Inactive Chris Toft

[Chris Toft]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-04-2015 02
Ran by youth (administrator) on YOUTH-PC on 23-04-2015 20:25:58
Running from C:\Users\youth\Desktop
Loaded Profiles: youth (Available profiles: youth)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
() C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Akamai Technologies, Inc.) C:\Users\youth\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(My Weather) C:\Program Files\desktop weather\desktopweather_2456554.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Akamai Technologies, Inc.) C:\Users\youth\AppData\Local\Akamai\netsession_win.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\klwtblfs.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-04-06] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3873648 2010-01-15] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2010-09-18] (Dell Inc.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM\...\Run: [QuickFinder Scheduler] => c:\Program Files\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE [136600 2010-03-11] (Corel Corporation)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [ROC_ROC_JULY_P1] => "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-10-15] (Kaspersky Lab ZAO)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKU\S-1-5-21-3619502975-363000331-2560232528-1000\...\Run: [Akamai NetSession Interface] => C:\Users\youth\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3619502975-363000331-2560232528-1000\...\MountPoints2: D - D:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3619502975-363000331-2560232528-1000\...\MountPoints2: {04730691-1e15-11e3-8602-f04da29296b5} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-3619502975-363000331-2560232528-1000\...\MountPoints2: {04f2721b-ed7e-11e2-a448-f04da29296b5} - D:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-3619502975-363000331-2560232528-1000\...\MountPoints2: {403ca24a-7e90-11e3-b80f-f04da29296b5} - D:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3619502975-363000331-2560232528-1000\...\MountPoints2: {d42b1ffd-e63d-11e0-9820-f04da29296b5} - F:\setup.exe -a
HKU\S-1-5-21-3619502975-363000331-2560232528-1000\...\MountPoints2: {f86e359d-c5d5-11e0-aca1-f04da29296b5} - E:\TL-Bootstrap.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-12-16] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-01-16]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\youth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop weather.lnk [2010-10-27]
ShortcutTarget: desktop weather.lnk -> C:\Program Files\desktop weather\desktopweather_2456554.exe (My Weather)
Startup: C:\Users\youth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2010-10-07]
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll [2015-01-09] (Kaspersky Lab ZAO)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3619502975-363000331-2560232528-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-3619502975-363000331-2560232528-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {74CDA376-141C-4F67-BF78-DA975E80060B} URL = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2418376
SearchScopes: HKU\S-1-5-21-3619502975-363000331-2560232528-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?c...pn_sauid=7BAD692D-4531-48D4-8148-EC3F7F7CB094
SearchScopes: HKU\S-1-5-21-3619502975-363000331-2560232528-1000 -> {36D9B682-5384-4EE5-A74C-F8EA40FE0C7F} URL = http://www.mysearchresults.com/search?&c=2641&t=03&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3619502975-363000331-2560232528-1000 -> {4C6B7B63-B86D-4D2C-B0DC-122A75C0899A} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3619502975-363000331-2560232528-1000 -> {4CA07D0E-AFFF-4231-AE51-62BF09AD55AC} URL = http://search.yahoo.com/search?p={s...e=W3i_DS,136,0_0,Search,20121041,17841,0,18,0
SearchScopes: HKU\S-1-5-21-3619502975-363000331-2560232528-1000 -> {6819D6AA-2614-4228-BBA4-84182B7A981D} URL = http://search.avg.com/route/?d=4cb3...e&q={searchTerms}&lng={language}&iy=&ychte=us
SearchScopes: HKU\S-1-5-21-3619502975-363000331-2560232528-1000 -> {74CDA376-141C-4F67-BF78-DA975E80060B} URL =
SearchScopes: HKU\S-1-5-21-3619502975-363000331-2560232528-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid=...2056f47c9bf&lang=en&ds=AVG&pr=pr&d=2012-07-29 21:38:38&v=12.2.5.32&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3619502975-363000331-2560232528-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2418376
SearchScopes: HKU\S-1-5-21-3619502975-363000331-2560232528-1000 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80677&lng=en
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO: GetDislike.BHO -> {2c28e48b-1d93-3aa7-8b5f-82576c04a7bb} -> C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2015-01-09] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-01-09] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [2015-01-09] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [2015-01-09] (Kaspersky Lab ZAO)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-3619502975-363000331-2560232528-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-3619502975-363000331-2560232528-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-3619502975-363000331-2560232528-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3619502975-363000331-2560232528-1000 -> No Name - {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File
Toolbar: HKU\S-1-5-21-3619502975-363000331-2560232528-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-07-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 208.67.222.222

