Page 1 of 4 123 ... LastLast
Results 1 to 10 of 33

Thread: Malware I think

  1. #1
    Member
    Join Date
    Jul 2012
    Posts
    32
    Points
    0

    Default Malware I think

    Hello Again,
    I need help removing what I think is malware on my system. I get constant messages from Avast popping up. At time when I shut down my system I get full screen random ads appearing as it shuts down. At times my system will start to slow down and sometimes Firefox will close or not open. I will include the items you request as well as some jpegs showing the Avast messages. Thanks in advance,
    Mark

    Post edited to remove email address to prevent spammers from harvesting
    Last edited by DonnaB; 11-13-2015 at 05:41 PM.

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi! My name is zep516 and Welcome to Help2go!
    I'll do the best I can to resolve your computer issue
    Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

    Everything gets download to the desktop and tools are "Run as administrator."

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
    Last edited by zep516; 11-13-2015 at 05:43 PM.

  3. #3
    Member
    Join Date
    Jul 2012
    Posts
    32
    Points
    0

    Default

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
    Ran by mark (administrator) on MARK-PC (13-11-2015 18:34:17)
    Running from C:\Users\mark\Desktop
    Loaded Profiles: mark (Available Profiles: mark & UpdatusUser)
    Platform: Microsoft Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
    Internet Explorer Version 9 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (PACE Anti-Piracy, Inc.) C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-10] (AVAST Software)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-11-10] (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
    Tcpip\..\Interfaces\{6ECFF025-36B4-4055-927E-AFBC34AB9007}: [DhcpNameServer] 209.18.47.61 209.18.47.62

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2578409918-2136055275-2787630165-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2578409918-2136055275-2787630165-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-59a7d624&q={searchTerms}
    SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-59a7d624&q={searchTerms}
    SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2578409918-2136055275-2787630165-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-59a7d624&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2578409918-2136055275-2787630165-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2578409918-2136055275-2787630165-1000 -> {A165A02C-A78C-4E05-A826-E25CBDCE0988} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-2578409918-2136055275-2787630165-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-59a7d624&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2578409918-2136055275-2787630165-1000 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-10] (AVAST Software)
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab

    FireFox:
    ========
    FF ProfilePath: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\qp4cydfl.default-1439305111912
    FF DefaultSearchEngine.US: Search Provided by Bing
    FF Homepage: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-18] ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=16.0.2.32 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-06-13] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.2.32 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-06-13] (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2578409918-2136055275-2787630165-1000: @citrixonline.com/appdetectorplugin -> C:\Users\mark\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-07] (Citrix Online)
    FF SearchPlugin: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\qp4cydfl.default-1439305111912\searchplugins\youtube-video-search.xml [2015-09-29]
    FF Extension: Ant Video Downloader - C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\qp4cydfl.default-1439305111912\Extensions\anttoolbar@ant.com [2015-08-11]
    FF Extension: Video DownloadHelper - C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\qp4cydfl.default-1439305111912\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-29]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => not found
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-10]
    FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-13] [not signed]
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]

    Chrome:
    =======
    CHR Profile: C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-14]
    CHR Extension: (Google Drive) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-14]
    CHR Extension: (YouTube) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-14]
    CHR Extension: (Google Search) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-14]
    CHR Extension: (RealDownloader) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-06-14]
    CHR Extension: (Google Wallet) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-15]
    CHR Extension: (Gmail) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-14]
    CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-05]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-10]
    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-10] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4390776 2015-11-10] (Avast Software)
    S4 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-10-12] (Creative Labs) [File not signed]
    S4 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-10-19] (Creative Labs) [File not signed]
    S4 dlbu_device; C:\Windows\system32\dlbucoms.exe [538096 2007-02-28] ( )
    S4 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    S4 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4604208 2013-01-17] (Native Instruments GmbH)
    R2 PaceLicenseDServices; C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [17191840 2014-01-16] (PACE Anti-Piracy, Inc.)
    S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-11-10] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [81168 2015-11-10] (AVAST Software)
    R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-11-10] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-11-10] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [794952 2015-11-10] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [435464 2015-11-10] (AVAST Software)
    R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [167152 2015-11-10] (AVAST Software)
    S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-11-10] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209432 2015-11-10] (AVAST Software)
    S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
    R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [121368 2015-11-10] (AVAST Software)
    R3 P17; C:\Windows\System32\drivers\P17.sys [1148416 2009-08-03] (Creative Technology Ltd.)
    S3 paeusbaudio; C:\Windows\System32\DRIVERS\paeusbaudio.sys [195448 2012-05-24] ()
    S3 paeusbaudiodsp; C:\Windows\System32\DRIVERS\paeusbaudiodsp.sys [60280 2012-05-24] ()
    S3 paeusbaudioks; C:\Windows\System32\DRIVERS\paeusbaudioks.sys [42872 2012-05-24] ()
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [94416 2013-04-11] (PACE Anti-Piracy, Inc.)
    S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [252152 2015-11-10] (Avast Software)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 catchme; \??\C:\Users\mark\AppData\Local\Temp\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 yeddef; System32\Drivers\yeddef.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-13 18:34 - 2015-11-13 18:35 - 00014954 _____ C:\Users\mark\Desktop\FRST.txt
    2015-11-13 18:34 - 2015-11-13 18:34 - 00000000 ____D C:\FRST
    2015-11-13 18:31 - 2015-11-13 18:31 - 01702400 _____ (Farbar) C:\Users\mark\Desktop\FRST.exe
    2015-11-13 05:34 - 2015-11-13 05:49 - 00000000 ____D C:\snapshots
    2015-11-12 08:08 - 2015-11-12 08:08 - 00001760 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2015-11-12 08:08 - 2015-11-12 08:08 - 00000000 ____D C:\Users\mark\AppData\Roaming\SUPERAntiSpyware.com
    2015-11-12 08:07 - 2015-11-12 08:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2015-11-12 08:07 - 2015-11-12 08:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-11-12 08:07 - 2015-11-12 08:07 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2015-11-12 07:58 - 2015-11-12 07:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\mark\Documents\HijackThis.exe
    2015-11-12 07:56 - 2015-11-12 07:57 - 23930968 _____ (SUPERAntiSpyware) C:\Users\mark\Desktop\SUPERAntiSpyware.exe
    2015-11-11 09:44 - 2015-11-12 22:41 - 00000000 ____D C:\Users\mark\Desktop\Virus pics
    2015-11-11 05:25 - 2015-11-11 05:25 - 00000680 _____ C:\Users\mark\AppData\Local\d3d9caps.dat
    2015-11-10 21:12 - 2015-11-13 18:29 - 00060799 _____ C:\Windows\WindowsUpdate.log
    2015-11-10 20:20 - 2015-11-11 05:25 - 00000680 _____ C:\Users\mark\AppData\Local\d3d9caps.tmp
    2015-11-10 17:02 - 2015-11-10 17:02 - 00011820 _____ C:\ComboFix.txt
    2015-11-10 10:50 - 2015-11-10 10:50 - 00322760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2015-11-10 10:50 - 2015-11-10 10:50 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
    2015-11-10 09:02 - 2015-11-10 09:03 - 00000000 ___HD C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}
    2015-11-10 09:02 - 2015-11-10 09:03 - 00000000 ____D C:\Users\mark\AppData\Local\EukuWmow
    2015-11-09 12:14 - 2015-11-09 12:15 - 00000000 ____D C:\Users\mark\Desktop\Sound Cloud pics
    2015-11-06 15:46 - 2015-11-06 22:02 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2015-11-02 09:17 - 2015-11-02 09:19 - 00000000 ____D C:\Users\mark\Documents\Song Writing
    2015-10-31 21:37 - 2015-10-31 21:41 - 00000000 ____D C:\Users\mark\Desktop\PayPal 2015
    2015-10-28 09:26 - 2015-10-28 09:27 - 00000000 ____D C:\Users\mark\Desktop\World Maps

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-13 18:26 - 2006-11-02 06:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-11-13 18:26 - 2006-11-02 06:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-11-13 18:25 - 2006-11-02 07:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-11-13 15:38 - 2006-11-02 07:01 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-11-13 05:34 - 2015-04-19 07:18 - 00000000 ____D C:\Windows\system32\vbox
    2015-11-12 22:12 - 2014-05-19 08:55 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-11-12 08:53 - 2015-07-20 07:52 - 00000000 ____D C:\Users\mark\Desktop\40
    2015-11-11 08:42 - 2012-11-20 11:09 - 00000000 ____D C:\Users\mark\Documents\4 sale
    2015-11-10 17:02 - 2013-01-21 19:01 - 00000000 ____D C:\Qoobox
    2015-11-10 16:57 - 2006-11-02 04:23 - 00000215 _____ C:\Windows\system.ini
    2015-11-10 16:39 - 2015-08-04 06:02 - 05638248 ____R (Swearware) C:\Users\mark\Desktop\ComboFix.exe
    2015-11-10 14:01 - 2014-03-11 08:38 - 00000000 ____D C:\Users\mark\Documents\Music PDF's and stuff
    2015-11-10 10:50 - 2015-07-31 22:28 - 00167152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
    2015-11-10 10:50 - 2014-05-08 07:41 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2015-11-10 10:50 - 2013-03-06 09:33 - 00435464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2015-11-10 10:50 - 2013-03-06 09:33 - 00209432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2015-11-10 10:50 - 2013-03-06 09:33 - 00081168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2015-11-10 10:50 - 2013-03-06 09:33 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
    2015-11-10 10:50 - 2013-03-06 09:33 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
    2015-11-10 10:50 - 2013-03-06 09:33 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2015-11-10 10:49 - 2015-07-31 22:27 - 00121368 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
    2015-11-10 10:49 - 2013-03-06 09:33 - 00794952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2015-11-10 09:38 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\tracing
    2015-11-07 05:21 - 2015-03-07 08:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2015-11-02 09:18 - 2013-02-01 23:01 - 00000000 ____D C:\Users\mark\Documents\Payments
    2015-10-22 21:07 - 2013-05-14 08:12 - 00000000 ____D C:\Program Files\Google
    2015-10-22 08:14 - 2014-05-19 08:55 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
    2015-10-18 21:08 - 2012-10-19 11:29 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-10-18 21:08 - 2012-10-19 11:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-10-17 08:25 - 2013-02-19 16:48 - 00016400 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
    2015-10-15 21:17 - 2012-10-21 18:24 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2015-10-15 21:17 - 2012-10-21 18:24 - 00000000 ____D C:\Program Files\Common Files\Adobe

    ==================== Files in the root of some directories =======

    2015-09-13 08:42 - 2015-10-07 12:42 - 0000096 _____ () C:\Users\mark\AppData\Roaming\Camdata.ini
    2015-09-13 08:42 - 2015-10-07 12:42 - 0000408 _____ () C:\Users\mark\AppData\Roaming\CamLayout.ini
    2015-09-13 08:42 - 2015-10-07 12:42 - 0000408 _____ () C:\Users\mark\AppData\Roaming\CamShapes.ini
    2015-09-13 08:42 - 2015-10-07 12:42 - 0004558 _____ () C:\Users\mark\AppData\Roaming\CamStudio.cfg
    2013-05-03 08:14 - 2014-11-30 23:06 - 0000032 _____ () C:\Users\mark\AppData\Roaming\msregsvv.dll
    2014-03-07 23:28 - 2014-03-07 23:34 - 0000013 _____ () C:\Users\mark\AppData\Roaming\pref.ga
    2015-09-13 08:38 - 2015-10-07 12:42 - 0000096 _____ () C:\Users\mark\AppData\Roaming\version2.xml
    2015-11-11 05:25 - 2015-11-11 05:25 - 0000680 _____ () C:\Users\mark\AppData\Local\d3d9caps.dat
    2015-11-10 20:20 - 2015-11-11 05:25 - 0000680 _____ () C:\Users\mark\AppData\Local\d3d9caps.tmp
    2012-10-22 06:36 - 2015-06-28 07:57 - 0105984 _____ () C:\Users\mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-05-03 08:14 - 2014-11-30 23:06 - 0000032 _____ () C:\ProgramData\autobk.inc

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-11-13 18:31

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-11-2015
    Ran by mark (2015-11-13 18:36:04)
    Running from C:\Users\mark\Desktop
    Microsoft Windows Vista™ Home Premium Service Pack 2 (X86) (2012-10-19 16:36:37)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2578409918-2136055275-2787630165-500 - Administrator - Disabled)
    Guest (S-1-5-21-2578409918-2136055275-2787630165-501 - Limited - Disabled)
    mark (S-1-5-21-2578409918-2136055275-2787630165-1000 - Administrator - Enabled) => C:\Users\mark
    UpdatusUser (S-1-5-21-2578409918-2136055275-2787630165-1001 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
    Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    AudioBox version 1.2 (HKLM\...\{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1) (Version: 1.2 - PreSonus)
    Avast Free Antivirus (HKLM\...\avast) (Version: 11.1.2241 - AVAST Software)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
    ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
    Creative ALchemy (HKLM\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
    Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
    Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
    Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
    Creative Sound Blaster Properties (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited)
    Creative WaveStudio 7 (HKLM\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
    DigiTech RP250 Drivers (HKLM\...\DigiTech RP250 Drivers) (Version: 2.0 - DigiTech)
    DigiTech RP250 Drivers (Version: 2.0 - DigiTech) Hidden
    DigiTech X-Edit 2.4.1 (HKLM\...\{02DC3C69-02AF-47C2-9B68-AA2A69631CF8}) (Version: 2.4.1.2 - DigiTech)
    eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    EZdrummer (HKLM\...\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}) (Version: 1.3.3 - Toontrack)
    EZmix Lite 32-bit (HKLM\...\{FBEF356F-F310-47E6-8A08-AF95375CCB8B}) (Version: 2.0.7 - Toontrack)
    EZXCocktail (HKLM\...\{147567F0-8575-4BE0-B5B3-62706C67FA5A}) (Version: 1.2.4 - Toontrack)
    Free Studio version 2014 (HKLM\...\Free Studio_is1) (Version: 6.3.8.820 - DVDVideoSoft Ltd.)
    Groove Monkee Big Easy Samples (HKLM\...\Groove Monkee Big Easy Samples) (Version: - Groove Monkee)
    Groove Monkee Blues Rock Samples (HKLM\...\Groove Monkee Blues Rock Samples) (Version: - Groove Monkee)
    Groove Monkee Blues Samples (HKLM\...\Groove Monkee Blues Samples) (Version: - Groove Monkee)
    Groove Monkee Breakbeats 1 Samples (HKLM\...\Groove Monkee Breakbeats 1 Samples) (Version: - Groove Monkee)
    Groove Monkee Country 2 Samples (HKLM\...\Groove Monkee Country 2 Samples) (Version: - Groove Monkee)
    Groove Monkee Electronic Samples (HKLM\...\Groove Monkee Electronic Samples) (Version: - Groove Monkee)
    Groove Monkee Funk Samples (HKLM\...\Groove Monkee Funk Samples) (Version: - Groove Monkee)
    Groove Monkee Fusion Samples (HKLM\...\Groove Monkee Fusion Samples) (Version: - Groove Monkee)
    Groove Monkee Hard Rock 1 Samples (HKLM\...\Groove Monkee Hard Rock 1 Samples) (Version: - Groove Monkee)
    Groove Monkee Jazz Samples (HKLM\...\Groove Monkee Jazz Samples) (Version: - Groove Monkee)
    Groove Monkee Metal 2 Samples (HKLM\...\Groove Monkee Metal 2 Samples) (Version: - Groove Monkee)
    Groove Monkee Power Rock Samples (HKLM\...\Groove Monkee Power Rock Samples) (Version: - Groove Monkee)
    Groove Monkee Producer Pack 2 Samples (HKLM\...\Groove Monkee Producer Pack 2 Samples) (Version: - Groove Monkee)
    Groove Monkee Progressive Samples (HKLM\...\Groove Monkee Progressive Samples) (Version: - Groove Monkee)
    Groove Monkee Punk Samples (HKLM\...\Groove Monkee Punk Samples) (Version: - Groove Monkee)
    Groove Monkee RB1 Samples (HKLM\...\Groove Monkee RB1 Samples) (Version: - Groove Monkee)
    Groove Monkee Rock 2 Samples (HKLM\...\Groove Monkee Rock 2 Samples) (Version: - Groove Monkee)
    Groove Monkee Rock 3 Samples (HKLM\...\Groove Monkee Rock 3 Samples) (Version: - Groove Monkee)
    Groove Monkee RockE1 Samples (HKLM\...\Groove Monkee RockE1 Samples) (Version: - Groove Monkee)
    Groove Monkee RockE2 Samples (HKLM\...\Groove Monkee RockE2 Samples) (Version: - Groove Monkee)
    Groove Monkee Twisted Samples (HKLM\...\Groove Monkee Twisted Samples) (Version: - Groove Monkee)
    Groove Monkee World Beats Samples (HKLM\...\Groove Monkee World Beats Samples) (Version: - Groove Monkee)
    IK Multimedia Authorization Manager version 1.0.9 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.9 - IK Multimedia)
    IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
    iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
    Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
    Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Massey VST Demos (Remove only) (HKLM\...\Massey VST Demos) (Version: - )
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Mozilla Firefox 42.0 (x86 en-US) (HKLM\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
    Native Instruments Abbey Road 60s Drums Vintage (HKLM\...\Native Instruments Abbey Road 60s Drums Vintage) (Version: - Native Instruments)
    Native Instruments Controller Editor (HKLM\...\Native Instruments Controller Editor) (Version: 1.5.4.1182 - Native Instruments)
    Native Instruments Guitar Rig 4 (HKLM\...\Native Instruments Guitar Rig 4) (Version: - Native Instruments)
    Native Instruments Guitar Rig Mobile I/O (HKLM\...\Native Instruments Guitar Rig Mobile I/O) (Version: - Native Instruments)
    Native Instruments Guitar Rig Session I/O (HKLM\...\Native Instruments Guitar Rig Session I/O) (Version: - Native Instruments)
    Native Instruments Komplete 7 Players (HKLM\...\Native Instruments Komplete 7 Players) (Version: - Native Instruments)
    Native Instruments Komplete Elements (HKLM\...\Native Instruments Komplete Elements) (Version: - Native Instruments)
    Native Instruments Kontakt 4 (HKLM\...\Native Instruments Kontakt 4) (Version: - Native Instruments)
    Native Instruments Kontakt Elements Selection R2 (HKLM\...\Native Instruments Kontakt Elements Selection R2) (Version: - Native Instruments)
    Native Instruments Kontakt Factory Selection (HKLM\...\Native Instruments Kontakt Factory Selection) (Version: - Native Instruments)
    Native Instruments Kore Player (HKLM\...\Native Instruments Kore Player) (Version: - Native Instruments)
    Native Instruments Mikro Prism (HKLM\...\Native Instruments Mikro Prism) (Version: - Native Instruments)
    Native Instruments Reaktor 5 (HKLM\...\Native Instruments Reaktor 5) (Version: - Native Instruments)
    Native Instruments Reaktor Elements Selection (HKLM\...\Native Instruments Reaktor Elements Selection) (Version: - Native Instruments)
    Native Instruments Reaktor Factory Selection (HKLM\...\Native Instruments Reaktor Factory Selection) (Version: - Native Instruments)
    Native Instruments Reaktor Spark R2 (HKLM\...\Native Instruments Reaktor Spark R2) (Version: - Native Instruments)
    Native Instruments Rig Kontrol 3 (HKLM\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments)
    Native Instruments Service Center (HKLM\...\Native Instruments Service Center) (Version: - Native Instruments)
    NVIDIA 3D Vision Controller Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
    NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
    NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
    PACE License Support Win32 (HKLM\...\InstallShield_{3165EA9B-36CC-499B-96FF-66FC30E10EF8}) (Version: 2.3.1.0494 - PACE Anti-Piracy, Inc.)
    PACE License Support Win32 (Version: 2.3.1.0494 - PACE Anti-Piracy, Inc.) Hidden
    Pedals VST (HKLM\...\Pedals VST) (Version: - )
    PreSonus Studio One 2 (HKLM\...\PreSonus Studio One 2) (Version: 2.6.5.30360 - PreSonus Audio Electronics)
    QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    RealDownloader (Version: 1.3.2 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
    RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Slice Audio File Splitter (HKLM\...\Slice) (Version: - NCH Software)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1208 - SUPERAntiSpyware.com)
    System Requirements Lab for Intel (HKLM\...\{0941583C-A10F-4FBB-9B1C-9178CE3BFDAF}) (Version: 4.5.23.0 - Husdawg, LLC)
    Toontrack solo (HKLM\...\{5866520C-8857-4986-833A-039F4584C3F7}) (Version: 1.3.2 - Toontrack)
    TT-Dynamic-Range 1.1 (HKLM\...\TT-Dynamic-Range 1.1) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    23-10-2015 07:17:04 avast! antivirus system restore point
    10-11-2015 16:41:46 ComboFix created restore point

