFX (HKLM\...\DFX) (Version: 10.137.0.0 - Power Technology)
Don't Starve (HKLM\...\Steam App 219740) (Version: - Klei Entertainment)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
EPSON Artisan 730 Series Printer Uninstall (HKLM\...\EPSON Artisan 730 Series) (Version: - SEIKO EPSON Corporation)
Epson Connect (HKLM\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.05.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version: - )
FUJIFILM MyFinePix Studio 2.0 (HKLM\...\FinePix Genie_is1) (Version: - )
Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios)
Goat Simulator (HKLM\...\Steam App 265930) (Version: - Coffee Stain Studios)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Drive (HKLM\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version: - )
HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.5723 - Hewlett-Packard)
HP Help and Support (HKLM\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.3.0 - Hewlett-Packard Company)
HP Quick Launch Buttons 6.40 H2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard)
HP Total Care Advisor (HKLM\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.4941.2798 - Hewlett-Packard)
HP Total Care Setup (HKLM\...\{38058455-8C21-4C2F-B2F6-14ED166039CB}) (Version: 1.1.1983.2818 - Hewlett-Packard Company)
HP Update (HKLM\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)
HP User Guides 0118 (HKLM\...\{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.0.7 - Hewlett-Packard) Hidden
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
Instant Housecall Remote Support (HKLM\...\Instant Housecall) (Version: - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
iTunes (HKLM\...\{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}) (Version: 9.0.2.25 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0926 - CyberLink Corp.)
LabelPrint (Version: 2.5.0926 - CyberLink Corp.) Hidden
LightScribe System Software 1.14.17.1 (HKLM\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
LTCM Client (HKLM\...\LTCM Client) (Version: - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC (Version: 4.5.50861 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.3.0219.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.219.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Origin (HKLM\...\Origin) (Version: 8.3.7.3619 - Electronic Arts, Inc.)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pirate101 (HKLM\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Pivot Animator version 4.1.10 (HKLM\...\Pivot Animator_is1) (Version: 4.1.10 - Motus Software Ltd)
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2202 - CyberLink Corp.)
Power2Go (Version: 6.0.2202 - CyberLink Corp.) Hidden
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2201 - CyberLink Corp.)
PowerDirector (Version: 7.0.2201 - CyberLink Corp.) Hidden
Primo (Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RAF (HKLM\...\{E6B43401-E818-4961-AFED-118DD8E87642}) (Version: 1.00.0001 - FUJIFILM Corporation)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
ROBLOX Player (HKLM\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio 2013 (HKLM\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Starbound (HKLM\...\Steam App 211820) (Version: - )
Steam (HKLM\...\Steam) (Version: - Valve Corporation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.18 - Tweaking.com)
Unity Web Player (HKLM\...\UnityWebPlayer) (Version: 2.5.1f5_24931 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2836940) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live OneCare safety scanner (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Wizard101 (HKLM\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
==================== Restore Points =========================
23-05-2014 22:47:58 Windows Update
24-05-2014 04:34:09 Installed Microsoft Home Publishing 2000
24-05-2014 06:03:17 Removed Java 7 Update 55
24-05-2014 18:23:02 Scheduled Checkpoint
25-05-2014 07:00:14 Scheduled Checkpoint
26-05-2014 02:08:57 Scheduled Checkpoint
27-05-2014 00:49:27 Windows Update
28-05-2014 00:16:53 Scheduled Checkpoint
28-05-2014 16:47:52 Scheduled Checkpoint
29-05-2014 07:00:07 Scheduled Checkpoint
30-05-2014 03:37:08 Restore Operation
30-05-2014 07:11:16 Windows Update
31-05-2014 05:08:33 Scheduled Checkpoint
31-05-2014 20:46:05 Removed Skype™ 5.10
31-05-2014 20:48:10 Removed The Sims 3
02-06-2014 05:27:33 Scheduled Checkpoint
03-06-2014 05:25:16 Scheduled Checkpoint
03-06-2014 05:34:46 Windows Update
04-06-2014 02:59:56 Scheduled Checkpoint
05-06-2014 03:58:46 Scheduled Checkpoint
06-06-2014 05:01:50 Scheduled Checkpoint
07-06-2014 05:07:34 Windows Update
07-06-2014 19:18:55 Scheduled Checkpoint
08-06-2014 23:54:06 Scheduled Checkpoint
09-06-2014 21:21:07 Scheduled Checkpoint
10-06-2014 20:41:44 Scheduled Checkpoint
10-06-2014 23:00:03 Windows Update
==================== Hosts content: ==========================
2006-11-02 03:23 - 2014-04-16 01:08 - 00449906 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {0990F3C9-C12F-4225-8A4E-2FA726BF1259} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {0D45B17E-3939-4126-9273-95C41DD3E7CF} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {176B70BC-F8C2-4E88-BEBA-2AA3056A0B97} - System32\Tasks\HPCeeScheduleForKids => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {24455800-B29E-44FB-A6AF-F87CE78DD7BC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-90010376-98873278-4205430638-1000UA => C:\Users\gogo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {384912DF-AAE1-47D0-8F07-6995AF9B14F6} - System32\Tasks\{73C66FC9-E3CE-4661-9DB8-C78E1EF8337B} => C:\Program Files\Skype\Phone\Skype.exe
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {50155478-1807-40AC-BCB8-111A524C1489} - System32\Tasks\Microsoft\Windows\RestartManager\{0FE6708B-B25F-4093-A506-2493531C679D} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {5CF98E48-AE84-4D56-B92A-083F14F7CF58} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {5E58B69B-DB70-4D30-A63D-3E570D197FE7} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Daisy => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-10] (Microsoft Corporation)
Task: {65D462A7-C925-4A93-B7CC-649E14787B51} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7A70FABD-76D4-4F20-8997-0E33742D73BC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {A61A20C2-0B08-4205-9672-B0296FF919F7} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {AD808393-9B14-433D-8AF7-139331640C88} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-90010376-98873278-4205430638-1000Core => C:\Users\gogo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {AF85EB61-8126-4A96-A81B-E2B57DCEB0AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-30] (Adobe Systems Incorporated)