FireFox:
========
FF ProfilePath: C:\Users\youth\AppData\Roaming\Mozilla\Firefox\Profiles\wygetq8q.default
FF DefaultSearchEngine: Yahoo US
FF SelectedSearchEngine: Yahoo US
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-07-14] ()
FF Plugin: @funwebproducts.com/Plugin -> C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-18] (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\youth\AppData\Roaming\Mozilla\Firefox\Profiles\wygetq8q.default\user.js [2014-11-30]
FF SearchPlugin: C:\Users\youth\AppData\Roaming\Mozilla\Firefox\Profiles\wygetq8q.default\searchplugins\inbox-search.xml [2012-04-30]
FF SearchPlugin: C:\Users\youth\AppData\Roaming\Mozilla\Firefox\Profiles\wygetq8q.default\searchplugins\mywebsearch.xml [2011-05-30]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012-09-03]
FF Extension: Plus-HD-1.2 C - C:\Users\youth\AppData\Roaming\Mozilla\Firefox\Profiles\wygetq8q.default\Extensions\dad2ada441be422fac3577@d1e84d4570e6419885b2032.com [2015-03-03]
FF Extension: Default Manager - C:\Users\youth\AppData\Roaming\Mozilla\Firefox\Profiles\wygetq8q.default\Extensions\DefaultManager@Microsoft [2013-08-19]
FF Extension: WordExtra - C:\Users\youth\AppData\Roaming\Mozilla\Firefox\Profiles\wygetq8q.default\Extensions\korey@markus.me [2013-12-23]
FF Extension: Search Tool - C:\Users\youth\AppData\Roaming\Mozilla\Firefox\Profiles\wygetq8q.default\Extensions\{de1be284-67f6-4b2b-90e0-b38fb4af2ae1}.xpi [2015-01-29]
FF Extension: Mozilla Framework Assistant - C:\Users\youth\AppData\Roaming\Mozilla\Firefox\Profiles\wygetq8q.default\Extensions\{e98387f8-e232-4874-9e07-be2d46eddcd5}.xpi [2013-02-22]
FF Extension: GetDislike.com - C:\Program Files\Mozilla Firefox\extensions\{6c4b3bf5-26fe-4373-8571-4e39446b7fd0} [2011-07-19]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-01-20]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-01-16]
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2013-04-27]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2013-04-27]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2013-04-27]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2013-04-27]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2013-04-27]
FF HKU\S-1-5-21-3619502975-363000331-2560232528-1000\...\Firefox\Extensions: [{6c4b3bf5-26fe-4373-8571-4e39446b7fd0}] - C:\Program Files\getdislike\getdislike
FF HKU\S-1-5-21-3619502975-363000331-2560232528-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2011-07-14]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Online Storage plug-in) - C:\Users\youth\AppData\Roaming\Mozilla\plugins\npoff.dll No File
CHR Plugin: (Workspace Webmail plug-in 1.0.21.46) - C:\Users\youth\AppData\Roaming\Mozilla\plugins\npwbe.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll No File
CHR Profile: C:\Users\youth\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky URL Advisor) - C:\Users\youth\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-03-06]
CHR Extension: (Safe Money) - C:\Users\youth\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-05-08]
CHR Extension: (Content Blocker) - C:\Users\youth\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2015-03-03]
CHR Extension: (Virtual Keyboard) - C:\Users\youth\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-03-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\youth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-26]
CHR Extension: (Google Wallet) - C:\Users\youth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-26]
CHR Extension: (Anti-Banner) - C:\Users\youth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-03-06]
CHR HKLM\...\Chrome\Extension: [bkleoojholhbbbpfmfaefpohnhhhjeap] - C:\Program Files\getdislike\chrome.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2012-12-28]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2012-12-28]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2012-12-28]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2012-12-28]
CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\12.2.5.32\avg.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2012-12-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avp; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-10-15] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 InstallFilterService; C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-11-29] () [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-09-18] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\Acceler.sys [41648 2009-12-02] (ST Microelectronics)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-09-18] (Broadcom Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39736 2011-06-02] (Infowatch)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2015-01-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597568 2015-01-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2015-01-09] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-15] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-15] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-07-15] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145224 2015-02-17] (Kaspersky Lab ZAO)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [9472 2009-07-24] (Primax Ltd)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2015-01-09] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-23 20:24 - 2015-04-23 20:25 - 00036013 _____ () C:\Users\youth\Desktop\Addition.txt
2015-04-23 20:23 - 2015-04-23 20:26 - 00029689 _____ () C:\Users\youth\Desktop\FRST.txt
2015-04-23 20:22 - 2015-04-23 20:26 - 00000000 ____D () C:\FRST
2015-04-23 20:22 - 2015-04-23 20:22 - 01139200 _____ (Farbar) C:\Users\youth\Desktop\FRST.exe