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 04:23 - 2015-08-04 06:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {4C8FD088-B3A4-4131-9106-8B5D2A4A8884} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-10] (AVAST Software)
    Task: {6E33666C-A08E-4EFB-8C2F-C4C763F57488} - System32\Tasks\avastBCLRestartS-1-5-21-2578409918-2136055275-2787630165-1000 => Firefox.exe
    Task: {6EA60806-8B7E-4539-A56B-B2B814A53B6E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2578409918-2136055275-2787630165-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
    Task: {8DEDC8F6-3801-41F4-A2F1-2A02036D0BE8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
    Task: {EEED73F1-569C-4B18-84BD-865EB6DFCB2E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2578409918-2136055275-2787630165-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-04-19 07:12 - 2015-11-10 10:50 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-04-19 07:12 - 2015-11-10 10:50 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-11-13 14:30 - 2015-11-13 14:30 - 02991104 _____ () C:\Program Files\AVAST Software\Avast\defs\15111302\algo.dll
    2015-11-10 10:50 - 2015-11-10 10:50 - 00466448 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2015-03-13 13:02 - 2015-11-10 10:50 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C
    AlternateDataStreams: C:\ProgramData:6C06D612AA2581CA
    AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C
    AlternateDataStreams: C:\Users\All Users:6C06D612AA2581CA
    AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C
    AlternateDataStreams: C:\ProgramData\Application Data:6C06D612AA2581CA

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2578409918-2136055275-2787630165-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\tiger_in_snow-1600x900.jpg
    DNS Servers: 209.18.47.61 - 209.18.47.62
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 0)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: Apple Mobile Device => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: Creative ALchemy AL6 Licensing Service => 3
    MSCONFIG\Services: Creative Audio Engine Licensing Service => 3
    MSCONFIG\Services: CTAudSvcService => 2
    MSCONFIG\Services: dlbu_device => 2
    MSCONFIG\Services: EMDMgmt => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: LBTServ => 3
    MSCONFIG\Services: MBAMScheduler => 2
    MSCONFIG\Services: MBAMService => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: NIHardwareService => 2
    MSCONFIG\Services: nvsvc => 2
    MSCONFIG\Services: nvUpdatusService => 2
    MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
    MSCONFIG\Services: Stereo Service => 2
    MSCONFIG\Services: TabletInputService => 2
    MSCONFIG\Services: TapiSrv => 3
    MSCONFIG\Services: wercplsupport => 3
    MSCONFIG\Services: WMPNetworkSvc => 3
    MSCONFIG\Services: WPDBusEnum => 2
    MSCONFIG\Services: wscsvc => 2
    MSCONFIG\startupfolder: C:^Users^mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: DLBUCATS => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16
    MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
    MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: P17RunE => RunDll32 P17RunE.dll,RunDLLEntry
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
    MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    MSCONFIG\startupreg: WindowsWelcomeCenter => rundll32.exe oobefldr.dll,ShowWelcomeCenter
    MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
    FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
    FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
    FirewallRules: [{E926E57D-011D-4F63-BCC5-FFCFDC28D091}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
    FirewallRules: [{CE504808-152F-4073-8BB9-0F8E7C4D30C6}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
    FirewallRules: [{AB3FBA72-52C3-4476-9A38-230DBE05659B}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
    FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [{2E85EAF1-AE0C-446C-93BE-0A61A5E1FB01}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{6D63AFA9-48D1-401F-A408-FA2255985AFF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{FE738EF9-98D9-43CF-8D4F-FBA3D8D992A7}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{D6001DE4-1D83-4812-A9C7-756EDBF077E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{9E225086-0E22-4098-AD8D-BCC7498F0AB4}] => (Allow) LPort=80
    FirewallRules: [{E1DBAB75-865E-4E25-8F73-FA62D6BF8C93}] => (Allow) LPort=80
    FirewallRules: [{67748C2A-52D3-437E-8E73-AB6DFAFD2EE6}] => (Allow) LPort=80
    FirewallRules: [TCP Query User{4F78EF53-370B-477D-ACED-36D0A5DF605A}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
    FirewallRules: [UDP Query User{7E58BFB3-19EE-4B9E-8597-8C92EA530998}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
    FirewallRules: [{2F5CFC77-2698-4AAE-91A1-94C5105CD56D}] => (Allow) LPort=94
    FirewallRules: [{B359C11B-0138-4ED0-983E-C9D9BCA17082}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{B5091572-F1EA-43D2-88CF-2949BA1CC729}] => (Allow) C:\Windows\System32\dlbucoms.exe
    FirewallRules: [{BBBA1E2A-B3DC-4738-98D2-51DE8F1971D0}] => (Allow) C:\Windows\System32\dlbucoms.exe
    FirewallRules: [TCP Query User{ADB77C9B-8D82-493D-AEF4-61868B85074E}C:\program files\presonus\studio one 2\studio one.exe] => (Allow) C:\program files\presonus\studio one 2\studio one.exe
    FirewallRules: [UDP Query User{F8719520-B34F-4800-A9E0-F0DB5EBB49BC}C:\program files\presonus\studio one 2\studio one.exe] => (Allow) C:\program files\presonus\studio one 2\studio one.exe
    FirewallRules: [{609E4B8F-4F9E-48B6-8F7D-613084C58064}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{0F7CA079-147A-4076-9B1F-AB4CD93D22B8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{51D9DA87-4790-458C-BF65-0D8CAEEBEE20}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{4C87197E-4A1A-4F39-BE06-739EB76CBEB3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{989D3A5A-7ECE-461A-9B9F-112928581425}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{8D39BBCE-4BE8-405D-8807-48B3B50060A2}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

    ==================== Faulty Device Manager Devices =============

    Name: Microsoft 6to4 Adapter
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Microsoft 6to4 Adapter #2
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/13/2015 06:31:50 PM) (Source: LoadPerf) (EventID: 3002) (User: )
    Description: 蓠ㅖW矲㞺쉯ॸ뜵�਱䩠ﳖꞗﻴ夯ꠊ�ꠈ䉸︱쾿ކ䶅萑ᏺ鮼᪟闬渼鿎塯骟盳ザ赏滣熱哘サ懺౅➳糴�俿근⠊뭫￴磾薌逎ギ䳡륰鿾볹蝫Ƅ詓類迱�ﴲ龦ﳩ뗔쵁੏ᨒ둪濻ǿ薨愌퀳蒢嵍⟯蠒姃䉧x꾇믤꯿읠韨偈쨐䵍鯄䅂싮動㡣ㅣ㇇㖛㱢좩뀲₳㠤砳뷚䊌璐썏犙銫嘫䶞즭밭㏡⿎១ੀᄅﱜꔣ翽蓏㱏㋊ꇣ恂硂ቫ�壺れ迆롂셎㯋刺ጱᕬ褙寃⸃藉翥�ꁗ귎쐏呆ᚓɋо簚臡翺ᆦꗻ鿾仹䱈钹䜡�￾峡㸑뾛ᄋ⤔侂ꊯソ哅ﻸ咚␙⼀⫯厳翷蛚讏䯍긜焆찁ᠼ廽ⵎ엶ᱜ쑀詔뇢楞ꠌ࿟灸嫀ቴ↣쨻ᆘᢐ兼墭鋎Ѐݢ눆䭬줕㙬㼞歷晸䀔Ꙏﻊꊢ嫸갈톶ỉṭ㎝陥ೇ뒊羓ﺸ⻄ӕ솳笛◻蒾퐗峆귚䛑㠊偌ɠで莜鞴氂ᑁꯔཿ㗧ࣩ鹆엘怙ﻭ焔迻ﳿ㭜尼⌖ܩ鐩拴瀓�엿렊腹ラ퟼⤻ꏄ⣸폖焕界逑‰퇭ఎ藌ध첨C뼕뷸ࢺ⭮点節ᛷ芏萤ﲚ䱛䠦㑳使瞪ুನ邷筻ュ摏ꈦﻗ篛豭ॕ⎨쓲矾硂酊핯添ፊ✤荐ﶿ醋䴈⁃靏䷿ㆽ葧㛔ܒ�윶‿ﮍ枣ᢩﰿꚈ㬮⚐⯍恳䩷ꜷﳼ夯췼ᒃ쁝檃✂귖�ᷯ뼣鞱⇉こʵ帘ⶍ߯ṉᆔ즨⡊违ଠ骀䆆�齮죩苌葤⫋濣�꣯䅍﨡俟鿺᫓뎒驐ځ矤㿽쯭⣆Ꮰꍐ濯듛ꈦ뷕ᄊ퐃刡꟩㢱ﲁꚀ鼯馐༡罺ビ萕௉᳄濿濓㳤ꄪ䯃﫿藦ࠔᅴ顿鋈渚黐ⴄ羼噏哼㡱դ괘召濿엨吆똡�㋿៾䑐媶﹯�늺靿솫됤ॏ뒨﷗⡾䵨굂_ದˆ隤꛿膟⻻吰쪸悃彋✮뤯ꠢ唞뱞༌㱀즁짙�⃊洒ϓ峣﹖㆓쓴鯻⮺劕߄ش裏푤⌷睴瑩踁☗亍뺭妪뼫㋵虣㌾瓱⦅㎙偘춤䨷嶻⅒业ꫨ瑺ꃏ됏ᣞ㽪倛纽ฮ倃锻Ꮉ失骕៭ﴜ璲畖驝尃䦼ᛍ눈脠⛲덻읗X迷찪虤埮譐�鯵ꐪ⧕뙫䶮㭶̸Ɵ홺Ꮴ摔褺鯹押뭷誥⥀魍㋕垪ㄞ‴⭶䬯�ᥰ젎晛뛭龛䴄워⨄▥꛿骞佱ង㊦ⓧዉꢣ镛鍇੏녡ፏ䔹┨ﺥﯿ䏻拶㤇鞙蠭筘鑀큀㓿ŕ擀ꓣﻷ潏녭ﭗ蝭ી0숉४頎�浻⏿燔ᆪี云_桯׵ᘆ众폴餉폴۵઩ስ涪ﯶ�ᚔ힯䯟砠눲暈ښᣩꈆ㡥釗괬쥂螱䳀ᐅ둾ᰅ贌厡煲ೱ儡㘙恠릮砗ⲽ펟Ễ䥘Ӏꔁ쒞홨ᅨ鏩﷮싵灝譃�쐵掇갚၀烐䀡袲寮體䶸蹎淛럚俾ꠉ葹컥︯ၥ蒚坉ሟ寧ὓ閨崃龃煝蒔ϔ鸇�捕쏿꺧뷎祽カ喥⦩�ꀪ뙄ﰷ侓ﻭ傼肚쵀�䴦뿛૿倒ጇ棌ሱ띯诿勷琉횧覶⮋殭︗퉟禪뵖䝕ソ苻ꌽ樐去큧螚齵←⛴嚡�潽폴ᛅ缳뵙蔎㻒ﭻ䟔ή툳Β᫖⫑爐鎉夊�폫㰝ꀤ欏ꬰ瑽ウ㤌箋迋�ꄛ๵簂빍띭⻿팧�﷌ꎐ㷻꿚놩劆ⲁ뎛词ꨧ땲쥱᯺⛿�솂䆌䇁㗦ฎ隗軔﷘贍湈ꦗ佶뀨᱄�⋥ᜢㅡ碨갾홧쪉쏆䩧鸑崆ᒤ㘦鮏ᶤ΁⫷澖걚贤᧧ェᗠ㬬ナ끌殞DZಥ푢遀ᒚŌ䛌榉ᙱ뙬ෙ뷋Ὓ䔖ꩬ⮙裋鳲窊䤆ृ鯙凘◉ᰶ䫋헎䵖媧ꯄ啙�扐ႉ匁㩙﫧쪛ៜ챁顪弇녉ஈ깜漤脁Ȉ㡾牻꼷⥵宱尯仝蕴龍ꜩ䘯鸞죷ௌ娢ု಴砩혁蛪廣펴ꯒ쫠獀잟ⱹꀮ븐溇훺릍봹㰺襕ﱷꙿ텡﷑咩ꡇ㴈堟ﻗ蒟䟔팴ᄉ窼麖゚갞䩟懄瓔䱀쁝뤁ꚯ⭱郙꾸㧄亠犅랈ﳿᆭﶠ鴑剞ᥱكㆢ仓㲡�뿬跿䘦�毛됛莚胟숭깨㪌㾗붐湁잢Ģᎋ非๽窲櫰剣゜ኽჴ涭詐籽罅楕掣ꆷ眣᳴紿緳췯䴼ᄅ괼䘈ꑰ徕힇㡳鵥㇟쎶Ȿ㕐䱷⠬途梅丂愙ﴯ鰾紬ン袻奂ﻙ゚斡᠀뫷㼷翵춿졐阨鮛䔿鑡ꢕ畊㇣ࡀ뗛⯀朰쏄ᬕ擺ꁖ⃳₩퉊ᡠ꿼෬Ѳﱾキ툑귫婚曍�ࡒ閥Љ筺꧆瑽쩢垍㽍蛈ᭅ媗璮➂轂燬㚡孪疾뻯㚗쥗瞒�礑ฏ涄棱礶፳ⷔ⽰⨝쥠᭍㈈㿟팀孝垵晳횘켣癯름稗稁䊭Ꜯ䋍ኪ㓇ᄅ㷽⹂樈ᅭ懽琜૿䗠䢦௥ೠ븬�￿ﯠ䂘괻㍾ꖔ�랈۫싯뎊娔ךṷ灜簱ڊ橇퉜�䪹霭餗莻ີ⯩᜸筒䈐į장ૡ鋥㎕ꡗ犐䲵㪴뒑擨㙺先㞧㏿Ɐ飙⟗⁤䫑떗蔽륻氲糵ꊜ츠鎃圂锆㔒啃嬛ᢱ䑻䀛覕㯓邓ࢫ猐㮡䊮㟚鼛ꫢ噀⚱ℌꖭﷄ뢺믲⫮쵞ܖ᥈涄鍖Თ뿈뾛ኢ␟쀊㤁뜬먧̟놼晴嗪긒ᩜ홰괫扲噠颹뙔ひ읹챤仆婏棰냠ꤦ呔∸৅㟯扏�㜶ા嵘촗䀘扌ﮉ察뷯翞ࣧᴇ(걿㱆ꩈ⥲��墂♙7ퟸꇊ촾⛿뺻韟뿜섄蹌⦌쾘⦅鷨륪뎲�᳻㌢Ȇ䡰ქ퀿䓾곟갼쀼ﰥ剃譟僣硚ᴀ蔜ꀭ�钇ܲ몡ക鑰⭌朵震엠놠뎝�氇䴫趦竷峾퉽䊸てࢩ跂ﲿž鬰ԣ筑ﷺ❓ア퐉讈盯礏�餉⚢㖢넄㟥᣺鼉涋슈曗븴창鴰툓镯꒶紜ኵ戚肣頛䤖ᘊ᠔柷ዽᔼ梽灢袅뒏۲둟⢂傗蘋著韯*쬮蒯䬸猀戞䛐ǝ氁긎ꗯ㨘銩촨㴇ᒬ餁됐疫娧緉嶝⇮㝗퉷庁쇺߫룥偝䉧꒬枘ﳱ긧喷ᵍ尡缷㯟ﹲ꼡峿㥵�邘딷뱪Ⲿ�﫽晓ᯚ�闝筩鱔ᅧ汻緱醦嵫ࣗ苠�㴎窆ፕ�㡜ꆏ躗곙ᨳ쁕⭕ꋎ黶皥떾評톬ퟪ棦ጪ櫈�皤㆞嵆ᮒ붛䉴ṹ즉橔ģ儿괪硥饷䦂胝ࢍᖡ꬞萴饤仚贓퐝ൡⶉ঎恺巣ꤓꧥ∢䧒퀲껌੼驪ꃈז⩰㛫쮪ᮟ駻感깉㑙䉜䧀暑ヘ筰﻾쫋ꦲ颣䧉䆆읥豿浤婉큇⶿譫火秕㊙㭍Ὀ鷴ꬡ㜪ス⨉ꆱ嬖랕틧ᮅ榣쮎瑵淵嗩嚮戕픮乷ᤁ敱煽ռ膜䞤̦霢୧�豒�ꩲ⽞搈⇬ၨᐶ垡猶鮘䢆际펽렟篧뭍鄫긾笉銤퐢�쬾슳昣⭠΁ᔹ骤堞ꭜꝾ㟳萿㦡恗؛ꈅ�✮໚뫤愧儹鏕㨫냆ᐒ鳀Ꮏ볪籇舫ᩳ騾罽⣪Ḧꇢ�낣蚺ᛨ诸ꊉ醸庄쐦碧￟䳿껣ꤘ탤눑⎩ⳡ℧꾑�⻿兑�뙷蜧䔬ﲆ瓓倒쌜鷼ਹ䯣뷠띹鬾뉖㘨ᕓ鸲녜畚蓋꡹뽧읓蔛�粷䨁脶誴⭴会餓㿝ᒩᝤ﾿䎑厝᪀逧휭먣罠鱁ꜜꪃ㊜䓺⽿ጘс寄঺઀蠏奈꠪縹߽䯏俼謍츰☠༣祽䣸雤馟㠊倌ᙤ뵍᫧윻⤢洑⸲ꨃ㌟㞒쌖搐೔Ᶎ끞ꣅ僮Ա聹꾵띟췥쿍냹忝窷劗⡽읙䗡鉛ᥬⳜ湬樽弿쾑뾡枊‰浭솃绉쑗딯쐏踄㙽䈽诐￿᪍ᠼ쑛ڋਉ텒愨ぽ첔䪉ௌ௢᧵猙넫ⲱ滤瀕ԃ냿艹羷皲믫轺ɰᬸ䄴콟骾齾䎕귀쀎意陼鷄⟿䕘뷵䑭缤炈舧꼿䀴෉࣋뵜ṧ丶抩⸜਒谆㤉ㅣƻ梁ᕵ畱楡剈邂ꌚᶘ嚂⓮㵴斪䮂鱖﩮푀惾꿅勒埏켢焴单쌈蹑漗Ꜷ뻌歸鉑ﶚ겯痌દૅ佊油㷝鳣�떟흕꜓�὜럦ᓝ쐊摖ᄋ觷詡ˏ⛶ꁨ⌒驝떺後鉨셰缵ᜒ捥쎁悇裾끭넡긕ؔ�짨嘚꺫ᶔ촡뺢抴㌀ဦ瀂롴蟩絁ꐝ駀切놬઒횿뛉ᵖ駒ᴲ諬℀含ᷦ䕁艂撼ꛀ搳耗绝㜪ᝫꩅ챖訁热峆ᷛ꧈ᱧ⯔ᰪ쳧셹ᐘ쐦杖₽歃ㄴ㣟켔晰➎졇㝢㝿젚ﯰ陦吩衶屐蒕囤ꗼꞭ对䒎ዿ὿鈊ꀁ匲涝잶�넖㗄Ё䥭皚鎱ᗹ辿넭᝵芛Ⳇ㱁쨈皂꿼揠懨Ʋ椄ꓟ㖇�ᒅ툁룬귯땾栺﯁昶㤯雂⾘ꈢ�灍孒箞糥쀒�굾澺㭝萳�냉⻃໱⍜蹂→ࣾc뺦郜鲟厌圷৹칮〆㕻餬犁抶署섌ᑙ몮ધ貰嘏ω拠픵ᛜ逄틾㖦⎒룐㧶⹰椅꒦꬙䄺줕祓䁵ф᥊ﱵ嗃䔕汔ꡪ㣞ꆚٞ氍戍꒟Ȃ朣⹑使齾ﺜ烸趢缌￴�オퟏң㖀톨࿤랇᝱葳䘽⃋꒳ꠖ률災Ⅿ他㺉烑ߐ㟌そྵꠑ庺擗甜䳃筼뒍Ⱐ�옒遑ή‸Ꮉ潿ꀦ쥂ঁ砈剤ǘ຅멯ﭨꃷ췁ꯇ葀縘ⶦ㝣꓂ែ檦锸ᓾೀ↓澂ᅢ芓惨䓾䓌꥝㉸鳗鯡ڕ饵纛䧯萌掝ᮇ禌圔䔒ⷮ怌엁샀ᅔ뻱Ỹꎂ᪏募놶䐺芉碅ᵗ䪰숲劸ꃗ臁ᡤ「ᱬ뢲뮒誻鳁춚ᕀ靅ਖ똮ᛴ멜몥⪅삖叓걳㎖舑퀒惊㯰ᦂ岦抋⾬觲걭훝✑「ᔟ疽巕歘ꪯ鼺ㄦ퓸ږ朜㕾섯ꈧ䣬쾂؞鐂缤馞�嗼଱᫒橝㭄娦푒ំ毳滹꡽睄齳ࡉ腱쎲㉍Ꙇ慍駧詩迳꽈뢺�﹒뷔ꨤ舉칵᪜ꈑ㿅⢝衒㴉彠⑪휷ꃢ膵剞싏뼠棇רּ舌䯆ퟲ긹젟秵䪪방릲㉘렺穱㫀寉䟹씱ம饁ᇰ뢰퍀끿菇⳿Ტ셣叢暬ມ豽抹⵾㷰ཫੁ댿챤쥭𢡊请肓쬍㛝ꄈ쥩평쑧扼ᛥᡃꔕ옣䲼ꍯꔨ綺鯮兜١䳪皋㥫계ᖹ�뀸邒⠝ﺭ苂�杲瑴鉗�秠䏡⫊▽獮䌚惼⒡㿼姗❳墬〕㩴쎌憍Ւ纪笜薵Ɗ׸ㅭ烃圤쒫ᕐ慑䓪례迡걖ᗳ浺ﱮ๳䁲ꌉꔡ헬囆棎ꛍ咍桞叾튘⠔Ȣ浨㝦彐둶뾬㔧빑쐌嗙盵ᘴ퐀ꦘ裬哤ᐙ퐃쩝퇑䶬࠳磤鰞╪ᾬ䛊㝆圏꬧樨䓜�ʵ즂籴벒ᖀ☓뛤宰쉦悘蹆g몓ᐁ䝽挑검왁�뮼쨹퐼펩ᄛ䔓ďꔤ뇺冃勈ᔔ೭蒜鏨喵쀧㍛㗦懙斥뷖避䡺햫㪦詑㣹炅紏홰尝泉溇從鈗膏봬�틕ு胛꫚ﱶ�鎕襥䛧➱蔗胔⋭돡껏໙ꦋ壛ⶢ駀⊃ℷⰗ୐侑ꨏ붰廵寝聑ဨ匘ἀ맛ꞑ랿껛�咕≿㬙・㠎ḟ触燶ဳㄎ倜賱藜깼࣒䷷戡善ఇഀ즬뉇嘊玨꿃⋉昲㌻됓杮ᔏ署⎷笇ᬶ䰞勌ﶎ諴侕綂즃ゲﺌ悊蕼뵛뿠䬋⽱狡쐲혓ℌṗ껬ᣜຐ稦粌脫툯韟﷿䦀워뾾ꊯȴ圳聋16