Task: {C2EDF72F-2EBC-4F15-9BD4-D558A6DB1396} - System32\Tasks\FileCure Default => C:\Program Files\ParetoLogic\FileCure\FileCure.exe
Task: {C9AA6220-D059-48E1-A322-4596DF3CABDF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-31] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {EAB1E20C-69E1-43C6-B9F1-2AB8231FA0F2} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {FC405E91-4863-4ADE-9B53-B3D791FFC9AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-31] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKids.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
==================== Loaded Modules (whitelisted) =============
2009-04-20 05:31 - 2008-10-06 09:54 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe
2009-04-20 05:31 - 2008-10-06 09:54 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll
2013-05-13 19:54 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-05-13 19:54 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-05-13 19:54 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-05-13 19:54 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-05-13 19:54 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:7757A6D4
AlternateDataStreams: C:\ProgramData\Temp:AA6C7C38
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BBSvc => 2
MSCONFIG\Services: EpsonCustomerParticipation => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DFX.lnk => C:\Windows\pss\DFX.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^gogo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^gogo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPAdvisor => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
MSCONFIG\startupreg: hpWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: LTCM Client => C:\Program Files\LTCM Client\ltcmClient.exe /startup
MSCONFIG\startupreg: QPService => "C:\Program Files\HP\QuickPlay\QPService.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDIRShortCut => "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/08/2014 07:20:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x03cf0fef,
process id 0xd54, application start time 0xExplorer.EXE0.
Error: (06/04/2014 10:32:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDTools.exe version 2.0.12.150 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 148c
Start Time: 01cf807ce70f3fbd
Termination Time: 9
Error: (06/02/2014 11:06:46 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (06/02/2014 11:06:46 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4
Error: (05/31/2014 02:07:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16502 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1160
Start Time: 01cf7d142de74a36
Termination Time: 16
Error: (05/31/2014 02:06:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16502 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: c88
Start Time: 01cf7d12d16aac86
Termination Time: 16
Error: (05/31/2014 09:46:42 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\KIDS\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZLQ0FZ3Q\ASSET[1]> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (05/31/2014 09:45:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 35.0.1916.114, time stamp 0x53726019, faulting module chrome.dll, version 35.0.1916.114, time stamp 0x53725d18, exception code 0x80000003, fault offset 0x004761eb,
process id 0x1080, application start time 0xchrome.exe0.
Error: (05/31/2014 09:39:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 35.0.1916.114, time stamp 0x53726019, faulting module chrome.dll, version 35.0.1916.114, time stamp 0x53725d18, exception code 0xc0000005, fault offset 0x00728bc8,
process id 0x113c, application start time 0xchrome.exe0.
Error: (05/31/2014 09:39:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 35.0.1916.114, time stamp 0x53726019, faulting module chrome.dll, version 35.0.1916.114, time stamp 0x53725d18, exception code 0x80000003, fault offset 0x004761eb,
process id 0x113c, application start time 0xchrome.exe0.
System errors:
=============
Error: (06/10/2014 01:19:29 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.175.1689.0
Update Source: %NT AUTHORITY59
Update Stage: 4.3.0219.00
Source Path: 4.3.0219.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (06/10/2014 01:10:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (06/10/2014 01:10:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
Error: (06/10/2014 01:09:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: aswSnx
Error: (06/10/2014 01:09:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Internet Connection Sharing (ICS)Remote Access Connection Manager%%1058
Error: (06/10/2014 01:09:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/10/2014 01:09:15 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: 2147549183
Error: (06/09/2014 10:24:46 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000stisvc
Error: (06/09/2014 08:38:47 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.175.1689.0
Update Source: %NT AUTHORITY59
Update Stage: 4.3.0219.00
Source Path: 4.3.0219.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (06/09/2014 01:50:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-03-30 02:58:26.284
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-03-30 02:58:25.968
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-03-04 02:21:24.985
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-03-04 02:21:24.746
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-03-04 02:19:45.851
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-03-04 02:19:45.619
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-03-04 02:19:25.528
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-03-04 02:19:25.299
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-03-04 02:15:07.336
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-03-04 02:15:07.111
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\DFX\Universal\Dlls\dfxForWmp.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 48%
Total physical RAM: 3002.45 MB
Available physical RAM: 1534.05 MB
Total Pagefile: 6233.14 MB
Available Pagefile: 5133.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.42 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:287.17 GB) (Free:144.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.92 GB) (Free:1.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 33957100)
Partition 1: (Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
==================== End Of Log ============================
--------------------------------------------------------------------------------------------------------------------