2015-04-14 14:50 - 2015-03-22 22:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 14:50 - 2015-03-22 22:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 14:50 - 2015-03-22 22:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 14:50 - 2015-03-22 22:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 14:50 - 2015-03-22 22:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 14:50 - 2015-03-22 22:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 14:50 - 2015-03-22 22:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 14:50 - 2015-03-22 21:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 14:50 - 2015-03-17 00:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-14 14:50 - 2015-03-17 00:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 14:50 - 2015-03-17 00:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 14:50 - 2015-03-17 00:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 14:50 - 2015-03-16 23:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 14:50 - 2015-03-16 23:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 14:50 - 2015-03-16 23:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 14:50 - 2015-03-16 23:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 14:50 - 2015-03-16 23:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 14:50 - 2015-03-16 23:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 14:50 - 2015-03-16 23:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 14:50 - 2015-03-16 23:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 14:50 - 2015-03-16 23:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 14:50 - 2015-03-16 23:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 14:50 - 2015-03-16 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 14:50 - 2015-03-16 23:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 14:50 - 2015-03-16 23:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 14:50 - 2015-03-16 23:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 14:50 - 2015-03-16 23:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 14:50 - 2015-03-16 23:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 14:50 - 2015-03-16 23:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 14:50 - 2015-03-16 23:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 14:50 - 2015-03-16 23:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 14:50 - 2015-03-16 23:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 14:50 - 2015-03-16 23:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 14:50 - 2015-03-16 23:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 14:50 - 2015-03-16 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 14:50 - 2015-03-03 23:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 14:50 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 14:49 - 2015-04-01 18:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 14:49 - 2015-03-24 22:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 14:49 - 2015-03-24 22:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 14:49 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 14:49 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 14:49 - 2015-03-24 22:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 14:49 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 14:49 - 2015-03-24 22:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 14:49 - 2015-03-24 22:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 14:49 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 14:49 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 14:49 - 2015-03-24 22:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 14:49 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 14:49 - 2015-03-12 22:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 14:49 - 2015-03-12 22:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 14:49 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 14:49 - 2015-03-12 22:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 14:49 - 2015-03-12 22:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 14:49 - 2015-03-12 22:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 14:49 - 2015-03-12 22:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 14:49 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 14:49 - 2015-03-12 22:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 14:49 - 2015-03-12 22:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 14:49 - 2015-03-12 22:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 14:49 - 2015-03-12 22:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 14:49 - 2015-03-12 22:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 14:49 - 2015-03-12 22:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 14:49 - 2015-03-12 22:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 14:49 - 2015-03-12 22:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 14:49 - 2015-03-12 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 14:49 - 2015-03-12 21:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 14:49 - 2015-03-12 21:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 14:49 - 2015-03-12 21:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 14:49 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 14:49 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 14:49 - 2015-03-12 21:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 14:49 - 2015-03-12 21:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 14:49 - 2015-03-12 21:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 14:49 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 14:49 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 14:49 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 14:49 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 14:49 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 14:49 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 14:49 - 2015-03-04 23:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 14:49 - 2015-02-24 22:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-12 20:26 - 2015-04-12 20:42 - 00000343 _____ () C:\Users\youth\Desktop\E-S 12U Roster format.csv