    Error: (11/13/2015 03:22:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\MARK\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\QP4CYDFL.DEFAULT-1439305111912\CACHE2\DOOMED> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (11/13/2015 03:22:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\MARK\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\QP4CYDFL.DEFAULT-1439305111912\CACHE2\DOOMED> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (11/13/2015 03:22:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\MARK\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\QP4CYDFL.DEFAULT-1439305111912\CACHE2\ENTRIES> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (11/13/2015 03:22:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\MARK\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\QP4CYDFL.DEFAULT-1439305111912\CACHE2\ENTRIES> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (11/13/2015 03:08:19 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\MARK\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\LOW\CONTENT.IE5\DESKTOP.INI> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (11/13/2015 02:23:08 PM) (Source: LoadPerf) (EventID: 3002) (User: )
    Description: 蓠ㅖW矲㞺쉯ॸ뜵�਱䩠ﳖꞗﻴ夯ꠊ�ꠈ䉸︱쾿ކ䶅萑ᏺ鮼᪟闬渼鿎塯骟盳ザ赏滣熱哘サ懺౅➳糴�俿근⠊뭫￴磾薌逎ギ䳡륰鿾볹蝫Ƅ詓類迱�ﴲ龦ﳩ뗔쵁੏ᨒ둪濻ǿ薨愌퀳蒢嵍⟯蠒姃䉧x꾇믤꯿읠韨偈쨐䵍鯄䅂싮動㡣ㅣ㇇㖛㱢좩뀲₳㠤砳뷚䊌璐썏犙銫嘫䶞즭밭㏡⿎១ੀᄅﱜꔣ翽蓏㱏㋊ꇣ恂硂ቫ�壺れ迆롂셎㯋刺ጱᕬ褙寃⸃藉翥�ꁗ귎쐏呆ᚓɋо簚臡翺ᆦꗻ鿾仹䱈钹䜡�￾峡㸑뾛ᄋ⤔侂ꊯソ哅ﻸ咚␙⼀⫯厳翷蛚讏䯍긜焆찁ᠼ廽ⵎ엶ᱜ쑀詔뇢楞ꠌ࿟灸嫀ቴ↣쨻ᆘᢐ兼墭鋎Ѐݢ눆䭬줕㙬㼞歷晸䀔Ꙏﻊꊢ嫸갈톶ỉṭ㎝陥ೇ뒊羓ﺸ⻄ӕ솳笛◻蒾퐗峆귚䛑㠊偌ɠで莜鞴氂ᑁꯔཿ㗧ࣩ鹆엘怙ﻭ焔迻ﳿ㭜尼⌖ܩ鐩拴瀓�엿렊腹ラ퟼⤻ꏄ⣸폖焕界逑‰퇭ఎ藌ध첨C뼕뷸ࢺ⭮点節ᛷ芏萤ﲚ䱛䠦㑳使瞪ুನ邷筻ュ摏ꈦﻗ篛豭ॕ⎨쓲矾硂酊핯添ፊ✤荐ﶿ醋䴈⁃靏䷿ㆽ葧㛔ܒ�윶‿ﮍ枣ᢩﰿꚈ㬮⚐⯍恳䩷ꜷﳼ夯췼ᒃ쁝檃✂귖�ᷯ뼣鞱⇉こʵ帘ⶍ߯ṉᆔ즨⡊违ଠ骀䆆�齮죩苌葤⫋濣�꣯䅍﨡俟鿺᫓뎒驐ځ矤㿽쯭⣆Ꮰꍐ濯듛ꈦ뷕ᄊ퐃刡꟩㢱ﲁꚀ鼯馐༡罺ビ萕௉᳄濿濓㳤ꄪ䯃﫿藦ࠔᅴ顿鋈渚黐ⴄ羼噏哼㡱դ괘召濿엨吆똡�㋿៾䑐媶﹯�늺靿솫됤ॏ뒨﷗⡾䵨굂_ದˆ隤꛿膟⻻吰쪸悃彋✮뤯ꠢ唞뱞༌㱀즁짙�⃊洒ϓ峣﹖㆓쓴鯻⮺劕߄ش裏푤⌷睴瑩踁☗亍뺭妪뼫㋵虣㌾瓱⦅㎙偘춤䨷嶻⅒业ꫨ瑺ꃏ됏ᣞ㽪倛纽ฮ倃锻Ꮉ失骕៭ﴜ璲畖驝尃䦼ᛍ눈脠⛲덻읗X迷찪虤埮譐�鯵ꐪ⧕뙫䶮㭶̸Ɵ홺Ꮴ摔褺鯹押뭷誥⥀魍㋕垪ㄞ‴⭶䬯�ᥰ젎晛뛭龛䴄워⨄▥꛿骞佱ង㊦ⓧዉꢣ镛鍇੏녡ፏ䔹┨ﺥﯿ䏻拶㤇鞙蠭筘鑀큀㓿ŕ擀ꓣﻷ潏녭ﭗ蝭ી0숉४頎�浻⏿燔ᆪี云_桯׵ᘆ众폴餉폴۵઩ስ涪ﯶ�ᚔ힯䯟砠눲暈ښᣩꈆ㡥釗괬쥂螱䳀ᐅ둾ᰅ贌厡煲ೱ儡㘙恠릮砗ⲽ펟Ễ䥘Ӏꔁ쒞홨ᅨ鏩﷮싵灝譃�쐵掇갚၀烐䀡袲寮體䶸蹎淛럚俾ꠉ葹컥︯ၥ蒚坉ሟ寧ὓ閨崃龃煝蒔ϔ鸇�捕쏿꺧뷎祽カ喥⦩�ꀪ뙄ﰷ侓ﻭ傼肚쵀�䴦뿛૿倒ጇ棌ሱ띯诿勷琉횧覶⮋殭︗퉟禪뵖䝕ソ苻ꌽ樐去큧螚齵←⛴嚡�潽폴ᛅ缳뵙蔎㻒ﭻ䟔ή툳Β᫖⫑爐鎉夊�폫㰝ꀤ欏ꬰ瑽ウ㤌箋迋�ꄛ๵簂빍띭⻿팧�﷌ꎐ㷻꿚놩劆ⲁ뎛词ꨧ땲쥱᯺⛿�솂䆌䇁㗦ฎ隗軔﷘贍湈ꦗ佶뀨᱄�⋥ᜢㅡ碨갾홧쪉쏆䩧鸑崆ᒤ㘦鮏ᶤ΁⫷澖걚贤᧧ェᗠ㬬ナ끌殞DZಥ푢遀ᒚŌ䛌榉ᙱ뙬ෙ뷋Ὓ䔖ꩬ⮙裋鳲窊䤆ृ鯙凘◉ᰶ䫋헎䵖媧ꯄ啙�扐ႉ匁㩙﫧쪛ៜ챁顪弇녉ஈ깜漤脁Ȉ㡾牻꼷⥵宱尯仝蕴龍ꜩ䘯鸞죷ௌ娢ု಴砩혁蛪廣펴ꯒ쫠獀잟ⱹꀮ븐溇훺릍봹㰺襕ﱷꙿ텡﷑咩ꡇ㴈堟ﻗ蒟䟔팴ᄉ窼麖゚갞䩟懄瓔䱀쁝뤁ꚯ⭱郙꾸㧄亠犅랈ﳿᆭﶠ鴑剞ᥱكㆢ仓㲡�뿬跿䘦�毛됛莚胟숭깨㪌㾗붐湁잢Ģᎋ非๽窲櫰剣゜ኽჴ涭詐籽罅楕掣ꆷ眣᳴紿緳췯䴼ᄅ괼䘈ꑰ徕힇㡳鵥㇟쎶Ȿ㕐䱷⠬途梅丂愙ﴯ鰾紬ン袻奂ﻙ゚斡᠀뫷㼷翵춿졐阨鮛䔿鑡ꢕ畊㇣ࡀ뗛⯀朰쏄ᬕ擺ꁖ⃳₩퉊ᡠ꿼෬Ѳﱾキ툑귫婚曍�ࡒ閥Љ筺꧆瑽쩢垍㽍蛈ᭅ媗璮➂轂燬㚡孪疾뻯㚗쥗瞒�礑ฏ涄棱礶፳ⷔ⽰⨝쥠᭍㈈㿟팀孝垵晳횘켣癯름稗稁䊭Ꜯ䋍ኪ㓇ᄅ㷽⹂樈ᅭ懽琜૿䗠䢦௥ೠ븬�￿ﯠ䂘괻㍾ꖔ�랈۫싯뎊娔ךṷ灜簱ڊ橇퉜�䪹霭餗莻ີ⯩᜸筒䈐į장ૡ鋥㎕ꡗ犐䲵㪴뒑擨㙺先㞧㏿Ɐ飙⟗⁤䫑떗蔽륻氲糵ꊜ츠鎃圂锆㔒啃嬛ᢱ䑻䀛覕㯓邓ࢫ猐㮡䊮㟚鼛ꫢ噀⚱ℌꖭﷄ뢺믲⫮쵞ܖ᥈涄鍖Თ뿈뾛ኢ␟쀊㤁뜬먧̟놼晴嗪긒ᩜ홰괫扲噠颹뙔ひ읹챤仆婏棰냠ꤦ呔∸৅㟯扏�㜶ા嵘촗䀘扌ﮉ察뷯翞ࣧᴇ(걿㱆ꩈ⥲��墂♙7ퟸꇊ촾⛿뺻韟뿜섄蹌⦌쾘⦅鷨륪뎲�᳻㌢Ȇ䡰ქ퀿䓾곟갼쀼ﰥ剃譟僣硚ᴀ蔜ꀭ�钇ܲ몡ക鑰⭌朵震엠놠뎝�氇䴫趦竷峾퉽䊸てࢩ跂ﲿž鬰ԣ筑ﷺ❓ア퐉讈盯礏�餉⚢㖢넄㟥᣺鼉涋슈曗븴창鴰툓镯꒶紜ኵ戚肣頛䤖ᘊ᠔柷ዽᔼ梽灢袅뒏۲둟⢂傗蘋著韯*쬮蒯䬸猀戞䛐ǝ氁긎ꗯ㨘銩촨㴇ᒬ餁됐疫娧緉嶝⇮㝗퉷庁쇺߫룥偝䉧꒬枘ﳱ긧喷ᵍ尡缷㯟ﹲ꼡峿㥵�邘딷뱪Ⲿ�﫽晓ᯚ�闝筩鱔ᅧ汻緱醦嵫ࣗ苠�㴎窆ፕ�㡜ꆏ躗곙ᨳ쁕⭕ꋎ黶皥떾評톬ퟪ棦ጪ櫈�皤㆞嵆ᮒ붛䉴ṹ즉橔ģ儿괪硥饷䦂胝ࢍᖡ꬞萴饤仚贓퐝ൡⶉ঎恺巣ꤓꧥ∢䧒퀲껌੼驪ꃈז⩰㛫쮪ᮟ駻感깉㑙䉜䧀暑ヘ筰﻾쫋ꦲ颣䧉䆆읥豿浤婉큇⶿譫火秕㊙㭍Ὀ鷴ꬡ㜪ス⨉ꆱ嬖랕틧ᮅ榣쮎瑵淵嗩嚮戕픮乷ᤁ敱煽ռ膜䞤̦霢୧�豒�ꩲ⽞搈⇬ၨᐶ垡猶鮘䢆际펽렟篧뭍鄫긾笉銤퐢�쬾슳昣⭠΁ᔹ骤堞ꭜꝾ㟳萿㦡恗؛ꈅ�✮໚뫤愧儹鏕㨫냆ᐒ鳀Ꮏ볪籇舫ᩳ騾罽⣪Ḧꇢ�낣蚺ᛨ诸ꊉ醸庄쐦碧￟䳿껣ꤘ탤눑⎩ⳡ℧꾑�⻿兑�뙷蜧䔬ﲆ瓓倒쌜鷼ਹ䯣뷠띹鬾뉖㘨ᕓ鸲녜畚蓋꡹뽧읓蔛�粷䨁脶誴⭴会餓㿝ᒩᝤ﾿䎑厝᪀逧휭먣罠鱁ꜜꪃ㊜䓺⽿ጘс寄঺઀蠏奈꠪縹߽䯏俼謍츰☠༣祽䣸雤馟㠊倌ᙤ뵍᫧윻⤢洑⸲ꨃ㌟㞒쌖搐೔Ᶎ끞ꣅ僮Ա聹꾵띟췥쿍냹忝窷劗⡽읙䗡鉛ᥬⳜ湬樽弿쾑뾡枊‰浭솃绉쑗딯쐏踄㙽䈽诐￿᪍ᠼ쑛ڋਉ텒愨ぽ첔䪉ௌ௢᧵猙넫ⲱ滤瀕ԃ냿艹羷皲믫轺ɰᬸ䄴콟骾齾䎕귀쀎意陼鷄⟿䕘뷵䑭缤炈舧꼿䀴෉࣋뵜ṧ丶抩⸜਒谆㤉ㅣƻ梁ᕵ畱楡剈邂ꌚᶘ嚂⓮㵴斪䮂鱖﩮푀惾꿅勒埏켢焴单쌈蹑漗Ꜷ뻌歸鉑ﶚ겯痌દૅ佊油㷝鳣�떟흕꜓�὜럦ᓝ쐊摖ᄋ觷詡ˏ⛶ꁨ⌒驝떺後鉨셰缵ᜒ捥쎁悇裾끭넡긕ؔ�짨嘚꺫ᶔ촡뺢抴㌀ဦ瀂롴蟩絁ꐝ駀切놬઒횿뛉ᵖ駒ᴲ諬℀含ᷦ䕁艂撼ꛀ搳耗绝㜪ᝫꩅ챖訁热峆ᷛ꧈ᱧ⯔ᰪ쳧셹ᐘ쐦杖₽歃ㄴ㣟켔晰➎졇㝢㝿젚ﯰ陦吩衶屐蒕囤ꗼꞭ对䒎ዿ὿鈊ꀁ匲涝잶�넖㗄Ё䥭皚鎱ᗹ辿넭᝵芛Ⳇ㱁쨈皂꿼揠懨Ʋ椄ꓟ㖇�ᒅ툁룬귯땾栺﯁昶㤯雂⾘ꈢ�灍孒箞糥쀒�굾澺㭝萳�냉⻃໱⍜蹂→ࣾc뺦郜鲟厌圷৹칮〆㕻餬犁抶署섌ᑙ몮ધ貰嘏ω拠픵ᛜ逄틾㖦⎒룐㧶⹰椅꒦꬙䄺줕祓䁵ф᥊ﱵ嗃䔕汔ꡪ㣞ꆚٞ氍戍꒟Ȃ朣⹑使齾ﺜ烸趢缌￴�オퟏң㖀톨࿤랇᝱葳䘽⃋꒳ꠖ률災Ⅿ他㺉烑ߐ㟌そྵꠑ庺擗甜䳃筼뒍Ⱐ�옒遑ή‸Ꮉ潿ꀦ쥂ঁ砈剤ǘ຅멯ﭨꃷ췁ꯇ葀縘ⶦ㝣꓂ែ檦锸ᓾೀ↓澂ᅢ芓惨䓾䓌꥝㉸鳗鯡ڕ饵纛䧯萌掝ᮇ禌圔䔒ⷮ怌엁샀ᅔ뻱Ỹꎂ᪏募놶䐺芉碅ᵗ䪰숲劸ꃗ臁ᡤ「ᱬ뢲뮒誻鳁춚ᕀ靅ਖ똮ᛴ멜몥⪅삖叓걳㎖舑퀒惊㯰ᦂ岦抋⾬觲걭훝✑「ᔟ疽巕歘ꪯ鼺ㄦ퓸ږ朜㕾섯ꈧ䣬쾂؞鐂缤馞�嗼଱᫒橝㭄娦푒ំ毳滹꡽睄齳ࡉ腱쎲㉍Ꙇ慍駧詩迳꽈뢺�﹒뷔ꨤ舉칵᪜ꈑ㿅⢝衒㴉彠⑪휷ꃢ膵剞싏뼠棇רּ舌䯆ퟲ긹젟秵䪪방릲㉘렺穱㫀寉䟹씱ம饁ᇰ뢰퍀끿菇⳿Ტ셣叢暬ມ豽抹⵾㷰ཫੁ댿챤쥭𢡊请肓쬍㛝ꄈ쥩평쑧扼ᛥᡃꔕ옣䲼ꍯꔨ綺鯮兜١䳪皋㥫계ᖹ�뀸邒⠝ﺭ苂�杲瑴鉗�秠䏡⫊▽獮䌚惼⒡㿼姗❳墬〕㩴쎌憍Ւ纪笜薵Ɗ׸ㅭ烃圤쒫ᕐ慑䓪례迡걖ᗳ浺ﱮ๳䁲ꌉꔡ헬囆棎ꛍ咍桞叾튘⠔Ȣ浨㝦彐둶뾬㔧빑쐌嗙盵ᘴ퐀ꦘ裬哤ᐙ퐃쩝퇑䶬࠳磤鰞╪ᾬ䛊㝆圏꬧樨䓜�ʵ즂籴벒ᖀ☓뛤宰쉦悘蹆g몓ᐁ䝽挑검왁�뮼쨹퐼펩ᄛ䔓ďꔤ뇺冃勈ᔔ೭蒜鏨喵쀧㍛㗦懙斥뷖避䡺햫㪦詑㣹炅紏홰尝泉溇從鈗膏봬�틕ு胛꫚ﱶ�鎕襥䛧➱蔗胔⋭돡껏໙ꦋ壛ⶢ駀⊃ℷⰗ୐侑ꨏ붰廵寝聑ဨ匘ἀ맛ꞑ랿껛�咕≿㬙・㠎ḟ触燶ဳㄎ倜賱藜깼࣒䷷戡善ఇഀ즬뉇嘊玨꿃⋉昲㌻됓杮ᔏ署⎷笇ᬶ䰞勌ﶎ諴侕綂즃ゲﺌ悊蕼뵛뿠䬋⽱狡쐲혓ℌṗ껬ᣜຐ稦粌脫툯韟﷿䦀워뾾ꊯȴ圳聋16

    Error: (11/13/2015 11:19:51 AM) (Source: ESENT) (EventID: 447) (User: )
    Description: Windows (2332) Windows: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 16, PgnoRoot: 457) of database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb (12342 => 10320, Windows0).