2015-04-09 12:08 - 2015-04-12 20:26 - 00017640 _____ () C:\Users\youth\Desktop\E-S 12U Roster format.xlsx
2015-04-07 11:13 - 2015-04-07 11:14 - 00019055 _____ () C:\Users\youth\Desktop\E-S Majors Roster for CVBL.xlsx
2015-04-04 19:16 - 2015-04-04 19:16 - 00000000 ___SD () C:\Windows\system32\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-23 20:25 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\tracing
2015-04-23 20:20 - 2012-08-28 09:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-23 20:12 - 2013-02-23 16:46 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-23 19:53 - 2013-01-16 17:55 - 00000338 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-04-23 19:53 - 2010-10-13 14:08 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-23 15:51 - 2009-07-13 23:55 - 01908220 _____ () C:\Windows\WindowsUpdate.log
2015-04-23 14:10 - 2010-10-13 22:55 - 00000000 ____D () C:\Users\youth\Documents\ESYA Baseball_Softball
2015-04-23 12:43 - 2010-10-13 14:08 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-23 09:29 - 2009-07-13 23:34 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-23 09:29 - 2009-07-13 23:34 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-23 09:27 - 2010-09-18 18:25 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-23 09:20 - 2011-09-27 13:25 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-04-23 09:20 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-23 09:20 - 2009-07-13 23:39 - 00081139 _____ () C:\Windows\setupact.log
2015-04-22 20:13 - 2010-12-31 23:12 - 00000000 ____D () C:\Users\youth\AppData\Local\CutePDF Writer
2015-04-22 13:02 - 2010-10-13 22:55 - 00000000 ____D () C:\Users\youth\Documents\ESYA Football
2015-04-15 13:30 - 2010-10-13 22:55 - 00000000 ____D () C:\Users\youth\Documents\ESYA Administration
2015-04-15 13:25 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2015-04-15 13:23 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 12:23 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-15 10:22 - 2014-12-11 09:03 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 10:22 - 2014-07-08 22:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 01:09 - 2013-07-26 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 01:01 - 2010-10-12 18:02 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 01:00 - 2010-10-11 15:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-14 23:53 - 2013-01-16 17:57 - 00000000 ____D () C:\Users\youth\Documents\My Scans
2015-04-14 22:37 - 2012-04-02 18:01 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-14 22:37 - 2011-08-23 09:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-09 14:47 - 2010-10-13 22:55 - 00000000 ____D () C:\Users\youth\Documents\ESYA Soccer
2015-04-07 23:59 - 2014-05-13 08:33 - 00473600 ___SH () C:\Users\youth\Desktop\Thumbs.db
2015-03-28 19:52 - 2012-10-11 20:42 - 00000000 ____D () C:\Program Files\Yahoo!
2015-03-28 19:52 - 2010-10-13 14:07 - 00000000 ____D () C:\Program Files\Google
2015-03-28 19:52 - 2010-09-18 20:16 - 00249240 _____ () C:\Windows\PFRO.log
2015-03-28 11:14 - 2010-10-13 14:08 - 00000000 ____D () C:\Users\youth\AppData\Local\Google
2015-03-28 11:14 - 2010-10-13 14:07 - 00000000 ____D () C:\ProgramData\Google
2015-03-28 11:09 - 2010-09-18 18:34 - 00000000 ____D () C:\Program Files\Creative
2015-03-28 11:09 - 2010-09-18 18:23 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-28 10:44 - 2013-01-16 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-03-28 10:44 - 2013-01-16 17:37 - 00000000 ____D () C:\Program Files\HP
2015-03-28 10:44 - 2013-01-16 17:35 - 00002729 _____ () C:\ProgramData\hpzinstall.log
2015-03-28 10:43 - 2013-07-30 20:17 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2010-11-18 18:02 - 2010-11-18 18:02 - 0038440 _____ () C:\Users\youth\AppData\Roaming\Comma Separated Values (Windows).ADR
2012-01-17 16:08 - 2012-01-17 16:33 - 0005934 _____ () C:\Users\youth\AppData\Roaming\d9bb06c8
2014-04-30 23:14 - 2014-11-12 02:33 - 0000099 _____ () C:\Users\youth\AppData\Roaming\WB.CFG
2012-01-17 16:08 - 2012-01-17 16:33 - 0005986 _____ () C:\Users\youth\AppData\Local\c04aab88
2011-01-06 23:01 - 2014-04-13 20:26 - 0018944 _____ () C:\Users\youth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-22 01:01 - 2013-02-22 01:25 - 0006527 _____ () C:\Users\youth\AppData\Local\e98387f8-e232-4874-9e07-be2d46eddcd5.crx
2011-07-19 22:37 - 2011-07-19 22:37 - 0004096 ____H () C:\Users\youth\AppData\Local\keyfile3.drm
2010-11-11 15:14 - 2013-02-09 11:16 - 0007593 _____ () C:\Users\youth\AppData\Local\Resmon.ResmonCfg
2013-02-23 16:49 - 2013-02-23 16:49 - 0017408 _____ () C:\Users\youth\AppData\Local\WebpageIcons.db
2012-01-22 21:30 - 2012-01-22 21:30 - 0000000 _____ () C:\Users\youth\AppData\Local\{1C8E8ABE-A1C0-4DFF-B0F6-E37AF4610134}
2010-10-13 17:42 - 2014-02-07 09:47 - 0000168 __RSH () C:\ProgramData\522410D066.sys
2012-01-17 16:08 - 2012-01-17 16:33 - 0005943 _____ () C:\ProgramData\70450d60
2013-01-16 17:35 - 2015-03-28 10:44 - 0002729 _____ () C:\ProgramData\hpzinstall.log
2010-10-13 17:42 - 2014-02-07 09:47 - 0003766 ___SH () C:\ProgramData\KGyGaAvL.sys

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3619502975-363000331-2560232528-1000\$1a605c4fea5404b64f56f2133257c1f6

Files to move or delete:
====================
C:\Users\youth\jagex_cl_runescape_LIVE.dat
C:\Users\youth\jagex_runescape_preferences.dat
C:\Users\youth\jagex_runescape_preferences2.dat
C:\Users\youth\msvcr71.dll
C:\Users\youth\setup_aascommoncontrols.exe


Some content of TEMP:
====================
C:\Users\youth\AppData\Local\Temp\APNSetup.exe
C:\Users\youth\AppData\Local\Temp\avguidx.dll
C:\Users\youth\AppData\Local\Temp\BackupSetup.exe
C:\Users\youth\AppData\Local\Temp\CommonInstaller.exe
C:\Users\youth\AppData\Local\Temp\install_flashplayer17x32axau_gtbd_chrd_dn_aaa_aih.exe
C:\Users\youth\AppData\Local\Temp\jna3335300963533812730.dll
C:\Users\youth\AppData\Local\Temp\jna5601508395992441490.dll
C:\Users\youth\AppData\Local\Temp\lowproc.exe
C:\Users\youth\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\youth\AppData\Local\Temp\nsc108D.exe
C:\Users\youth\AppData\Local\Temp\nscCD50.exe
C:\Users\youth\AppData\Local\Temp\nscD2B2.exe
C:\Users\youth\AppData\Local\Temp\nse8914.exe
C:\Users\youth\AppData\Local\Temp\nseD76F.exe
C:\Users\youth\AppData\Local\Temp\nsjC017.exe
C:\Users\youth\AppData\Local\Temp\nsjEF05.exe
C:\Users\youth\AppData\Local\Temp\nsk6FE9.exe
C:\Users\youth\AppData\Local\Temp\nspA4C0.exe
C:\Users\youth\AppData\Local\Temp\nsr345D.exe
C:\Users\youth\AppData\Local\Temp\nsr878C.exe
C:\Users\youth\AppData\Local\Temp\nsrC567.exe
C:\Users\youth\AppData\Local\Temp\nsx8666.exe
C:\Users\youth\AppData\Local\Temp\oi_{85F4DEDE-8CD0-4B4C-9B34-4DB20199BA57}.exe
C:\Users\youth\AppData\Local\Temp\RDVAlert.exe
C:\Users\youth\AppData\Local\Temp\SCC.dll
C:\Users\youth\AppData\Local\Temp\stubhelper.dll
C:\Users\youth\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\youth\AppData\Local\Temp\uninst1.exe
C:\Users\youth\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\youth\AppData\Local\Temp\{8300BA8A-5080-44DC-984B-743CBE2FC1F1}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 07:41

==================== End Of Log ============================

 

[Chris Toft]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-04-2015 02
Ran by youth at 2015-04-23 20:26:40
Running from C:\Users\youth\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3619502975-363000331-2560232528-500 - Administrator - Disabled)
Guest (S-1-5-21-3619502975-363000331-2560232528-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3619502975-363000331-2560232528-1002 - Limited - Enabled)
youth (S-1-5-21-3619502975-363000331-2560232528-1000 - Administrator - Enabled) => C:\Users\youth