    Error: (11/13/2015 10:57:05 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application SearchProtocolHost.exe, version 7.0.6002.18005, time stamp 0x49e0244d, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc000012d, fault offset 0x00009f5d,
    process id 0x17d4, application start time 0xSearchProtocolHost.exe0.

    Error: (11/13/2015 10:22:47 AM) (Source: LoadPerf) (EventID: 3002) (User: )
    Description: 蓠ㅖW矲㞺쉯ॸ뜵�਱䩠ﳖꞗﻴ夯ꠊ�ꠈ䉸︱쾿ކ䶅萑ᏺ鮼᪟闬渼鿎塯骟盳ザ赏滣熱哘サ懺౅➳糴�俿근⠊뭫￴磾薌逎ギ䳡륰鿾볹蝫Ƅ詓類迱�ﴲ龦ﳩ뗔쵁੏ᨒ둪濻ǿ薨愌퀳蒢嵍⟯蠒姃䉧x꾇믤꯿읠韨偈쨐䵍鯄䅂싮動㡣ㅣ㇇㖛㱢좩뀲₳㠤砳뷚䊌璐썏犙銫嘫䶞즭밭㏡⿎១ੀᄅﱜꔣ翽蓏㱏㋊ꇣ恂硂ቫ�壺れ迆롂셎㯋刺ጱᕬ褙寃⸃藉翥�ꁗ귎쐏呆ᚓɋо簚臡翺ᆦꗻ鿾仹䱈钹䜡�￾峡㸑뾛ᄋ⤔侂ꊯソ哅ﻸ咚␙⼀⫯厳翷蛚讏䯍긜焆찁ᠼ廽ⵎ엶ᱜ쑀詔뇢楞ꠌ࿟灸嫀ቴ↣쨻ᆘᢐ兼墭鋎Ѐݢ눆䭬줕㙬㼞歷晸䀔Ꙏﻊꊢ嫸갈톶ỉṭ㎝陥ೇ뒊羓ﺸ⻄ӕ솳笛◻蒾퐗峆귚䛑㠊偌ɠで莜鞴氂ᑁꯔཿ㗧ࣩ鹆엘怙ﻭ焔迻ﳿ㭜尼⌖ܩ鐩拴瀓�엿렊腹ラ퟼⤻ꏄ⣸폖焕界逑‰퇭ఎ藌ध첨C뼕뷸ࢺ⭮点節ᛷ芏萤ﲚ䱛䠦㑳使瞪ুನ邷筻ュ摏ꈦﻗ篛豭ॕ⎨쓲矾硂酊핯添ፊ✤荐ﶿ醋䴈⁃靏䷿ㆽ葧㛔ܒ�윶‿ﮍ枣ᢩﰿꚈ㬮⚐⯍恳䩷ꜷﳼ夯췼ᒃ쁝檃✂귖�ᷯ뼣鞱⇉こʵ帘ⶍ߯ṉᆔ즨⡊违ଠ骀䆆�齮죩苌葤⫋濣�꣯䅍﨡俟鿺᫓뎒驐ځ矤㿽쯭⣆Ꮰꍐ濯듛ꈦ뷕ᄊ퐃刡꟩㢱ﲁꚀ鼯馐༡罺ビ萕௉᳄濿濓㳤ꄪ䯃﫿藦ࠔᅴ顿鋈渚黐ⴄ羼噏哼㡱դ괘召濿엨吆똡�㋿៾䑐媶﹯�늺靿솫됤ॏ뒨﷗⡾䵨굂_ದˆ隤꛿膟⻻吰쪸悃彋✮뤯ꠢ唞뱞༌㱀즁짙�⃊洒ϓ峣﹖㆓쓴鯻⮺劕߄ش裏푤⌷睴瑩踁☗亍뺭妪뼫㋵虣㌾瓱⦅㎙偘춤䨷嶻⅒业ꫨ瑺ꃏ됏ᣞ㽪倛纽ฮ倃锻Ꮉ失骕៭ﴜ璲畖驝尃䦼ᛍ눈脠⛲덻읗X迷찪虤埮譐�鯵ꐪ⧕뙫䶮㭶̸Ɵ홺Ꮴ摔褺鯹押뭷誥⥀魍㋕垪ㄞ‴⭶䬯�ᥰ젎晛뛭龛䴄워⨄▥꛿骞佱ង㊦ⓧዉꢣ镛鍇੏녡ፏ䔹┨ﺥﯿ䏻拶㤇鞙蠭筘鑀큀㓿ŕ擀ꓣﻷ潏녭ﭗ蝭ી0숉४頎�浻⏿燔ᆪี云_桯׵ᘆ众폴餉폴۵઩ስ涪ﯶ�ᚔ힯䯟砠눲暈ښᣩꈆ㡥釗괬쥂螱䳀ᐅ둾ᰅ贌厡煲ೱ儡㘙恠릮砗ⲽ펟Ễ䥘Ӏꔁ쒞홨ᅨ鏩﷮싵灝譃�쐵掇갚၀烐䀡袲寮體䶸蹎淛럚俾ꠉ葹컥︯ၥ蒚坉ሟ寧ὓ閨崃龃煝蒔ϔ鸇�捕쏿꺧뷎祽カ喥⦩�ꀪ뙄ﰷ侓ﻭ傼肚쵀�䴦뿛૿倒ጇ棌ሱ띯诿勷琉횧覶⮋殭︗퉟禪뵖䝕ソ苻ꌽ樐去큧螚齵←⛴嚡�潽폴ᛅ缳뵙蔎㻒ﭻ䟔ή툳Β᫖⫑爐鎉夊�폫㰝ꀤ欏ꬰ瑽ウ㤌箋迋�ꄛ๵簂빍띭⻿팧�﷌ꎐ㷻꿚놩劆ⲁ뎛词ꨧ땲쥱᯺⛿�솂䆌䇁㗦ฎ隗軔﷘贍湈ꦗ佶뀨᱄�⋥ᜢㅡ碨갾홧쪉쏆䩧鸑崆ᒤ㘦鮏ᶤ΁⫷澖걚贤᧧ェᗠ㬬ナ끌殞DZಥ푢遀ᒚŌ䛌榉ᙱ뙬ෙ뷋Ὓ䔖ꩬ⮙裋鳲窊䤆ृ鯙凘◉ᰶ䫋헎䵖媧ꯄ啙�扐ႉ匁㩙﫧쪛ៜ챁顪弇녉ஈ깜漤脁Ȉ㡾牻꼷⥵宱尯仝蕴龍ꜩ䘯鸞죷ௌ娢ု಴砩혁蛪廣펴ꯒ쫠獀잟ⱹꀮ븐溇훺릍봹㰺襕ﱷꙿ텡﷑咩ꡇ㴈堟ﻗ蒟䟔팴ᄉ窼麖゚갞䩟懄瓔䱀쁝뤁ꚯ⭱郙꾸㧄亠犅랈ﳿᆭﶠ鴑剞ᥱكㆢ仓㲡�뿬跿䘦�毛됛莚胟숭깨㪌㾗붐湁잢Ģᎋ非๽窲櫰剣゜ኽჴ涭詐籽罅楕掣ꆷ眣᳴紿緳췯䴼ᄅ괼䘈ꑰ徕힇㡳鵥㇟쎶Ȿ㕐䱷⠬途梅丂愙ﴯ鰾紬ン袻奂ﻙ゚斡᠀뫷㼷翵춿졐阨鮛䔿鑡ꢕ畊㇣ࡀ뗛⯀朰쏄ᬕ擺ꁖ⃳₩퉊ᡠ꿼෬Ѳﱾキ툑귫婚曍�ࡒ閥Љ筺꧆瑽쩢垍㽍蛈ᭅ媗璮➂轂燬㚡孪疾뻯㚗쥗瞒�礑ฏ涄棱礶፳ⷔ⽰⨝쥠᭍㈈㿟팀孝垵晳횘켣癯름稗稁䊭Ꜯ䋍ኪ㓇ᄅ㷽⹂樈ᅭ懽琜૿䗠䢦௥ೠ븬�￿ﯠ䂘괻㍾ꖔ�랈۫싯뎊娔ךṷ灜簱ڊ橇퉜�䪹霭餗莻ີ⯩᜸筒䈐į장ૡ鋥㎕ꡗ犐䲵㪴뒑擨㙺先㞧㏿Ɐ飙⟗⁤䫑떗蔽륻氲糵ꊜ츠鎃圂锆㔒啃嬛ᢱ䑻䀛覕㯓邓ࢫ猐㮡䊮㟚鼛ꫢ噀⚱ℌꖭﷄ뢺믲⫮쵞ܖ᥈涄鍖Თ뿈뾛ኢ␟쀊㤁뜬먧̟놼晴嗪긒ᩜ홰괫扲噠颹뙔ひ읹챤仆婏棰냠ꤦ呔∸৅㟯扏�㜶ા嵘촗䀘扌ﮉ察뷯翞ࣧᴇ(걿㱆ꩈ⥲��墂♙7ퟸꇊ촾⛿뺻韟뿜섄蹌⦌쾘⦅鷨륪뎲�᳻㌢Ȇ䡰ქ퀿䓾곟갼쀼ﰥ剃譟僣硚ᴀ蔜ꀭ�钇ܲ몡ക鑰⭌朵震엠놠뎝�氇䴫趦竷峾퉽䊸てࢩ跂ﲿž鬰ԣ筑ﷺ❓ア퐉讈盯礏�餉⚢㖢넄㟥᣺鼉涋슈曗븴창鴰툓镯꒶紜ኵ戚肣頛䤖ᘊ᠔柷ዽᔼ梽灢袅뒏۲둟⢂傗蘋著韯*쬮蒯䬸猀戞䛐ǝ氁긎ꗯ㨘銩촨㴇ᒬ餁됐疫娧緉嶝⇮㝗퉷庁쇺߫룥偝䉧꒬枘ﳱ긧喷ᵍ尡缷㯟ﹲ꼡峿㥵�邘딷뱪Ⲿ�﫽晓ᯚ�闝筩鱔ᅧ汻緱醦嵫ࣗ苠�㴎窆ፕ�㡜ꆏ躗곙ᨳ쁕⭕ꋎ黶皥떾評톬ퟪ棦ጪ櫈�皤㆞嵆ᮒ붛䉴ṹ즉橔ģ儿괪硥饷䦂胝ࢍᖡ꬞萴饤仚贓퐝ൡⶉ঎恺巣ꤓꧥ∢䧒퀲껌੼驪ꃈז⩰㛫쮪ᮟ駻感깉㑙䉜䧀暑ヘ筰﻾쫋ꦲ颣䧉䆆읥豿浤婉큇⶿譫火秕㊙㭍Ὀ鷴ꬡ㜪ス⨉ꆱ嬖랕틧ᮅ榣쮎瑵淵嗩嚮戕픮乷ᤁ敱煽ռ膜䞤̦霢୧�豒�ꩲ⽞搈⇬ၨᐶ垡猶鮘䢆际펽렟篧뭍鄫긾笉銤퐢�쬾슳昣⭠΁ᔹ骤堞ꭜꝾ㟳萿㦡恗؛ꈅ�✮໚뫤愧儹鏕㨫냆ᐒ鳀Ꮏ볪籇舫ᩳ騾罽⣪Ḧꇢ�낣蚺ᛨ诸ꊉ醸庄쐦碧￟䳿껣ꤘ탤눑⎩ⳡ℧꾑�⻿兑�뙷蜧䔬ﲆ瓓倒쌜鷼ਹ䯣뷠띹鬾뉖㘨ᕓ鸲녜畚蓋꡹뽧읓蔛�粷䨁脶誴⭴会餓㿝ᒩᝤ﾿䎑厝᪀逧휭먣罠鱁ꜜꪃ㊜䓺⽿ጘс寄঺઀蠏奈꠪縹߽䯏俼謍츰☠༣祽䣸雤馟㠊倌ᙤ뵍᫧윻⤢洑⸲ꨃ㌟㞒쌖搐೔Ᶎ끞ꣅ僮Ա聹꾵띟췥쿍냹忝窷劗⡽읙䗡鉛ᥬⳜ湬樽弿쾑뾡枊‰浭솃绉쑗딯쐏踄㙽䈽诐￿᪍ᠼ쑛ڋਉ텒愨ぽ첔䪉ௌ௢᧵猙넫ⲱ滤瀕ԃ냿艹羷皲믫轺ɰᬸ䄴콟骾齾䎕귀쀎意陼鷄⟿䕘뷵䑭缤炈舧꼿䀴෉࣋뵜ṧ丶抩⸜਒谆㤉ㅣƻ梁ᕵ畱楡剈邂ꌚᶘ嚂⓮㵴斪䮂鱖﩮푀惾꿅勒埏켢焴单쌈蹑漗Ꜷ뻌歸鉑ﶚ겯痌દૅ佊油㷝鳣�떟흕꜓�὜럦ᓝ쐊摖ᄋ觷詡ˏ⛶ꁨ⌒驝떺後鉨셰缵ᜒ捥쎁悇裾끭넡긕ؔ�짨嘚꺫ᶔ촡뺢抴㌀ဦ瀂롴蟩絁ꐝ駀切놬઒횿뛉ᵖ駒ᴲ諬℀含ᷦ䕁艂撼ꛀ搳耗绝㜪ᝫꩅ챖訁热峆ᷛ꧈ᱧ⯔ᰪ쳧셹ᐘ쐦杖₽歃ㄴ㣟켔晰➎졇㝢㝿젚ﯰ陦吩衶屐蒕囤ꗼꞭ对䒎ዿ὿鈊ꀁ匲涝잶�넖㗄Ё䥭皚鎱ᗹ辿넭᝵芛Ⳇ㱁쨈皂꿼揠懨Ʋ椄ꓟ㖇�ᒅ툁룬귯땾栺﯁昶㤯雂⾘ꈢ�灍孒箞糥쀒�굾澺㭝萳�냉⻃໱⍜蹂→ࣾc뺦郜鲟厌圷৹칮〆㕻餬犁抶署섌ᑙ몮ધ貰嘏ω拠픵ᛜ逄틾㖦⎒룐㧶⹰椅꒦꬙䄺줕祓䁵ф᥊ﱵ嗃䔕汔ꡪ㣞ꆚٞ氍戍꒟Ȃ朣⹑使齾ﺜ烸趢缌￴�オퟏң㖀톨࿤랇᝱葳䘽⃋꒳ꠖ률災Ⅿ他㺉烑ߐ㟌そྵꠑ庺擗甜䳃筼뒍Ⱐ�옒遑ή‸Ꮉ潿ꀦ쥂ঁ砈剤ǘ຅멯ﭨꃷ췁ꯇ葀縘ⶦ㝣꓂ែ檦锸ᓾೀ↓澂ᅢ芓惨䓾䓌꥝㉸鳗鯡ڕ饵纛䧯萌掝ᮇ禌圔䔒ⷮ怌엁샀ᅔ뻱Ỹꎂ᪏募놶䐺芉碅ᵗ䪰숲劸ꃗ臁ᡤ「ᱬ뢲뮒誻鳁춚ᕀ靅ਖ똮ᛴ멜몥⪅삖叓걳㎖舑퀒惊㯰ᦂ岦抋⾬觲걭훝✑「ᔟ疽巕歘ꪯ鼺ㄦ퓸ږ朜㕾섯ꈧ䣬쾂؞鐂缤馞�嗼଱᫒橝㭄娦푒ំ毳滹꡽睄齳ࡉ腱쎲㉍Ꙇ慍駧詩迳꽈뢺�﹒뷔ꨤ舉칵᪜ꈑ㿅⢝衒㴉彠⑪휷ꃢ膵剞싏뼠棇רּ舌䯆ퟲ긹젟秵䪪방릲㉘렺穱㫀寉䟹씱ம饁ᇰ뢰퍀끿菇⳿Ტ셣叢暬ມ豽抹⵾㷰ཫੁ댿챤쥭𢡊请肓쬍㛝ꄈ쥩평쑧扼ᛥᡃꔕ옣䲼ꍯꔨ綺鯮兜١䳪皋㥫계ᖹ�뀸邒⠝ﺭ苂�杲瑴鉗�秠䏡⫊▽獮䌚惼⒡㿼姗❳墬〕㩴쎌憍Ւ纪笜薵Ɗ׸ㅭ烃圤쒫ᕐ慑䓪례迡걖ᗳ浺ﱮ๳䁲ꌉꔡ헬囆棎ꛍ咍桞叾튘⠔Ȣ浨㝦彐둶뾬㔧빑쐌嗙盵ᘴ퐀ꦘ裬哤ᐙ퐃쩝퇑䶬࠳磤鰞╪ᾬ䛊㝆圏꬧樨䓜�ʵ즂籴벒ᖀ☓뛤宰쉦悘蹆g몓ᐁ䝽挑검왁�뮼쨹퐼펩ᄛ䔓ďꔤ뇺冃勈ᔔ೭蒜鏨喵쀧㍛㗦懙斥뷖避䡺햫㪦詑㣹炅紏홰尝泉溇從鈗膏봬�틕ு胛꫚ﱶ�鎕襥䛧➱蔗胔⋭돡껏໙ꦋ壛ⶢ駀⊃ℷⰗ୐侑ꨏ붰廵寝聑ဨ匘ἀ맛ꞑ랿껛�咕≿㬙・㠎ḟ触燶ဳㄎ倜賱藜깼࣒䷷戡善ఇഀ즬뉇嘊玨꿃⋉昲㌻됓杮ᔏ署⎷笇ᬶ䰞勌ﶎ諴侕綂즃ゲﺌ悊蕼뵛뿠䬋⽱狡쐲혓ℌṗ껬ᣜຐ稦粌脫툯韟﷿䦀워뾾ꊯȴ圳聋16


    System errors:
    =============
    Error: (11/13/2015 06:36:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Remote Access Connection ManagerTelephony%%1058

    Error: (11/13/2015 06:36:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Remote Access Connection ManagerTelephony%%1058

    Error: (11/13/2015 06:36:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Remote Access Connection ManagerTelephony%%1058

    Error: (11/13/2015 06:36:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Remote Access Connection ManagerTelephony%%1058

    Error: (11/13/2015 06:36:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Remote Access Connection ManagerTelephony%%1058

    Error: (11/13/2015 06:36:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Remote Access Connection ManagerTelephony%%1058

    Error: (11/13/2015 06:36:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Remote Access Connection ManagerTelephony%%1058

    Error: (11/13/2015 06:36:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Remote Access Connection ManagerTelephony%%1058

    Error: (11/13/2015 06:36:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Remote Access Connection ManagerTelephony%%1058

    Error: (11/13/2015 06:36:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Remote Access Connection ManagerTelephony%%1058