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Accelerometer (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 1.06.08.33 - STMicroelectronics)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.4.13090 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Akamai NetSession Interface (HKU\S-1-5-21-3619502975-363000331-2560232528-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
All American SportsWare Common Controls Pack (HKLM\...\{B83662DE-E5D1-417A-9F0A-222E88FF7F49}) (Version: 1.01.0002 - All American SportsWare)
Apple Application Support (HKLM\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{D03482C5-9AD8-496D-B388-692AE04C93AF}) (Version: 3.0.0.2 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4600 (Version: 130.0.425.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel WordPerfect Office - iFilter (HKLM\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.00.000 - Corel Corporation)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{4688EB75-28E2-4731-9BCB-55E624F7CD45}) (Version: 1.3 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.0.2.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
desktop weather (HKLM\...\desktop weather) (Version: - )
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)
FrostWire 4.21.3 (HKLM\...\FrostWire) (Version: 4.21.3.0 - FrostWire Team)
GameTime Scheduler (HKLM\...\{D4C1711E-F80F-4E01-995E-609EA11890EB}) (Version: 10.01.7 - All American SportsWare)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.10712 - HP)
HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 (HKLM\...\{44C81D1A-0520-49BB-B510-98B8DD414EA1}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2141 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
inTuneMP3 (HKLM\...\{508BFA95-545E-42A2-8C9D-E531C53C9B79}) (Version: 1.5.0 - W3i Holdings)
iTunes (HKLM\...\{C73CA646-73B3-4AEF-A136-C37505745174}) (Version: 10.4.0.80 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky PURE 3.0 (HKLM\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (Version: 13.0.2.558 - Kaspersky Lab) Hidden
League Administration Software (HKLM\...\{9E731F5F-E586-42F0-AEB7-03420BD5530D}) (Version: 10.29.0 - All American SportsWare)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org 3.2 (HKLM\...\{5A13987D-55F4-4271-A40E-76AC9B1B38FD}) (Version: 3.2.9502 - OpenOffice.org)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
PS_AIO_05_C4600_Software_Min (Version: 130.0.425.000 - Hewlett-Packard) Hidden
QuickSet32 (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 1.3.3 - Dell Inc.)
QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Safari (HKLM\...\{735619D4-B42A-437A-958C-199BFCAEDB38}) (Version: 5.34.50.0 - Apple Inc.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
The Weather Channel Desktop 6 (HKLM\...\The Weather Channel Desktop 6) (Version: - )
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.900 - Broadcom Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E0}) (Version: 18.0.11023 - WinZip Computing, S.L. )
WordPerfect Lightning - IPM (Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - Messages (Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - MSOM (Version: 1.1 - Corel Corporation) Hidden
WordPerfect Lightning (Version: 2.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Common (Version: 15.0 - Corel Corporation) Hidden
Wordperfect Office X5 - EN (Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Filters (Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Graphics (Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - IPM (Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - LegalTools (Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Migration Manager (Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Oxford (Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - PerfectExperts EN (Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - PR (Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - QP (Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Setup Files (Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Sharepoint (Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Skins (Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - System EN (Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Templates (Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - WP (Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - WT (Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 (HKLM\...\_{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}) (Version: 15.0.0.357 - Corel Corporation)
WordPerfect Office X5 (Version: 15.0 - Corel Corporation) Hidden
Yontoo Layers 1.10.01 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.01 - Theme Your World LLC) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