    CodeIntegrity:
    ===================================
    Date: 2015-11-13 18:34:44.660
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-13 18:34:44.377
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-13 18:34:44.056
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-13 18:34:43.695
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-12 22:21:01.488
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-12 22:21:01.207
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-12 22:21:00.958
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-12 22:21:00.708
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-12 22:21:00.459
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-12 22:21:00.209
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz
    Percentage of memory in use: 69%
    Total physical RAM: 3069.21 MB
    Available physical RAM: 947.28 MB
    Total Virtual: 3007.47 MB
    Available Virtual: 499.19 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:179.24 GB) (Free:25.37 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive e: () (Fixed) (Total:43.55 GB) (Free:22.09 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.8 GB) (Disk ID: 10000000)
    Partition 1: (Active) - (Size=179.2 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=43.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

  4. #4
    Member
    Join Date
    Jul 2012
    Posts
    32
    Points
    0

    Default

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
    Ran by mark (administrator) on MARK-PC (13-11-2015 18:34:17)
    Running from C:\Users\mark\Desktop
    Loaded Profiles: mark (Available Profiles: mark & UpdatusUser)
    Platform: Microsoft Windows Vista Home Premium Service Pack 2 (X86) Language: English (United States)
    Internet Explorer Version 9 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (PACE Anti-Piracy, Inc.) C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-10] (AVAST Software)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-11-10] (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
    Tcpip\..\Interfaces\{6ECFF025-36B4-4055-927E-AFBC34AB9007}: [DhcpNameServer] 209.18.47.61 209.18.47.62

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2578409918-2136055275-2787630165-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2578409918-2136055275-2787630165-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-59a7d624&q={searchTerms}
    SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-59a7d624&q={searchTerms}
    SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2578409918-2136055275-2787630165-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-59a7d624&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2578409918-2136055275-2787630165-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2578409918-2136055275-2787630165-1000 -> {A165A02C-A78C-4E05-A826-E25CBDCE0988} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-2578409918-2136055275-2787630165-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-59a7d624&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2578409918-2136055275-2787630165-1000 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-10] (AVAST Software)
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab

    FireFox:
    ========
    FF ProfilePath: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\qp4cydfl.default-1439305111912
    FF DefaultSearchEngine.US: Search Provided by Bing
    FF Homepage: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-18] ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=16.0.2.32 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-06-13] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.2.32 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-06-13] (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2578409918-2136055275-2787630165-1000: @citrixonline.com/appdetectorplugin -> C:\Users\mark\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-07] (Citrix Online)
    FF SearchPlugin: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\qp4cydfl.default-1439305111912\searchplugins\youtube-video-search.xml [2015-09-29]
    FF Extension: Ant Video Downloader - C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\qp4cydfl.default-1439305111912\Extensions\anttoolbar@ant.com [2015-08-11]
    FF Extension: Video DownloadHelper - C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\qp4cydfl.default-1439305111912\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-29]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => not found
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-10]
    FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-13] [not signed]
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]

    Chrome:
    =======
    CHR Profile: C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-14]
    CHR Extension: (Google Drive) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-14]
    CHR Extension: (YouTube) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-14]
    CHR Extension: (Google Search) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-14]
    CHR Extension: (RealDownloader) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-06-14]
    CHR Extension: (Google Wallet) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-15]
    CHR Extension: (Gmail) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-14]
    CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-05]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-10]
    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-10] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4390776 2015-11-10] (Avast Software)
    S4 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-10-12] (Creative Labs) [File not signed]
    S4 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-10-19] (Creative Labs) [File not signed]
    S4 dlbu_device; C:\Windows\system32\dlbucoms.exe [538096 2007-02-28] ( )
    S4 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    S4 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4604208 2013-01-17] (Native Instruments GmbH)
    R2 PaceLicenseDServices; C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [17191840 2014-01-16] (PACE Anti-Piracy, Inc.)
    S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-11-10] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [81168 2015-11-10] (AVAST Software)
    R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-11-10] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-11-10] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [794952 2015-11-10] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [435464 2015-11-10] (AVAST Software)
    R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [167152 2015-11-10] (AVAST Software)
    S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-11-10] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209432 2015-11-10] (AVAST Software)
    S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
    R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [121368 2015-11-10] (AVAST Software)
    R3 P17; C:\Windows\System32\drivers\P17.sys [1148416 2009-08-03] (Creative Technology Ltd.)
    S3 paeusbaudio; C:\Windows\System32\DRIVERS\paeusbaudio.sys [195448 2012-05-24] ()
    S3 paeusbaudiodsp; C:\Windows\System32\DRIVERS\paeusbaudiodsp.sys [60280 2012-05-24] ()
    S3 paeusbaudioks; C:\Windows\System32\DRIVERS\paeusbaudioks.sys [42872 2012-05-24] ()
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [94416 2013-04-11] (PACE Anti-Piracy, Inc.)
    S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [252152 2015-11-10] (Avast Software)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 catchme; \??\C:\Users\mark\AppData\Local\Temp\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 yeddef; System32\Drivers\yeddef.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-13 18:34 - 2015-11-13 18:35 - 00014954 _____ C:\Users\mark\Desktop\FRST.txt
    2015-11-13 18:34 - 2015-11-13 18:34 - 00000000 ____D C:\FRST
    2015-11-13 18:31 - 2015-11-13 18:31 - 01702400 _____ (Farbar) C:\Users\mark\Desktop\FRST.exe
    2015-11-13 05:34 - 2015-11-13 05:49 - 00000000 ____D C:\snapshots
    2015-11-12 08:08 - 2015-11-12 08:08 - 00001760 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2015-11-12 08:08 - 2015-11-12 08:08 - 00000000 ____D C:\Users\mark\AppData\Roaming\SUPERAntiSpyware.com
    2015-11-12 08:07 - 2015-11-12 08:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2015-11-12 08:07 - 2015-11-12 08:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-11-12 08:07 - 2015-11-12 08:07 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2015-11-12 07:58 - 2015-11-12 07:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\mark\Documents\HijackThis.exe
    2015-11-12 07:56 - 2015-11-12 07:57 - 23930968 _____ (SUPERAntiSpyware) C:\Users\mark\Desktop\SUPERAntiSpyware.exe
    2015-11-11 09:44 - 2015-11-12 22:41 - 00000000 ____D C:\Users\mark\Desktop\Virus pics
    2015-11-11 05:25 - 2015-11-11 05:25 - 00000680 _____ C:\Users\mark\AppData\Local\d3d9caps.dat
    2015-11-10 21:12 - 2015-11-13 18:29 - 00060799 _____ C:\Windows\WindowsUpdate.log
    2015-11-10 20:20 - 2015-11-11 05:25 - 00000680 _____ C:\Users\mark\AppData\Local\d3d9caps.tmp
    2015-11-10 17:02 - 2015-11-10 17:02 - 00011820 _____ C:\ComboFix.txt
    2015-11-10 10:50 - 2015-11-10 10:50 - 00322760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2015-11-10 10:50 - 2015-11-10 10:50 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
    2015-11-10 09:02 - 2015-11-10 09:03 - 00000000 ___HD C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}
    2015-11-10 09:02 - 2015-11-10 09:03 - 00000000 ____D C:\Users\mark\AppData\Local\EukuWmow
    2015-11-09 12:14 - 2015-11-09 12:15 - 00000000 ____D C:\Users\mark\Desktop\Sound Cloud pics
    2015-11-06 15:46 - 2015-11-06 22:02 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2015-11-02 09:17 - 2015-11-02 09:19 - 00000000 ____D C:\Users\mark\Documents\Song Writing
    2015-10-31 21:37 - 2015-10-31 21:41 - 00000000 ____D C:\Users\mark\Desktop\PayPal 2015
    2015-10-28 09:26 - 2015-10-28 09:27 - 00000000 ____D C:\Users\mark\Desktop\World Maps

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-13 18:26 - 2006-11-02 06:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-11-13 18:26 - 2006-11-02 06:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-11-13 18:25 - 2006-11-02 07:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-11-13 15:38 - 2006-11-02 07:01 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-11-13 05:34 - 2015-04-19 07:18 - 00000000 ____D C:\Windows\system32\vbox
    2015-11-12 22:12 - 2014-05-19 08:55 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-11-12 08:53 - 2015-07-20 07:52 - 00000000 ____D C:\Users\mark\Desktop\40
    2015-11-11 08:42 - 2012-11-20 11:09 - 00000000 ____D C:\Users\mark\Documents\4 sale
    2015-11-10 17:02 - 2013-01-21 19:01 - 00000000 ____D C:\Qoobox
    2015-11-10 16:57 - 2006-11-02 04:23 - 00000215 _____ C:\Windows\system.ini
    2015-11-10 16:39 - 2015-08-04 06:02 - 05638248 ____R (Swearware) C:\Users\mark\Desktop\ComboFix.exe
    2015-11-10 14:01 - 2014-03-11 08:38 - 00000000 ____D C:\Users\mark\Documents\Music PDF's and stuff
    2015-11-10 10:50 - 2015-07-31 22:28 - 00167152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
    2015-11-10 10:50 - 2014-05-08 07:41 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2015-11-10 10:50 - 2013-03-06 09:33 - 00435464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2015-11-10 10:50 - 2013-03-06 09:33 - 00209432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2015-11-10 10:50 - 2013-03-06 09:33 - 00081168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2015-11-10 10:50 - 2013-03-06 09:33 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
    2015-11-10 10:50 - 2013-03-06 09:33 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
    2015-11-10 10:50 - 2013-03-06 09:33 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2015-11-10 10:49 - 2015-07-31 22:27 - 00121368 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
    2015-11-10 10:49 - 2013-03-06 09:33 - 00794952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2015-11-10 09:38 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\tracing
    2015-11-07 05:21 - 2015-03-07 08:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2015-11-02 09:18 - 2013-02-01 23:01 - 00000000 ____D C:\Users\mark\Documents\Payments
    2015-10-22 21:07 - 2013-05-14 08:12 - 00000000 ____D C:\Program Files\Google
    2015-10-22 08:14 - 2014-05-19 08:55 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
    2015-10-18 21:08 - 2012-10-19 11:29 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-10-18 21:08 - 2012-10-19 11:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-10-17 08:25 - 2013-02-19 16:48 - 00016400 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
    2015-10-15 21:17 - 2012-10-21 18:24 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2015-10-15 21:17 - 2012-10-21 18:24 - 00000000 ____D C:\Program Files\Common Files\Adobe

    ==================== Files in the root of some directories =======

    2015-09-13 08:42 - 2015-10-07 12:42 - 0000096 _____ () C:\Users\mark\AppData\Roaming\Camdata.ini
    2015-09-13 08:42 - 2015-10-07 12:42 - 0000408 _____ () C:\Users\mark\AppData\Roaming\CamLayout.ini
    2015-09-13 08:42 - 2015-10-07 12:42 - 0000408 _____ () C:\Users\mark\AppData\Roaming\CamShapes.ini
    2015-09-13 08:42 - 2015-10-07 12:42 - 0004558 _____ () C:\Users\mark\AppData\Roaming\CamStudio.cfg
    2013-05-03 08:14 - 2014-11-30 23:06 - 0000032 _____ () C:\Users\mark\AppData\Roaming\msregsvv.dll
    2014-03-07 23:28 - 2014-03-07 23:34 - 0000013 _____ () C:\Users\mark\AppData\Roaming\pref.ga
    2015-09-13 08:38 - 2015-10-07 12:42 - 0000096 _____ () C:\Users\mark\AppData\Roaming\version2.xml
    2015-11-11 05:25 - 2015-11-11 05:25 - 0000680 _____ () C:\Users\mark\AppData\Local\d3d9caps.dat
    2015-11-10 20:20 - 2015-11-11 05:25 - 0000680 _____ () C:\Users\mark\AppData\Local\d3d9caps.tmp
    2012-10-22 06:36 - 2015-06-28 07:57 - 0105984 _____ () C:\Users\mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-05-03 08:14 - 2014-11-30 23:06 - 0000032 _____ () C:\ProgramData\autobk.inc

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-11-13 18:31

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-11-2015
    Ran by mark (2015-11-13 18:36:04)
    Running from C:\Users\mark\Desktop
    Microsoft Windows Vista Home Premium Service Pack 2 (X86) (2012-10-19 16:36:37)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2578409918-2136055275-2787630165-500 - Administrator - Disabled)
    Guest (S-1-5-21-2578409918-2136055275-2787630165-501 - Limited - Disabled)
    mark (S-1-5-21-2578409918-2136055275-2787630165-1000 - Administrator - Enabled) => C:\Users\mark
    UpdatusUser (S-1-5-21-2578409918-2136055275-2787630165-1001 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
    Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    AudioBox version 1.2 (HKLM\...\{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1) (Version: 1.2 - PreSonus)
    Avast Free Antivirus (HKLM\...\avast) (Version: 11.1.2241 - AVAST Software)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
    ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
    Creative ALchemy (HKLM\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
    Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
    Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
    Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
    Creative Sound Blaster Properties (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited)
    Creative WaveStudio 7 (HKLM\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
    DigiTech RP250 Drivers (HKLM\...\DigiTech RP250 Drivers) (Version: 2.0 - DigiTech)
    DigiTech RP250 Drivers (Version: 2.0 - DigiTech) Hidden
    DigiTech X-Edit 2.4.1 (HKLM\...\{02DC3C69-02AF-47C2-9B68-AA2A69631CF8}) (Version: 2.4.1.2 - DigiTech)
    eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    EZdrummer (HKLM\...\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}) (Version: 1.3.3 - Toontrack)
    EZmix Lite 32-bit (HKLM\...\{FBEF356F-F310-47E6-8A08-AF95375CCB8B}) (Version: 2.0.7 - Toontrack)
    EZXCocktail (HKLM\...\{147567F0-8575-4BE0-B5B3-62706C67FA5A}) (Version: 1.2.4 - Toontrack)
    Free Studio version 2014 (HKLM\...\Free Studio_is1) (Version: 6.3.8.820 - DVDVideoSoft Ltd.)
    Groove Monkee Big Easy Samples (HKLM\...\Groove Monkee Big Easy Samples) (Version: - Groove Monkee)
    Groove Monkee Blues Rock Samples (HKLM\...\Groove Monkee Blues Rock Samples) (Version: - Groove Monkee)
    Groove Monkee Blues Samples (HKLM\...\Groove Monkee Blues Samples) (Version: - Groove Monkee)
    Groove Monkee Breakbeats 1 Samples (HKLM\...\Groove Monkee Breakbeats 1 Samples) (Version: - Groove Monkee)
    Groove Monkee Country 2 Samples (HKLM\...\Groove Monkee Country 2 Samples) (Version: - Groove Monkee)
    Groove Monkee Electronic Samples (HKLM\...\Groove Monkee Electronic Samples) (Version: - Groove Monkee)
    Groove Monkee Funk Samples (HKLM\...\Groove Monkee Funk Samples) (Version: - Groove Monkee)
    Groove Monkee Fusion Samples (HKLM\...\Groove Monkee Fusion Samples) (Version: - Groove Monkee)
    Groove Monkee Hard Rock 1 Samples (HKLM\...\Groove Monkee Hard Rock 1 Samples) (Version: - Groove Monkee)
    Groove Monkee Jazz Samples (HKLM\...\Groove Monkee Jazz Samples) (Version: - Groove Monkee)
    Groove Monkee Metal 2 Samples (HKLM\...\Groove Monkee Metal 2 Samples) (Version: - Groove Monkee)
    Groove Monkee Power Rock Samples (HKLM\...\Groove Monkee Power Rock Samples) (Version: - Groove Monkee)
    Groove Monkee Producer Pack 2 Samples (HKLM\...\Groove Monkee Producer Pack 2 Samples) (Version: - Groove Monkee)
    Groove Monkee Progressive Samples (HKLM\...\Groove Monkee Progressive Samples) (Version: - Groove Monkee)
    Groove Monkee Punk Samples (HKLM\...\Groove Monkee Punk Samples) (Version: - Groove Monkee)
    Groove Monkee RB1 Samples (HKLM\...\Groove Monkee RB1 Samples) (Version: - Groove Monkee)
    Groove Monkee Rock 2 Samples (HKLM\...\Groove Monkee Rock 2 Samples) (Version: - Groove Monkee)
    Groove Monkee Rock 3 Samples (HKLM\...\Groove Monkee Rock 3 Samples) (Version: - Groove Monkee)
    Groove Monkee RockE1 Samples (HKLM\...\Groove Monkee RockE1 Samples) (Version: - Groove Monkee)
    Groove Monkee RockE2 Samples (HKLM\...\Groove Monkee RockE2 Samples) (Version: - Groove Monkee)
    Groove Monkee Twisted Samples (HKLM\...\Groove Monkee Twisted Samples) (Version: - Groove Monkee)
    Groove Monkee World Beats Samples (HKLM\...\Groove Monkee World Beats Samples) (Version: - Groove Monkee)
    IK Multimedia Authorization Manager version 1.0.9 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.9 - IK Multimedia)
    IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
    iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
    Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
    Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Massey VST Demos (Remove only) (HKLM\...\Massey VST Demos) (Version: - )
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Mozilla Firefox 42.0 (x86 en-US) (HKLM\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
    Native Instruments Abbey Road 60s Drums Vintage (HKLM\...\Native Instruments Abbey Road 60s Drums Vintage) (Version: - Native Instruments)
    Native Instruments Controller Editor (HKLM\...\Native Instruments Controller Editor) (Version: 1.5.4.1182 - Native Instruments)
    Native Instruments Guitar Rig 4 (HKLM\...\Native Instruments Guitar Rig 4) (Version: - Native Instruments)
    Native Instruments Guitar Rig Mobile I/O (HKLM\...\Native Instruments Guitar Rig Mobile I/O) (Version: - Native Instruments)
    Native Instruments Guitar Rig Session I/O (HKLM\...\Native Instruments Guitar Rig Session I/O) (Version: - Native Instruments)
    Native Instruments Komplete 7 Players (HKLM\...\Native Instruments Komplete 7 Players) (Version: - Native Instruments)
    Native Instruments Komplete Elements (HKLM\...\Native Instruments Komplete Elements) (Version: - Native Instruments)
    Native Instruments Kontakt 4 (HKLM\...\Native Instruments Kontakt 4) (Version: - Native Instruments)
    Native Instruments Kontakt Elements Selection R2 (HKLM\...\Native Instruments Kontakt Elements Selection R2) (Version: - Native Instruments)
    Native Instruments Kontakt Factory Selection (HKLM\...\Native Instruments Kontakt Factory Selection) (Version: - Native Instruments)
    Native Instruments Kore Player (HKLM\...\Native Instruments Kore Player) (Version: - Native Instruments)
    Native Instruments Mikro Prism (HKLM\...\Native Instruments Mikro Prism) (Version: - Native Instruments)
    Native Instruments Reaktor 5 (HKLM\...\Native Instruments Reaktor 5) (Version: - Native Instruments)
    Native Instruments Reaktor Elements Selection (HKLM\...\Native Instruments Reaktor Elements Selection) (Version: - Native Instruments)
    Native Instruments Reaktor Factory Selection (HKLM\...\Native Instruments Reaktor Factory Selection) (Version: - Native Instruments)
    Native Instruments Reaktor Spark R2 (HKLM\...\Native Instruments Reaktor Spark R2) (Version: - Native Instruments)
    Native Instruments Rig Kontrol 3 (HKLM\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments)
    Native Instruments Service Center (HKLM\...\Native Instruments Service Center) (Version: - Native Instruments)
    NVIDIA 3D Vision Controller Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
    NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
    NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
    PACE License Support Win32 (HKLM\...\InstallShield_{3165EA9B-36CC-499B-96FF-66FC30E10EF8}) (Version: 2.3.1.0494 - PACE Anti-Piracy, Inc.)
    PACE License Support Win32 (Version: 2.3.1.0494 - PACE Anti-Piracy, Inc.) Hidden
    Pedals VST (HKLM\...\Pedals VST) (Version: - )
    PreSonus Studio One 2 (HKLM\...\PreSonus Studio One 2) (Version: 2.6.5.30360 - PreSonus Audio Electronics)
    QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    RealDownloader (Version: 1.3.2 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
    RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Slice Audio File Splitter (HKLM\...\Slice) (Version: - NCH Software)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1208 - SUPERAntiSpyware.com)
    System Requirements Lab for Intel (HKLM\...\{0941583C-A10F-4FBB-9B1C-9178CE3BFDAF}) (Version: 4.5.23.0 - Husdawg, LLC)
    Toontrack solo (HKLM\...\{5866520C-8857-4986-833A-039F4584C3F7}) (Version: 1.3.2 - Toontrack)
    TT-Dynamic-Range 1.1 (HKLM\...\TT-Dynamic-Range 1.1) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    23-10-2015 07:17:04 avast! antivirus system restore point
    10-11-2015 16:41:46 ComboFix created restore point