31-03-2015 10:39:59 Windows Update
04-04-2015 19:15:38 Windows Update
10-04-2015 12:04:08 Windows Update
14-04-2015 07:38:20 Windows Update
15-04-2015 00:54:47 Windows Update
21-04-2015 12:06:09 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {015CE989-24B8-4FD7-84F5-3B113CEADF0C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3619502975-363000331-2560232528-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {07CB52C8-690E-4D1D-87C9-38A3376B500F} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-01-16] ()
Task: {113EDE5E-BE3F-41B7-ACB3-318890B644E9} - System32\Tasks\Microsoft\Office Genuine Advantage\OGALogon => C:\Windows\system32\OGAExec.exe
Task: {1AC82E61-AE01-47AE-B144-4A7E40DD60F4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3619502975-363000331-2560232528-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {2076E99C-29E1-40A3-8EEC-569E922224C9} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {26D2B661-1668-4AF9-8316-FEE4614FB91E} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {2AF2E087-8B3C-48C0-B023-197CC99D22A3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3619502975-363000331-2560232528-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {2B874152-01BB-4577-8D20-725FF40C791A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3619502975-363000331-2560232528-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {3904C8C0-27C6-4D3C-8842-C8C4E2016C2F} - System32\Tasks\{74C0A507-A188-42FB-BB5A-BD43D0708961} => pcalua.exe -a "C:\Users\youth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D5V1T0GF\dwinst2456554[1].exe" -d C:\Users\youth\Desktop
Task: {3C27C69D-1202-41F1-82FC-42CC22E24D85} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3619502975-363000331-2560232528-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {41D8BA66-6497-4EB4-842F-93CBD0A2584C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {41F99ACF-6B28-49DC-B8D6-07E37F9A716C} - System32\Tasks\4750 => Wscript.exe C:\Users\youth\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {4A28D2A4-B509-4B77-8653-09C2C679800F} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {524B6D63-110A-4BF0-BEE2-BFA58893D7AA} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3619502975-363000331-2560232528-1006 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {59BF748A-65AC-4563-A793-3D9C2DA1517E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3619502975-363000331-2560232528-1005 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {6E36571E-7313-4194-92F7-9FD45895A177} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3619502975-363000331-2560232528-1005 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {7898F0CD-4645-4872-8A5F-A3E1BE7EDB7B} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {791935CD-24F0-4800-A565-50DB4A31E1A5} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3619502975-363000331-2560232528-1000 => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {7ECD13FB-F582-49CA-A5EC-156409B5C26E} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3619502975-363000331-2560232528-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {817BE47A-6F97-4FA5-81BC-CA623D79844A} - System32\Tasks\{EA5E9EB1-7829-4FC6-BAB9-FE87DB8E2961} => pcalua.exe -a C:\AAS\LasWin\LasWin.EXE -d C:\AAS\LasWin\
Task: {83654AD6-9342-4A00-B970-E59AB59ABAEA} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3619502975-363000331-2560232528-1000 => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {8E2F7DE0-BC4F-488A-879F-E17408A49018} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {925AFCAA-1EA2-45F4-9277-C0C33A06C27B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {A58E319B-9074-423C-9F46-590C66E84C7F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {AAE11E18-BEC5-4D5D-9FC9-71787191B90D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3619502975-363000331-2560232528-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {AFA652A8-04FC-4EC7-B888-1F0498F92D31} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {BD4B3787-B6E8-469F-B079-45C07F7CE317} - System32\Tasks\{02D5FF1A-FF58-4C45-86AB-209C3AC418FD} => pcalua.exe -a "C:\Remote Programs\Roads of Rome\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=706250;name=Roads of Rome;dir=C:\Remote Programs\Roads of Rome\;prvid=143;cmdid=1;prvdir=Default
Task: {BFC6F231-2175-489B-948C-20A2E48ACB1A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3619502975-363000331-2560232528-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {D602746F-1CDF-4E5F-895E-A5306FADC70F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E38F7448-28D5-4F58-80E1-AC8986F0F025} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {EE62C293-3ED8-4E46-815B-77A8A2AAF2E1} - System32\Tasks\Real Player online update program => c:\program files\real\realplayer\Update\realsched.exe
Task: {F0CB3E8F-90A3-4116-8178-23F6AAF9E866} - System32\Tasks\{4F61C619-526E-452B-9699-9F9C4FA818F2} => pcalua.exe -a "C:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe"
Task: {F478846A-6C43-4B0B-8232-0CC794504C48} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3619502975-363000331-2560232528-1006 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {F6EF61AD-4957-43F3-ADE3-EB08432F1884} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3619502975-363000331-2560232528-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

==================== Loaded Modules (whitelisted) ==============

2010-12-31 23:07 - 2012-10-04 20:50 - 00088688 _____ () C:\Windows\System32\cpwmon2k.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2010-09-18 18:23 - 2009-11-29 22:41 - 00060928 _____ () C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
2010-10-27 09:02 - 2010-10-27 09:02 - 00069632 _____ () C:\Program Files\desktop weather\BugEx.dll
2010-09-18 18:23 - 2009-07-22 07:52 - 02384896 _____ () C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
2010-05-04 15:36 - 2010-05-04 15:36 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3619502975-363000331-2560232528-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 208.67.222.222