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 04:23 - 2015-08-04 06:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {4C8FD088-B3A4-4131-9106-8B5D2A4A8884} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-10] (AVAST Software)
    Task: {6E33666C-A08E-4EFB-8C2F-C4C763F57488} - System32\Tasks\avastBCLRestartS-1-5-21-2578409918-2136055275-2787630165-1000 => Firefox.exe
    Task: {6EA60806-8B7E-4539-A56B-B2B814A53B6E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2578409918-2136055275-2787630165-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
    Task: {8DEDC8F6-3801-41F4-A2F1-2A02036D0BE8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
    Task: {EEED73F1-569C-4B18-84BD-865EB6DFCB2E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2578409918-2136055275-2787630165-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-04-19 07:12 - 2015-11-10 10:50 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-04-19 07:12 - 2015-11-10 10:50 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-11-13 14:30 - 2015-11-13 14:30 - 02991104 _____ () C:\Program Files\AVAST Software\Avast\defs\15111302\algo.dll
    2015-11-10 10:50 - 2015-11-10 10:50 - 00466448 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2015-03-13 13:02 - 2015-11-10 10:50 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C
    AlternateDataStreams: C:\ProgramData:6C06D612AA2581CA
    AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C
    AlternateDataStreams: C:\Users\All Users:6C06D612AA2581CA
    AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C
    AlternateDataStreams: C:\ProgramData\Application Data:6C06D612AA2581CA

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2578409918-2136055275-2787630165-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\tiger_in_snow-1600x900.jpg
    DNS Servers: 209.18.47.61 - 209.18.47.62
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 0)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: Apple Mobile Device => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: Creative ALchemy AL6 Licensing Service => 3
    MSCONFIG\Services: Creative Audio Engine Licensing Service => 3
    MSCONFIG\Services: CTAudSvcService => 2
    MSCONFIG\Services: dlbu_device => 2
    MSCONFIG\Services: EMDMgmt => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: LBTServ => 3
    MSCONFIG\Services: MBAMScheduler => 2
    MSCONFIG\Services: MBAMService => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: NIHardwareService => 2
    MSCONFIG\Services: nvsvc => 2
    MSCONFIG\Services: nvUpdatusService => 2
    MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
    MSCONFIG\Services: Stereo Service => 2
    MSCONFIG\Services: TabletInputService => 2
    MSCONFIG\Services: TapiSrv => 3
    MSCONFIG\Services: wercplsupport => 3
    MSCONFIG\Services: WMPNetworkSvc => 3
    MSCONFIG\Services: WPDBusEnum => 2
    MSCONFIG\Services: wscsvc => 2
    MSCONFIG\startupfolder: C:^Users^mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: DLBUCATS => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16
    MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
    MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: P17RunE => RunDll32 P17RunE.dll,RunDLLEntry
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
    MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    MSCONFIG\startupreg: WindowsWelcomeCenter => rundll32.exe oobefldr.dll,ShowWelcomeCenter
    MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
    FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
    FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
    FirewallRules: [{E926E57D-011D-4F63-BCC5-FFCFDC28D091}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
    FirewallRules: [{CE504808-152F-4073-8BB9-0F8E7C4D30C6}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
    FirewallRules: [{AB3FBA72-52C3-4476-9A38-230DBE05659B}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
    FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [{2E85EAF1-AE0C-446C-93BE-0A61A5E1FB01}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{6D63AFA9-48D1-401F-A408-FA2255985AFF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{FE738EF9-98D9-43CF-8D4F-FBA3D8D992A7}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{D6001DE4-1D83-4812-A9C7-756EDBF077E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{9E225086-0E22-4098-AD8D-BCC7498F0AB4}] => (Allow) LPort=80
    FirewallRules: [{E1DBAB75-865E-4E25-8F73-FA62D6BF8C93}] => (Allow) LPort=80
    FirewallRules: [{67748C2A-52D3-437E-8E73-AB6DFAFD2EE6}] => (Allow) LPort=80
    FirewallRules: [TCP Query User{4F78EF53-370B-477D-ACED-36D0A5DF605A}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
    FirewallRules: [UDP Query User{7E58BFB3-19EE-4B9E-8597-8C92EA530998}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
    FirewallRules: [{2F5CFC77-2698-4AAE-91A1-94C5105CD56D}] => (Allow) LPort=94
    FirewallRules: [{B359C11B-0138-4ED0-983E-C9D9BCA17082}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{B5091572-F1EA-43D2-88CF-2949BA1CC729}] => (Allow) C:\Windows\System32\dlbucoms.exe
    FirewallRules: [{BBBA1E2A-B3DC-4738-98D2-51DE8F1971D0}] => (Allow) C:\Windows\System32\dlbucoms.exe
    FirewallRules: [TCP Query User{ADB77C9B-8D82-493D-AEF4-61868B85074E}C:\program files\presonus\studio one 2\studio one.exe] => (Allow) C:\program files\presonus\studio one 2\studio one.exe
    FirewallRules: [UDP Query User{F8719520-B34F-4800-A9E0-F0DB5EBB49BC}C:\program files\presonus\studio one 2\studio one.exe] => (Allow) C:\program files\presonus\studio one 2\studio one.exe
    FirewallRules: [{609E4B8F-4F9E-48B6-8F7D-613084C58064}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{0F7CA079-147A-4076-9B1F-AB4CD93D22B8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{51D9DA87-4790-458C-BF65-0D8CAEEBEE20}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{4C87197E-4A1A-4F39-BE06-739EB76CBEB3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{989D3A5A-7ECE-461A-9B9F-112928581425}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{8D39BBCE-4BE8-405D-8807-48B3B50060A2}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

    ==================== Faulty Device Manager Devices =============

    Name: Microsoft 6to4 Adapter
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Microsoft 6to4 Adapter #2
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/13/2015 06:31:50 PM) (Source: LoadPerf) (EventID: 3002) (User: )
    Description: 蓠ㅖW矲㞺쉯ॸ뜵�਱䩠ﳖꞗﻴ夯ꠊ�ꠈ䉸︱쾿ކ䶅萑ᏺ鮼᪟闬渼鿎塯骟盳ザ赏滣熱哘サ懺౅➳糴�俿근⠊뭫￴磾薌逎ギ䳡륰鿾볹蝫Ƅ詓類迱�ﴲ龦ﳩ뗔쵁੏ᨒ둪濻ǿ薨愌퀳蒢嵍⟯蠒姃䉧x꾇믤꯿읠韨偈쨐䵍鯄䅂싮動㡣ㅣ㇇㖛㱢좩뀲₳㠤砳뷚䊌璐썏犙銫嘫䶞즭밭㏡⿎១ੀᄅﱜꔣ翽蓏㱏㋊ꇣ恂硂ቫ�壺れ迆롂셎㯋刺ጱᕬ褙寃⸃藉翥�ꁗ귎쐏呆ᚓɋо簚臡翺ᆦꗻ鿾仹䱈钹䜡�￾峡㸑뾛ᄋ⤔侂ꊯソ哅ﻸ咚␙⼀⫯厳翷蛚讏䯍긜焆찁ᠼ廽ⵎ엶ᱜ쑀詔뇢楞ꠌ࿟灸嫀ቴ↣쨻ᆘᢐ兼墭鋎Ѐݢ눆䭬줕㙬㼞歷晸䀔Ꙏﻊꊢ嫸갈톶ỉṭ㎝陥ೇ뒊羓ﺸ⻄ӕ솳笛◻蒾퐗峆귚䛑㠊偌ɠで莜鞴氂ᑁꯔཿ㗧ࣩ鹆엘怙ﻭ焔迻ﳿ㭜尼⌖ܩ鐩拴瀓�엿렊腹ラ퟼⤻ꏄ⣸폖焕界逑퇭ఎ藌ध첨C뼕뷸ࢺ⭮点節ᛷ芏萤ﲚ䱛䠦㑳使瞪ুನ邷筻ュ摏ꈦﻗ篛豭ॕ⎨쓲矾硂酊핯添ፊ✤荐ﶿ醋䴈⁃靏䷿ㆽ葧㛔ܒ�윶‿ﮍ枣ᢩﰿꚈ㬮⚐⯍恳䩷ꜷﳼ夯췼ᒃ쁝檃✂귖�ᷯ뼣鞱⇉こʵ帘ⶍ߯ṉᆔ즨⡊违ଠ骀䆆�齮죩苌葤⫋濣�꣯䅍﨡俟鿺᫓뎒驐ځ矤㿽쯭⣆Ꮰꍐ濯듛ꈦ뷕ᄊ퐃刡꟩㢱ﲁꚀ鼯馐༡罺ビ萕௉᳄濿濓㳤ꄪ䯃﫿藦ࠔᅴ顿鋈渚黐ⴄ羼噏哼㡱դ괘召濿엨吆똡�㋿៾䑐媶﹯�늺靿솫됤ॏ뒨﷗⡾䵨굂_ದ隤꛿膟⻻吰쪸悃彋✮뤯ꠢ唞뱞༌㱀즁짙�⃊洒ϓ峣﹖㆓쓴鯻⮺劕߄ش裏푤⌷睴瑩踁☗亍뺭妪뼫㋵虣㌾瓱⦅㎙偘춤䨷嶻⅒业ꫨ瑺ꃏ됏ᣞ㽪倛纽ฮ倃锻Ꮉ失骕៭ﴜ璲畖驝尃䦼ᛍ눈脠⛲덻읗X迷찪虤埮譐�鯵ꐪ⧕뙫䶮㭶̸Ɵ홺Ꮴ摔褺鯹押뭷誥⥀魍㋕垪ㄞ‴⭶䬯�ᥰ젎晛뛭龛䴄워⨄▥꛿骞佱ង㊦ⓧዉꢣ镛鍇੏녡ፏ䔹┨ﺥﯿ䏻拶㤇鞙蠭筘鑀큀㓿ŕ擀ꓣﻷ潏녭ﭗ蝭ી0숉४頎�浻⏿燔ᆪี云_桯׵ᘆ众폴餉폴۵઩ስ涪ﯶ�ᚔ힯䯟砠눲暈ښᣩꈆ㡥釗괬쥂螱䳀ᐅ둾ᰅ贌厡煲ೱ儡㘙恠릮砗ⲽ펟Ễ䥘Ӏꔁ쒞홨ᅨ鏩﷮싵灝譃�쐵掇갚၀烐䀡袲寮體䶸蹎淛럚俾ꠉ葹컥︯ၥ蒚坉ሟ寧ὓ閨崃龃煝蒔ϔ鸇�捕쏿꺧뷎祽カ喥⦩�ꀪ뙄ﰷ侓ﻭ傼肚쵀�䴦뿛૿倒ጇ棌ሱ띯诿勷琉횧覶⮋殭︗퉟禪뵖䝕ソ苻ꌽ樐去큧螚齵←⛴嚡�潽폴ᛅ缳뵙蔎㻒ﭻ䟔ή툳Β᫖⫑爐鎉夊�폫㰝ꀤ欏ꬰ瑽ウ㤌箋迋�ꄛ๵簂빍띭⻿팧�﷌ꎐ㷻꿚놩劆ⲁ뎛词ꨧ땲쥱᯺⛿�솂䆌䇁㗦ฎ隗軔﷘贍湈ꦗ佶뀨᱄�⋥ᜢㅡ碨갾홧쪉쏆䩧鸑崆ᒤ㘦鮏ᶤ΁⫷澖걚贤᧧ェᗠ㬬ナ끌殞DZಥ푢遀ᒚŌ䛌榉ᙱ뙬ෙ뷋Ὓ䔖ꩬ⮙裋鳲窊䤆ृ鯙凘◉ᰶ䫋헎䵖媧ꯄ啙�扐ႉ匁㩙﫧쪛ៜ챁顪弇녉ஈ깜漤脁Ȉ㡾牻꼷⥵宱尯仝蕴龍ꜩ䘯鸞죷ௌ娢ု಴砩혁蛪廣펴ꯒ쫠獀잟ⱹꀮ븐溇훺릍봹㰺襕ﱷꙿ텡﷑咩ꡇ㴈堟ﻗ蒟䟔팴ᄉ窼麖゚갞䩟懄瓔䱀쁝뤁ꚯ⭱郙꾸㧄亠犅랈ﳿᆭﶠ鴑剞ᥱكㆢ仓㲡�뿬跿䘦�毛됛莚胟숭깨㪌㾗붐湁잢Ģᎋ非๽窲櫰剣゜ኽჴ涭詐籽罅楕掣ꆷ眣᳴紿緳췯䴼ᄅ괼䘈ꑰ徕힇㡳鵥㇟쎶Ȿ㕐䱷⠬途梅丂愙ﴯ鰾紬ン袻奂ﻙ゚斡᠀뫷㼷翵춿졐阨鮛䔿鑡ꢕ畊㇣ࡀ뗛⯀朰쏄ᬕ擺ꁖ⃳₩퉊ᡠ꿼෬Ѳﱾキ툑귫婚曍�ࡒ閥Љ筺꧆瑽쩢垍㽍蛈ᭅ媗璮➂轂燬㚡孪疾뻯㚗쥗瞒�礑ฏ涄棱礶፳ⷔ€⽰⨝쥠᭍㈈㿟팀孝垵晳횘켣癯름稗稁䊭Ꜯ䋍ኪ㓇ᄅ㷽⹂樈ᅭ懽琜૿䗠䢦௥ೠ븬�￿ﯠ䂘괻㍾ꖔ�랈۫싯뎊娔ךṷ灜簱ڊ橇퉜�䪹霭餗莻ີ⯩᜸筒䈐į장ૡ鋥㎕ꡗ犐䲵㪴뒑擨㙺先㞧㏿Ɐ飙⟗⁤䫑떗蔽륻氲糵ꊜ츠鎃圂锆㔒啃嬛ᢱ䑻䀛覕㯓邓ࢫ猐㮡䊮㟚鼛ꫢ噀⚱ℌꖭﷄ뢺믲⫮쵞ܖ᥈涄鍖Თ뿈뾛ኢ␟쀊㤁뜬먧̟놼晴嗪긒ᩜ홰괫扲噠颹뙔ひ읹챤仆婏棰냠ꤦ呔∸৅㟯扏�㜶ા嵘촗䀘扌ﮉ察뷯翞ࣧᴇ(걿㱆ꩈ⥲��墂♙7ퟸꇊ촾⛿뺻韟뿜섄蹌⦌쾘⦅鷨륪뎲�᳻㌢Ȇ䡰ქ퀿䓾곟갼쀼ﰥ剃譟僣硚ᴀ蔜ꀭ�钇ܲ몡ക鑰⭌朵震엠놠뎝�氇䴫趦竷峾퉽䊸てࢩ跂ﲿ鬰ԣ筑ﷺ❓ア퐉讈盯礏�餉⚢㖢넄㟥᣺鼉涋슈曗븴창鴰툓镯꒶紜ኵ戚肣頛䤖ᘊ᠔柷ዽᔼ梽灢袅뒏۲둟⢂傗蘋著韯*쬮蒯䬸猀戞䛐ǝ氁긎ꗯ㨘銩촨㴇ᒬ餁됐疫娧緉嶝⇮㝗퉷庁쇺߫룥偝䉧꒬枘ﳱ긧喷ᵍ尡缷㯟ﹲ꼡峿㥵�邘딷뱪Ⲿ�﫽晓ᯚ�闝筩鱔ᅧ汻緱醦嵫ࣗ苠�㴎窆ፕ�㡜ꆏ躗곙ᨳ쁕⭕ꋎ黶皥떾評톬ퟪ棦ጪ櫈�皤㆞嵆ᮒ붛䉴ṹ즉橔ģ儿괪硥饷䦂胝ࢍᖡ꬞萴饤仚贓퐝ൡⶉ঎恺巣ꤓꧥ∢䧒퀲껌੼驪ꃈז⩰㛫쮪ᮟ駻感깉㑙䉜䧀暑ヘ筰﻾쫋ꦲ颣䧉䆆읥豿浤婉큇⶿譫火秕㊙㭍Ὀ鷴ꬡ㜪ス⨉ꆱ嬖랕틧ᮅ榣쮎瑵淵嗩嚮戕픮乷ᤁ敱煽ռ膜䞤̦霢୧�豒�ꩲ⽞搈⇬ၨᐶ垡猶鮘䢆际펽렟篧뭍鄫긾笉銤퐢�쬾슳昣⭠΁ᔹ骤堞ꭜꝾ㟳萿㦡恗؛ꈅ�✮໚뫤愧儹鏕㨫냆ᐒ鳀Ꮏ볪籇舫ᩳ騾罽⣪Ḧꇢ�낣蚺ᛨ诸ꊉ醸庄쐦碧￟䳿껣ꤘ탤눑⎩ⳡ℧꾑�⻿兑�뙷蜧䔬ﲆ瓓倒쌜鷼ਹ䯣뷠띹鬾뉖㘨ᕓ鸲녜畚蓋꡹뽧읓蔛�粷䨁脶誴⭴会餓㿝ᒩᝤ﾿䎑厝᪀逧휭먣罠鱁ꜜꪃ㊜䓺⽿ጘс寄঺઀蠏奈꠪縹߽䯏俼謍츰☠༣祽䣸雤馟㠊倌ᙤ뵍᫧윻⤢洑⸲ꨃ㌟㞒쌖搐೔Ᶎ끞ꣅ僮Ա聹꾵띟췥쿍냹忝窷劗⡽읙䗡鉛ᥬⳜ湬樽弿쾑뾡枊浭‰솃绉쑗딯쐏踄㙽䈽诐￿᪍ᠼ쑛ڋਉ텒愨ぽ첔䪉ௌ௢᧵猙넫ⲱ滤瀕ԃ냿艹羷皲믫轺ɰᬸ䄴콟骾齾䎕귀쀎意陼鷄⟿䕘뷵䑭缤炈舧꼿䀴෉࣋뵜ṧ丶抩⸜਒谆㤉ㅣƻ梁ᕵ畱楡剈邂ꌚᶘ嚂⓮㵴斪䮂鱖﩮푀惾꿅勒埏켢焴单쌈蹑漗Ꜷ뻌歸鉑ﶚ겯痌દૅ’佊油㷝鳣�떟흕꜓�὜럦ᓝ쐊摖ᄋ觷詡ˏ⛶ꁨ⌒驝떺後鉨셰缵ᜒ捥쎁悇裾끭넡긕ؔ�짨嘚꺫ᶔ촡뺢抴㌀ဦ瀂롴蟩絁ꐝ駀切놬઒횿뛉ᵖ駒ᴲ諬℀含ᷦ䕁艂撼ꛀ搳耗绝㜪ᝫꩅ챖訁热峆ᷛ꧈ᱧ⯔ᰪ쳧셹ᐘ쐦杖₽歃ㄴ㣟켔晰➎졇㝢㝿젚ﯰ陦吩衶屐蒕囤ꗼꞭ对䒎ዿ὿鈊ꀁ匲涝잶�넖㗄Ё䥭皚鎱ᗹ辿넭᝵芛Ⳇ㱁쨈皂꿼揠懨Ʋ椄ꓟ㖇�ᒅ툁룬귯땾栺﯁昶㤯雂⾘ꈢ�灍孒箞糥쀒�굾澺㭝萳�냉⻃໱⍜蹂→ࣾc뺦郜鲟厌圷৹칮〆㕻餬犁抶署섌ᑙ몮ધ貰嘏ω拠픵ᛜ逄틾㖦⎒룐㧶⹰椅꒦꬙䄺줕祓䁵ф᥊ﱵ嗃䔕汔ꡪ㣞ꆚٞ氍戍꒟Ȃ朣⹑使齾ﺜ烸趢缌￴�オퟏң㖀톨࿤랇᝱葳䘽⃋꒳ꠖ률災Ⅿ他㺉烑ߐ㟌そྵꠑ庺擗甜䳃筼뒍Ⱐ�옒遑ή‸Ꮉ潿ꀦ쥂ঁ砈剤ǘ຅멯ﭨꃷ췁ꯇ葀縘ⶦ㝣꓂ែ檦锸ᓾೀ↓澂ᅢ芓惨䓾䓌꥝㉸鳗鯡ڕ饵纛䧯萌掝ᮇ禌圔䔒ⷮ怌엁샀ᅔ뻱Ỹꎂ᪏募놶䐺芉碅ᵗ䪰숲劸ꃗ臁ᡤ「ᱬ뢲뮒誻鳁춚ᕀ靅ਖ똮ᛴ멜몥⪅삖叓걳㎖舑퀒惊㯰ᦂ岦抋⾬觲걭훝✑「ᔟ疽巕歘ꪯ鼺ㄦ퓸ږ朜㕾섯ꈧ䣬쾂؞鐂缤馞�嗼଱᫒橝㭄娦푒ំ毳滹꡽睄齳ࡉ腱쎲㉍Ꙇ慍駧詩迳꽈뢺�﹒뷔ꨤ舉칵᪜ꈑ㿅⢝衒㴉彠⑪휷ꃢ膵剞싏뼠棇רּ舌䯆ퟲ긹젟秵䪪방릲㉘렺穱㫀寉䟹씱ம饁ᇰ뢰퍀끿菇⳿Ტ셣叢暬ມ豽抹⵾㷰ཫੁ댿챤쥭𢡊请肓쬍㛝ꄈ쥩평쑧扼ᛥᡃꔕ옣䲼ꍯꔨ綺鯮兜١䳪皋㥫계ᖹ�뀸邒⠝ﺭ苂�杲瑴鉗�秠䏡⫊▽獮䌚惼⒡㿼姗❳墬〕㩴쎌憍Ւ纪笜薵Ɗ׸ㅭ烃圤쒫ᕐ慑䓪례迡걖ᗳ浺ﱮ๳䁲ꌉꔡ헬囆棎ꛍ咍桞叾튘⠔Ȣ浨㝦彐둶뾬㔧빑쐌嗙盵ᘴ퐀ꦘ裬哤ᐙ퐃쩝퇑䶬࠳磤鰞╪ᾬ䛊㝆圏꬧樨䓜�ʵ즂籴벒ᖀ☓뛤宰쉦悘蹆g몓ᐁ䝽挑검왁�뮼쨹퐼펩ᄛ䔓ďꔤ뇺冃勈ᔔ೭蒜鏨喵쀧㍛㗦懙斥뷖避䡺햫㪦詑㣹炅紏홰尝泉溇從鈗膏봬�틕ு胛꫚ﱶ�鎕襥䛧➱蔗胔⋭돡껏໙ꦋ壛ⶢ駀⊃ℷⰗ୐侑ꨏ붰廵寝聑ဨ匘ἀ맛ꞑ랿껛�咕≿㬙・㠎ḟ触燶ဳㄎ倜賱藜깼࣒䷷戡善ఇഀ즬뉇嘊玨꿃⋉昲㌻됓杮ᔏ署⎷笇ᬶ䰞勌ﶎ諴侕綂즃ゲﺌ悊蕼뵛뿠䬋⽱狡쐲혓ℌṗ껬ᣜຐ稦粌脫툯韟﷿䦀워뾾ꊯȴ圳聋16