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/23/2015 05:37:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (04/23/2015 05:37:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (04/22/2015 10:36:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (04/22/2015 10:36:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (04/22/2015 09:00:06 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (04/21/2015 09:00:08 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (04/21/2015 06:21:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EXCEL.EXE, version: 12.0.6718.5000, time stamp: 0x54e45be7
Faulting module name: EXCEL.EXE, version: 12.0.6718.5000, time stamp: 0x54e45be7
Exception code: 0xc0000005
Fault offset: 0x00013216
Faulting process id: 0x1264
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3

Error: (04/21/2015 06:21:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EXCEL.EXE, version: 12.0.6718.5000, time stamp: 0x54e45be7
Faulting module name: EXCEL.EXE, version: 12.0.6718.5000, time stamp: 0x54e45be7
Exception code: 0xc0000005
Fault offset: 0x00013216
Faulting process id: 0x1264
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3

Error: (04/21/2015 06:13:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b3c6
Exception code: 0xc0000005
Fault offset: 0x00052ca7
Faulting process id: 0xb88
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (04/21/2015 05:31:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)


System errors:
=============
Error: (04/23/2015 09:20:58 AM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT AUTHORITY)
Description: The Program Compatibility Assistant service failed to perform the phase two initialization.

Error: (04/22/2015 06:02:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (04/21/2015 01:41:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:39:21 PM on ‎4/‎21/‎2015 was unexpected.

Error: (04/12/2015 08:34:42 PM) (Source: DCOM) (EventID: 10016) (User: youth-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}youth-PCyouthS-1-5-21-3619502975-363000331-2560232528-1000LocalHost (Using LRPC)

Error: (04/12/2015 08:34:42 PM) (Source: DCOM) (EventID: 10016) (User: youth-PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}youth-PCyouthS-1-5-21-3619502975-363000331-2560232528-1000LocalHost (Using LRPC)

Error: (04/12/2015 08:27:19 PM) (Source: DCOM) (EventID: 10016) (User: youth-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}youth-PCyouthS-1-5-21-3619502975-363000331-2560232528-1000LocalHost (Using LRPC)

Error: (04/12/2015 08:27:19 PM) (Source: DCOM) (EventID: 10016) (User: youth-PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}youth-PCyouthS-1-5-21-3619502975-363000331-2560232528-1000LocalHost (Using LRPC)

Error: (04/12/2015 08:19:50 PM) (Source: DCOM) (EventID: 10016) (User: youth-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}youth-PCyouthS-1-5-21-3619502975-363000331-2560232528-1000LocalHost (Using LRPC)

Error: (04/12/2015 08:19:50 PM) (Source: DCOM) (EventID: 10016) (User: youth-PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}youth-PCyouthS-1-5-21-3619502975-363000331-2560232528-1000LocalHost (Using LRPC)

Error: (04/12/2015 01:25:09 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}


Microsoft Office Sessions:
=========================
Error: (04/21/2015 06:21:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16240 seconds with 840 seconds of active time. This session ended with a crash.

Error: (04/21/2015 00:26:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 28944 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/21/2015 04:24:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 64146 seconds with 2400 seconds of active time. This session ended with a crash.

Error: (04/18/2015 03:38:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 445 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/13/2015 00:57:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 103418 seconds with 1200 seconds of active time. This session ended with a crash.

Error: (04/02/2015 10:55:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 43306 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/31/2015 02:17:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12166 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/30/2015 04:32:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9289 seconds with 420 seconds of active time. This session ended with a crash.

Error: (03/26/2015 11:42:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 167636 seconds with 2700 seconds of active time. This session ended with a crash.

Error: (03/18/2015 00:00:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 45658 seconds with 420 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2015-03-10 11:31:19.692
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-10 11:31:19.692
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-10 11:31:19.677
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-10 11:31:06.011
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-10 11:31:06.011
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-10 11:31:05.995
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-09 14:59:25.979
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-09 14:59:25.963
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-09 14:59:25.963
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-09 14:59:20.113
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 63%
Total physical RAM: 1910.68 MB
Available physical RAM: 699.5 MB
Total Pagefile: 3821.37 MB
Available Pagefile: 1913.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1888.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:143.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 63768F22)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

Do NOT create multiple topics for the same computer.
This time I merged both topics.

Uninstall Yontoo Layers.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.