    Error: (11/13/2015 03:22:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\MARK\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\QP4CYDFL.DEFAULT-1439305111912\CACHE2\DOOMED> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (11/13/2015 03:22:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\MARK\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\QP4CYDFL.DEFAULT-1439305111912\CACHE2\DOOMED> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (11/13/2015 03:22:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\MARK\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\QP4CYDFL.DEFAULT-1439305111912\CACHE2\ENTRIES> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (11/13/2015 03:22:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\MARK\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\QP4CYDFL.DEFAULT-1439305111912\CACHE2\ENTRIES> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (11/13/2015 03:08:19 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\MARK\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\LOW\CONTENT.IE5\DESKTOP.INI> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (11/13/2015 02:23:08 PM) (Source: LoadPerf) (EventID: 3002) (User: )
    Description: 蓠ㅖW矲㞺쉯ॸ뜵�਱䩠ﳖꞗﻴ夯ꠊ�ꠈ䉸︱쾿ކ䶅萑ᏺ鮼᪟闬渼鿎塯骟盳ザ赏滣熱哘サ懺౅➳糴�俿근⠊뭫￴磾薌逎ギ䳡륰鿾볹蝫Ƅ詓類迱�ﴲ龦ﳩ뗔쵁੏ᨒ둪濻ǿ薨愌퀳蒢嵍⟯蠒姃䉧x꾇믤꯿읠韨偈쨐䵍鯄䅂싮動㡣ㅣ㇇㖛㱢좩뀲₳㠤砳뷚䊌璐썏犙銫嘫䶞즭밭㏡⿎១ੀᄅﱜꔣ翽蓏㱏㋊ꇣ恂硂ቫ�壺れ迆롂셎㯋刺ጱᕬ褙寃⸃藉翥�ꁗ귎쐏呆ᚓɋо簚臡翺ᆦꗻ鿾仹䱈钹䜡�￾峡㸑뾛ᄋ⤔侂ꊯソ哅ﻸ咚␙⼀⫯厳翷蛚讏䯍긜焆찁ᠼ廽ⵎ엶ᱜ쑀詔뇢楞ꠌ࿟灸嫀ቴ↣쨻ᆘᢐ兼墭鋎Ѐݢ눆䭬줕㙬㼞歷晸䀔Ꙏﻊꊢ嫸갈톶ỉṭ㎝陥ೇ뒊羓ﺸ⻄ӕ솳笛◻蒾퐗峆귚䛑㠊偌ɠで莜鞴氂ᑁꯔཿ㗧ࣩ鹆엘怙ﻭ焔迻ﳿ㭜尼⌖ܩ鐩拴瀓�엿렊腹ラ퟼⤻ꏄ⣸폖焕界逑퇭ఎ藌ध첨C뼕뷸ࢺ⭮点節ᛷ芏萤ﲚ䱛䠦㑳使瞪ুನ邷筻ュ摏ꈦﻗ篛豭ॕ⎨쓲矾硂酊핯添ፊ✤荐ﶿ醋䴈⁃靏䷿ㆽ葧㛔ܒ�윶‿ﮍ枣ᢩﰿꚈ㬮⚐⯍恳䩷ꜷﳼ夯췼ᒃ쁝檃✂귖�ᷯ뼣鞱⇉こʵ帘ⶍ߯ṉᆔ즨⡊违ଠ骀䆆�齮죩苌葤⫋濣�꣯䅍﨡俟鿺᫓뎒驐ځ矤㿽쯭⣆Ꮰꍐ濯듛ꈦ뷕ᄊ퐃刡꟩㢱ﲁꚀ鼯馐༡罺ビ萕௉᳄濿濓㳤ꄪ䯃﫿藦ࠔᅴ顿鋈渚黐ⴄ羼噏哼㡱դ괘召濿엨吆똡�㋿៾䑐媶﹯�늺靿솫됤ॏ뒨﷗⡾䵨굂_ದ隤꛿膟⻻吰쪸悃彋✮뤯ꠢ唞뱞༌㱀즁짙�⃊洒ϓ峣﹖㆓쓴鯻⮺劕߄ش裏푤⌷睴瑩踁☗亍뺭妪뼫㋵虣㌾瓱⦅㎙偘춤䨷嶻⅒业ꫨ瑺ꃏ됏ᣞ㽪倛纽ฮ倃锻Ꮉ失骕៭ﴜ璲畖驝尃䦼ᛍ눈脠⛲덻읗X迷찪虤埮譐�鯵ꐪ⧕뙫䶮㭶̸Ɵ홺Ꮴ摔褺鯹押뭷誥⥀魍㋕垪ㄞ‴⭶䬯�ᥰ젎晛뛭龛䴄워⨄▥꛿骞佱ង㊦ⓧዉꢣ镛鍇੏녡ፏ䔹┨ﺥﯿ䏻拶㤇鞙蠭筘鑀큀㓿ŕ擀ꓣﻷ潏녭ﭗ蝭ી0숉४頎�浻⏿燔ᆪี云_桯׵ᘆ众폴餉폴۵઩ስ涪ﯶ�ᚔ힯䯟砠눲暈ښᣩꈆ㡥釗괬쥂螱䳀ᐅ둾ᰅ贌厡煲ೱ儡㘙恠릮砗ⲽ펟Ễ䥘Ӏꔁ쒞홨ᅨ鏩﷮싵灝譃�쐵掇갚၀烐䀡袲寮體䶸蹎淛럚俾ꠉ葹컥︯ၥ蒚坉ሟ寧ὓ閨崃龃煝蒔ϔ鸇�捕쏿꺧뷎祽カ喥⦩�ꀪ뙄ﰷ侓ﻭ傼肚쵀�䴦뿛૿倒ጇ棌ሱ띯诿勷琉횧覶⮋殭︗퉟禪뵖䝕ソ苻ꌽ樐去큧螚齵←⛴嚡�潽폴ᛅ缳뵙蔎㻒ﭻ䟔ή툳Β᫖⫑爐鎉夊�폫㰝ꀤ欏ꬰ瑽ウ㤌箋迋�ꄛ๵簂빍띭⻿팧�﷌ꎐ㷻꿚놩劆ⲁ뎛词ꨧ땲쥱᯺⛿�솂䆌䇁㗦ฎ隗軔﷘贍湈ꦗ佶뀨᱄�⋥ᜢㅡ碨갾홧쪉쏆䩧鸑崆ᒤ㘦鮏ᶤ΁⫷澖걚贤᧧ェᗠ㬬ナ끌殞DZಥ푢遀ᒚŌ䛌榉ᙱ뙬ෙ뷋Ὓ䔖ꩬ⮙裋鳲窊䤆ृ鯙凘◉ᰶ䫋헎䵖媧ꯄ啙�扐ႉ匁㩙﫧쪛ៜ챁顪弇녉ஈ깜漤脁Ȉ㡾牻꼷⥵宱尯仝蕴龍ꜩ䘯鸞죷ௌ娢ု಴砩혁蛪廣펴ꯒ쫠獀잟ⱹꀮ븐溇훺릍봹㰺襕ﱷꙿ텡﷑咩ꡇ㴈堟ﻗ蒟䟔팴ᄉ窼麖゚갞䩟懄瓔䱀쁝뤁ꚯ⭱郙꾸㧄亠犅랈ﳿᆭﶠ鴑剞ᥱكㆢ仓㲡�뿬跿䘦�毛됛莚胟숭깨㪌㾗붐湁잢Ģᎋ非๽窲櫰剣゜ኽჴ涭詐籽罅楕掣ꆷ眣᳴紿緳췯䴼ᄅ괼䘈ꑰ徕힇㡳鵥㇟쎶Ȿ㕐䱷⠬途梅丂愙ﴯ鰾紬ン袻奂ﻙ゚斡᠀뫷㼷翵춿졐阨鮛䔿鑡ꢕ畊㇣ࡀ뗛⯀朰쏄ᬕ擺ꁖ⃳₩퉊ᡠ꿼෬Ѳﱾキ툑귫婚曍�ࡒ閥Љ筺꧆瑽쩢垍㽍蛈ᭅ媗璮➂轂燬㚡孪疾뻯㚗쥗瞒�礑ฏ涄棱礶፳ⷔ€⽰⨝쥠᭍㈈㿟팀孝垵晳횘켣癯름稗稁䊭Ꜯ䋍ኪ㓇ᄅ㷽⹂樈ᅭ懽琜૿䗠䢦௥ೠ븬�￿ﯠ䂘괻㍾ꖔ�랈۫싯뎊娔ךṷ灜簱ڊ橇퉜�䪹霭餗莻ີ⯩᜸筒䈐į장ૡ鋥㎕ꡗ犐䲵㪴뒑擨㙺先㞧㏿Ɐ飙⟗⁤䫑떗蔽륻氲糵ꊜ츠鎃圂锆㔒啃嬛ᢱ䑻䀛覕㯓邓ࢫ猐㮡䊮㟚鼛ꫢ噀⚱ℌꖭﷄ뢺믲⫮쵞ܖ᥈涄鍖Თ뿈뾛ኢ␟쀊㤁뜬먧̟놼晴嗪긒ᩜ홰괫扲噠颹뙔ひ읹챤仆婏棰냠ꤦ呔∸৅㟯扏�㜶ા嵘촗䀘扌ﮉ察뷯翞ࣧᴇ(걿㱆ꩈ⥲��墂♙7ퟸꇊ촾⛿뺻韟뿜섄蹌⦌쾘⦅鷨륪뎲�᳻㌢Ȇ䡰ქ퀿䓾곟갼쀼ﰥ剃譟僣硚ᴀ蔜ꀭ�钇ܲ몡ക鑰⭌朵震엠놠뎝�氇䴫趦竷峾퉽䊸てࢩ跂ﲿ鬰ԣ筑ﷺ❓ア퐉讈盯礏�餉⚢㖢넄㟥᣺鼉涋슈曗븴창鴰툓镯꒶紜ኵ戚肣頛䤖ᘊ᠔柷ዽᔼ梽灢袅뒏۲둟⢂傗蘋著韯*쬮蒯䬸猀戞䛐ǝ氁긎ꗯ㨘銩촨㴇ᒬ餁됐疫娧緉嶝⇮㝗퉷庁쇺߫룥偝䉧꒬枘ﳱ긧喷ᵍ尡缷㯟ﹲ꼡峿㥵�邘딷뱪Ⲿ�﫽晓ᯚ�闝筩鱔ᅧ汻緱醦嵫ࣗ苠�㴎窆ፕ�㡜ꆏ躗곙ᨳ쁕⭕ꋎ黶皥떾評톬ퟪ棦ጪ櫈�皤㆞嵆ᮒ붛䉴ṹ즉橔ģ儿괪硥饷䦂胝ࢍᖡ꬞萴饤仚贓퐝ൡⶉ঎恺巣ꤓꧥ∢䧒퀲껌੼驪ꃈז⩰㛫쮪ᮟ駻感깉㑙䉜䧀暑ヘ筰﻾쫋ꦲ颣䧉䆆읥豿浤婉큇⶿譫火秕㊙㭍Ὀ鷴ꬡ㜪ス⨉ꆱ嬖랕틧ᮅ榣쮎瑵淵嗩嚮戕픮乷ᤁ敱煽ռ膜䞤̦霢୧�豒�ꩲ⽞搈⇬ၨᐶ垡猶鮘䢆际펽렟篧뭍鄫긾笉銤퐢�쬾슳昣⭠΁ᔹ骤堞ꭜꝾ㟳萿㦡恗؛ꈅ�✮໚뫤愧儹鏕㨫냆ᐒ鳀Ꮏ볪籇舫ᩳ騾罽⣪Ḧꇢ�낣蚺ᛨ诸ꊉ醸庄쐦碧￟䳿껣ꤘ탤눑⎩ⳡ℧꾑�⻿兑�뙷蜧䔬ﲆ瓓倒쌜鷼ਹ䯣뷠띹鬾뉖㘨ᕓ鸲녜畚蓋꡹뽧읓蔛�粷䨁脶誴⭴会餓㿝ᒩᝤ﾿䎑厝᪀逧휭먣罠鱁ꜜꪃ㊜䓺⽿ጘс寄঺઀蠏奈꠪縹߽䯏俼謍츰☠༣祽䣸雤馟㠊倌ᙤ뵍᫧윻⤢洑⸲ꨃ㌟㞒쌖搐೔Ᶎ끞ꣅ僮Ա聹꾵띟췥쿍냹忝窷劗⡽읙䗡鉛ᥬⳜ湬樽弿쾑뾡枊浭‰솃绉쑗딯쐏踄㙽䈽诐￿᪍ᠼ쑛ڋਉ텒愨ぽ첔䪉ௌ௢᧵猙넫ⲱ滤瀕ԃ냿艹羷皲믫轺ɰᬸ䄴콟骾齾䎕귀쀎意陼鷄⟿䕘뷵䑭缤炈舧꼿䀴෉࣋뵜ṧ丶抩⸜਒谆㤉ㅣƻ梁ᕵ畱楡剈邂ꌚᶘ嚂⓮㵴斪䮂鱖﩮푀惾꿅勒埏켢焴单쌈蹑漗Ꜷ뻌歸鉑ﶚ겯痌દૅ’佊油㷝鳣�떟흕꜓�὜럦ᓝ쐊摖ᄋ觷詡ˏ⛶ꁨ⌒驝떺後鉨셰缵ᜒ捥쎁悇裾끭넡긕ؔ�짨嘚꺫ᶔ촡뺢抴㌀ဦ瀂롴蟩絁ꐝ駀切놬઒횿뛉ᵖ駒ᴲ諬℀含ᷦ䕁艂撼ꛀ搳耗绝㜪ᝫꩅ챖訁热峆ᷛ꧈ᱧ⯔ᰪ쳧셹ᐘ쐦杖₽歃ㄴ㣟켔晰➎졇㝢㝿젚ﯰ陦吩衶屐蒕囤ꗼꞭ对䒎ዿ὿鈊ꀁ匲涝잶�넖㗄Ё䥭皚鎱ᗹ辿넭᝵芛Ⳇ㱁쨈皂꿼揠懨Ʋ椄ꓟ㖇�ᒅ툁룬귯땾栺﯁昶㤯雂⾘ꈢ�灍孒箞糥쀒�굾澺㭝萳�냉⻃໱⍜蹂→ࣾc뺦郜鲟厌圷৹칮〆㕻餬犁抶署섌ᑙ몮ધ貰嘏ω拠픵ᛜ逄틾㖦⎒룐㧶⹰椅꒦꬙䄺줕祓䁵ф᥊ﱵ嗃䔕汔ꡪ㣞ꆚٞ氍戍꒟Ȃ朣⹑使齾ﺜ烸趢缌￴�オퟏң㖀톨࿤랇᝱葳䘽⃋꒳ꠖ률災Ⅿ他㺉烑ߐ㟌そྵꠑ庺擗甜䳃筼뒍Ⱐ�옒遑ή‸Ꮉ潿ꀦ쥂ঁ砈剤ǘ຅멯ﭨꃷ췁ꯇ葀縘ⶦ㝣꓂ែ檦锸ᓾೀ↓澂ᅢ芓惨䓾䓌꥝㉸鳗鯡ڕ饵纛䧯萌掝ᮇ禌圔䔒ⷮ怌엁샀ᅔ뻱Ỹꎂ᪏募놶䐺芉碅ᵗ䪰숲劸ꃗ臁ᡤ「ᱬ뢲뮒誻鳁춚ᕀ靅ਖ똮ᛴ멜몥⪅삖叓걳㎖舑퀒惊㯰ᦂ岦抋⾬觲걭훝✑「ᔟ疽巕歘ꪯ鼺ㄦ퓸ږ朜㕾섯ꈧ䣬쾂؞鐂缤馞�嗼଱᫒橝㭄娦푒ំ毳滹꡽睄齳ࡉ腱쎲㉍Ꙇ慍駧詩迳꽈뢺�﹒뷔ꨤ舉칵᪜ꈑ㿅⢝衒㴉彠⑪휷ꃢ膵剞싏뼠棇רּ舌䯆ퟲ긹젟秵䪪방릲㉘렺穱㫀寉䟹씱ம饁ᇰ뢰퍀끿菇⳿Ტ셣叢暬ມ豽抹⵾㷰ཫੁ댿챤쥭𢡊请肓쬍㛝ꄈ쥩평쑧扼ᛥᡃꔕ옣䲼ꍯꔨ綺鯮兜١䳪皋㥫계ᖹ�뀸邒⠝ﺭ苂�杲瑴鉗�秠䏡⫊▽獮䌚惼⒡㿼姗❳墬〕㩴쎌憍Ւ纪笜薵Ɗ׸ㅭ烃圤쒫ᕐ慑䓪례迡걖ᗳ浺ﱮ๳䁲ꌉꔡ헬囆棎ꛍ咍桞叾튘⠔Ȣ浨㝦彐둶뾬㔧빑쐌嗙盵ᘴ퐀ꦘ裬哤ᐙ퐃쩝퇑䶬࠳磤鰞╪ᾬ䛊㝆圏꬧樨䓜�ʵ즂籴벒ᖀ☓뛤宰쉦悘蹆g몓ᐁ䝽挑검왁�뮼쨹퐼펩ᄛ䔓ďꔤ뇺冃勈ᔔ೭蒜鏨喵쀧㍛㗦懙斥뷖避䡺햫㪦詑㣹炅紏홰尝泉溇從鈗膏봬�틕ு胛꫚ﱶ�鎕襥䛧➱蔗胔⋭돡껏໙ꦋ壛ⶢ駀⊃ℷⰗ୐侑ꨏ붰廵寝聑ဨ匘ἀ맛ꞑ랿껛�咕≿㬙・㠎ḟ触燶ဳㄎ倜賱藜깼࣒䷷戡善ఇഀ즬뉇嘊玨꿃⋉昲㌻됓杮ᔏ署⎷笇ᬶ䰞勌ﶎ諴侕綂즃ゲﺌ悊蕼뵛뿠䬋⽱狡쐲혓ℌṗ껬ᣜຐ稦粌脫툯韟﷿䦀워뾾ꊯȴ圳聋16

    Error: (11/13/2015 11:19:51 AM) (Source: ESENT) (EventID: 447) (User: )
    Description: Windows (2332) Windows: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 16, PgnoRoot: 457) of database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb (12342 => 10320, Windows0).

    Error: (11/13/2015 10:57:05 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application SearchProtocolHost.exe, version 7.0.6002.18005, time stamp 0x49e0244d, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc000012d, fault offset 0x00009f5d,
    process id 0x17d4, application start time 0xSearchProtocolHost.exe0.

    Error: (11/13/2015 10:22:47 AM) (Source: LoadPerf) (EventID: 3002) (User: )
    Description: 蓠ㅖW矲㞺쉯ॸ뜵�਱䩠ﳖꞗﻴ夯ꠊ�ꠈ䉸︱쾿ކ䶅萑ᏺ鮼᪟闬渼鿎塯骟盳ザ赏滣熱哘サ懺౅➳糴�俿근⠊뭫￴磾薌逎ギ䳡륰鿾볹蝫Ƅ詓類迱�ﴲ龦ﳩ뗔쵁੏ᨒ둪濻ǿ薨愌퀳蒢嵍⟯蠒姃䉧x꾇믤꯿읠韨偈쨐䵍鯄䅂싮動㡣ㅣ㇇㖛㱢좩뀲₳㠤砳뷚䊌璐썏犙銫嘫䶞즭밭㏡⿎១ੀᄅﱜꔣ翽蓏㱏㋊ꇣ恂硂ቫ�壺れ迆롂셎㯋刺ጱᕬ褙寃⸃藉翥�ꁗ귎쐏呆ᚓɋо簚臡翺ᆦꗻ鿾仹䱈钹䜡�￾峡㸑뾛ᄋ⤔侂ꊯソ哅ﻸ咚␙⼀⫯厳翷蛚讏䯍긜焆찁ᠼ廽ⵎ엶ᱜ쑀詔뇢楞ꠌ࿟灸嫀ቴ↣쨻ᆘᢐ兼墭鋎Ѐݢ눆䭬줕㙬㼞歷晸䀔Ꙏﻊꊢ嫸갈톶ỉṭ㎝陥ೇ뒊羓ﺸ⻄ӕ솳笛◻蒾퐗峆귚䛑㠊偌ɠで莜鞴氂ᑁꯔཿ㗧ࣩ鹆엘怙ﻭ焔迻ﳿ㭜尼⌖ܩ鐩拴瀓�엿렊腹ラ퟼⤻ꏄ⣸폖焕界逑퇭ఎ藌ध첨C뼕뷸ࢺ⭮点節ᛷ芏萤ﲚ䱛䠦㑳使瞪ুನ邷筻ュ摏ꈦﻗ篛豭ॕ⎨쓲矾硂酊핯添ፊ✤荐ﶿ醋䴈⁃靏䷿ㆽ葧㛔ܒ�윶‿ﮍ枣ᢩﰿꚈ㬮⚐⯍恳䩷ꜷﳼ夯췼ᒃ쁝檃✂귖�ᷯ뼣鞱⇉こʵ帘ⶍ߯ṉᆔ즨⡊违ଠ骀䆆�齮죩苌葤⫋濣�꣯䅍﨡俟鿺᫓뎒驐ځ矤㿽쯭⣆Ꮰꍐ濯듛ꈦ뷕ᄊ퐃刡꟩㢱ﲁꚀ鼯馐༡罺ビ萕௉᳄濿濓㳤ꄪ䯃﫿藦ࠔᅴ顿鋈渚黐ⴄ羼噏哼㡱դ괘召濿엨吆똡�㋿៾䑐媶﹯�늺靿솫됤ॏ뒨﷗⡾䵨굂_ದ隤꛿膟⻻吰쪸悃彋✮뤯ꠢ唞뱞༌㱀즁짙�⃊洒ϓ峣﹖㆓쓴鯻⮺劕߄ش裏푤⌷睴瑩踁☗亍뺭妪뼫㋵虣㌾瓱⦅㎙偘춤䨷嶻⅒业ꫨ瑺ꃏ됏ᣞ㽪倛纽ฮ倃锻Ꮉ失骕៭ﴜ璲畖驝尃䦼ᛍ눈脠⛲덻읗X迷찪虤埮譐�鯵ꐪ⧕뙫䶮㭶̸Ɵ홺Ꮴ摔褺鯹押뭷誥⥀魍㋕垪ㄞ‴⭶䬯�ᥰ젎晛뛭龛䴄워⨄▥꛿骞佱ង㊦ⓧዉꢣ镛鍇੏녡ፏ䔹┨ﺥﯿ䏻拶㤇鞙蠭筘鑀큀㓿ŕ擀ꓣﻷ潏녭ﭗ蝭ી0숉४頎�浻⏿燔ᆪี云_桯׵ᘆ众폴餉폴۵઩ስ涪ﯶ�ᚔ힯䯟砠눲暈ښᣩꈆ㡥釗괬쥂螱䳀ᐅ둾ᰅ贌厡煲ೱ儡㘙恠릮砗ⲽ펟Ễ䥘Ӏꔁ쒞홨ᅨ鏩﷮싵灝譃�쐵掇갚၀烐䀡袲寮體䶸蹎淛럚俾ꠉ葹컥︯ၥ蒚坉ሟ寧ὓ閨崃龃煝蒔ϔ鸇�捕쏿꺧뷎祽カ喥⦩�ꀪ뙄ﰷ侓ﻭ傼肚쵀�䴦뿛૿倒ጇ棌ሱ띯诿勷琉횧覶⮋殭︗퉟禪뵖䝕ソ苻ꌽ樐去큧螚齵←⛴嚡�潽폴ᛅ缳뵙蔎㻒ﭻ䟔ή툳Β᫖⫑爐鎉夊�폫㰝ꀤ欏ꬰ瑽ウ㤌箋迋�ꄛ๵簂빍띭⻿팧�﷌ꎐ㷻꿚놩劆ⲁ뎛词ꨧ땲쥱᯺⛿�솂䆌䇁㗦ฎ隗軔﷘贍湈ꦗ佶뀨᱄�⋥ᜢㅡ碨갾홧쪉쏆䩧鸑崆ᒤ㘦鮏ᶤ΁⫷澖걚贤᧧ェᗠ㬬ナ끌殞DZಥ푢遀ᒚŌ䛌榉ᙱ뙬ෙ뷋Ὓ䔖ꩬ⮙裋鳲窊䤆ृ鯙凘◉ᰶ䫋헎䵖媧ꯄ啙�扐ႉ匁㩙﫧쪛ៜ챁顪弇녉ஈ깜漤脁Ȉ㡾牻꼷⥵宱尯仝蕴龍ꜩ䘯鸞죷ௌ娢ု಴砩혁蛪廣펴ꯒ쫠獀잟ⱹꀮ븐溇훺릍봹㰺襕ﱷꙿ텡﷑咩ꡇ㴈堟ﻗ蒟䟔팴ᄉ窼麖゚갞䩟懄瓔䱀쁝뤁ꚯ⭱郙꾸㧄亠犅랈ﳿᆭﶠ鴑剞ᥱكㆢ仓㲡�뿬跿䘦�毛됛莚胟숭깨㪌㾗붐湁잢Ģᎋ非๽窲櫰剣゜ኽჴ涭詐籽罅楕掣ꆷ眣᳴紿緳췯䴼ᄅ괼䘈ꑰ徕힇㡳鵥㇟쎶Ȿ㕐䱷⠬途梅丂愙ﴯ鰾紬ン袻奂ﻙ゚斡᠀뫷㼷翵춿졐阨鮛䔿鑡ꢕ畊㇣ࡀ뗛⯀朰쏄ᬕ擺ꁖ⃳₩퉊ᡠ꿼෬Ѳﱾキ툑귫婚曍�ࡒ閥Љ筺꧆瑽쩢垍㽍蛈ᭅ媗璮➂轂燬㚡孪疾뻯㚗쥗瞒�礑ฏ涄棱礶፳ⷔ€⽰⨝쥠᭍㈈㿟팀孝垵晳횘켣癯름稗稁䊭Ꜯ䋍ኪ㓇ᄅ㷽⹂樈ᅭ懽琜૿䗠䢦௥ೠ븬�￿ﯠ䂘괻㍾ꖔ�랈۫싯뎊娔ךṷ灜簱ڊ橇퉜�䪹霭餗莻ີ⯩᜸筒䈐į장ૡ鋥㎕ꡗ犐䲵㪴뒑擨㙺先㞧㏿Ɐ飙⟗⁤䫑떗蔽륻氲糵ꊜ츠鎃圂锆㔒啃嬛ᢱ䑻䀛覕㯓邓ࢫ猐㮡䊮㟚鼛ꫢ噀⚱ℌꖭﷄ뢺믲⫮쵞ܖ᥈涄鍖Თ뿈뾛ኢ␟쀊㤁뜬먧̟놼晴嗪긒ᩜ홰괫扲噠颹뙔ひ읹챤仆婏棰냠ꤦ呔∸৅㟯扏�㜶ા嵘촗䀘扌ﮉ察뷯翞ࣧᴇ(걿㱆ꩈ⥲��墂♙7ퟸꇊ촾⛿뺻韟뿜섄蹌⦌쾘⦅鷨륪뎲�᳻㌢Ȇ䡰ქ퀿䓾곟갼쀼ﰥ剃譟僣硚ᴀ蔜ꀭ�钇ܲ몡ക鑰⭌朵震엠놠뎝�氇䴫趦竷峾퉽䊸てࢩ跂ﲿ鬰ԣ筑ﷺ❓ア퐉讈盯礏�餉⚢㖢넄㟥᣺鼉涋슈曗븴창鴰툓镯꒶紜ኵ戚肣頛䤖ᘊ᠔柷ዽᔼ梽灢袅뒏۲둟⢂傗蘋著韯*쬮蒯䬸猀戞䛐ǝ氁긎ꗯ㨘銩촨㴇ᒬ餁됐疫娧緉嶝⇮㝗퉷庁쇺߫룥偝䉧꒬枘ﳱ긧喷ᵍ尡缷㯟ﹲ꼡峿㥵�邘딷뱪Ⲿ�﫽晓ᯚ�闝筩鱔ᅧ汻緱醦嵫ࣗ苠�㴎窆ፕ�㡜ꆏ躗곙ᨳ쁕⭕ꋎ黶皥떾評톬ퟪ棦ጪ櫈�皤㆞嵆ᮒ붛䉴ṹ즉橔ģ儿괪硥饷䦂胝ࢍᖡ꬞萴饤仚贓퐝ൡⶉ঎恺巣ꤓꧥ∢䧒퀲껌੼驪ꃈז⩰㛫쮪ᮟ駻感깉㑙䉜䧀暑ヘ筰﻾쫋ꦲ颣䧉䆆읥豿浤婉큇⶿譫火秕㊙㭍Ὀ鷴ꬡ㜪ス⨉ꆱ嬖랕틧ᮅ榣쮎瑵淵嗩嚮戕픮乷ᤁ敱煽ռ膜䞤̦霢୧�豒�ꩲ⽞搈⇬ၨᐶ垡猶鮘䢆际펽렟篧뭍鄫긾笉銤퐢�쬾슳昣⭠΁ᔹ骤堞ꭜꝾ㟳萿㦡恗؛ꈅ�✮໚뫤愧儹鏕㨫냆ᐒ鳀Ꮏ볪籇舫ᩳ騾罽⣪Ḧꇢ�낣蚺ᛨ诸ꊉ醸庄쐦碧￟䳿껣ꤘ탤눑⎩ⳡ℧꾑�⻿兑�뙷蜧䔬ﲆ瓓倒쌜鷼ਹ䯣뷠띹鬾뉖㘨ᕓ鸲녜畚蓋꡹뽧읓蔛�粷䨁脶誴⭴会餓㿝ᒩᝤ﾿䎑厝᪀逧휭먣罠鱁ꜜꪃ㊜䓺⽿ጘс寄঺઀蠏奈꠪縹߽䯏俼謍츰☠༣祽䣸雤馟㠊倌ᙤ뵍᫧윻⤢洑⸲ꨃ㌟㞒쌖搐೔Ᶎ끞ꣅ僮Ա聹꾵띟췥쿍냹忝窷劗⡽읙䗡鉛ᥬⳜ湬樽弿쾑뾡枊浭‰솃绉쑗딯쐏踄㙽䈽诐￿᪍ᠼ쑛ڋਉ텒愨ぽ첔䪉ௌ௢᧵猙넫ⲱ滤瀕ԃ냿艹羷皲믫轺ɰᬸ䄴콟骾齾䎕귀쀎意陼鷄⟿䕘뷵䑭缤炈舧꼿䀴෉࣋뵜ṧ丶抩⸜਒谆㤉ㅣƻ梁ᕵ畱楡剈邂ꌚᶘ嚂⓮㵴斪䮂鱖﩮푀惾꿅勒埏켢焴单쌈蹑漗Ꜷ뻌歸鉑ﶚ겯痌દૅ’佊油㷝鳣�떟흕꜓�὜럦ᓝ쐊摖ᄋ觷詡ˏ⛶ꁨ⌒驝떺後鉨셰缵ᜒ捥쎁悇裾끭넡긕ؔ�짨嘚꺫ᶔ촡뺢抴㌀ဦ瀂롴蟩絁ꐝ駀切놬઒횿뛉ᵖ駒ᴲ諬℀含ᷦ䕁艂撼ꛀ搳耗绝㜪ᝫꩅ챖訁热峆ᷛ꧈ᱧ⯔ᰪ쳧셹ᐘ쐦杖₽歃ㄴ㣟켔晰➎졇㝢㝿젚ﯰ陦吩衶屐蒕囤ꗼꞭ对䒎ዿ὿鈊ꀁ匲涝잶�넖㗄Ё䥭皚鎱ᗹ辿넭᝵芛Ⳇ㱁쨈皂꿼揠懨Ʋ椄ꓟ㖇�ᒅ툁룬귯땾栺﯁昶㤯雂⾘ꈢ�灍孒箞糥쀒�굾澺㭝萳�냉⻃໱⍜蹂→ࣾc뺦郜鲟厌圷৹칮〆㕻餬犁抶署섌ᑙ몮ધ貰嘏ω拠픵ᛜ逄틾㖦⎒룐㧶⹰椅꒦꬙䄺줕祓䁵ф᥊ﱵ嗃䔕汔ꡪ㣞ꆚٞ氍戍꒟Ȃ朣⹑使齾ﺜ烸趢缌￴�オퟏң㖀톨࿤랇᝱葳䘽⃋꒳ꠖ률災Ⅿ他㺉烑ߐ㟌そྵꠑ庺擗甜䳃筼뒍Ⱐ�옒遑ή‸Ꮉ潿ꀦ쥂ঁ砈剤ǘ຅멯ﭨꃷ췁ꯇ葀縘ⶦ㝣꓂ែ檦锸ᓾೀ↓澂ᅢ芓惨䓾䓌꥝㉸鳗鯡ڕ饵纛䧯萌掝ᮇ禌圔䔒ⷮ怌엁샀ᅔ뻱Ỹꎂ᪏募놶䐺芉碅ᵗ䪰숲劸ꃗ臁ᡤ「ᱬ뢲뮒誻鳁춚ᕀ靅ਖ똮ᛴ멜몥⪅삖叓걳㎖舑퀒惊㯰ᦂ岦抋⾬觲걭훝✑「ᔟ疽巕歘ꪯ鼺ㄦ퓸ږ朜㕾섯ꈧ䣬쾂؞鐂缤馞�嗼଱᫒橝㭄娦푒ំ毳滹꡽睄齳ࡉ腱쎲㉍Ꙇ慍駧詩迳꽈뢺�﹒뷔ꨤ舉칵᪜ꈑ㿅⢝衒㴉彠⑪휷ꃢ膵剞싏뼠棇רּ舌䯆ퟲ긹젟秵䪪방릲㉘렺穱㫀寉䟹씱ம饁ᇰ뢰퍀끿菇⳿Ტ셣叢暬ມ豽抹⵾㷰ཫੁ댿챤쥭𢡊请肓쬍㛝ꄈ쥩평쑧扼ᛥᡃꔕ옣䲼ꍯꔨ綺鯮兜١䳪皋㥫계ᖹ�뀸邒⠝ﺭ苂�杲瑴鉗�秠䏡⫊▽獮䌚惼⒡㿼姗❳墬〕㩴쎌憍Ւ纪笜薵Ɗ׸ㅭ烃圤쒫ᕐ慑䓪례迡걖ᗳ浺ﱮ๳䁲ꌉꔡ헬囆棎ꛍ咍桞叾튘⠔Ȣ浨㝦彐둶뾬㔧빑쐌嗙盵ᘴ퐀ꦘ裬哤ᐙ퐃쩝퇑䶬࠳磤鰞╪ᾬ䛊㝆圏꬧樨䓜�ʵ즂籴벒ᖀ☓뛤宰쉦悘蹆g몓ᐁ䝽挑검왁�뮼쨹퐼펩ᄛ䔓ďꔤ뇺冃勈ᔔ೭蒜鏨喵쀧㍛㗦懙斥뷖避䡺햫㪦詑㣹炅紏홰尝泉溇從鈗膏봬�틕ு胛꫚ﱶ�鎕襥䛧➱蔗胔⋭돡껏໙ꦋ壛ⶢ駀⊃ℷⰗ୐侑ꨏ붰廵寝聑ဨ匘ἀ맛ꞑ랿껛�咕≿㬙・㠎ḟ触燶ဳㄎ倜賱藜깼࣒䷷戡善ఇഀ즬뉇嘊玨꿃⋉昲㌻됓杮ᔏ署⎷笇ᬶ䰞勌ﶎ諴侕綂즃ゲﺌ悊蕼뵛뿠䬋⽱狡쐲혓ℌṗ껬ᣜຐ稦粌脫툯韟﷿䦀워뾾ꊯȴ圳聋16


    System errors:
    =============
    Error: (11/13/2015 06:36:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Remote Access Connection ManagerTelephony%%1058

    Error: (11/13/2015 06:36:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Remote Access Connection ManagerTelephony%%1058

    Error: (11/13/2015 06:36:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Remote Access Connection ManagerTelephony%%1058

    Error: (11/13/2015 06:36:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Remote Access Connection ManagerTelephony%%1058

    Error: (11/13/2015 06:36:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Remote Access Connection ManagerTelephony%%1058

    Error: (11/13/2015 06:36:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Remote Access Connection ManagerTelephony%%1058

    Error: (11/13/2015 06:36:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Remote Access Connection ManagerTelephony%%1058

    Error: (11/13/2015 06:36:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Remote Access Connection ManagerTelephony%%1058

    Error: (11/13/2015 06:36:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Remote Access Connection ManagerTelephony%%1058

    Error: (11/13/2015 06:36:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Remote Access Connection ManagerTelephony%%1058


    CodeIntegrity:
    ===================================
    Date: 2015-11-13 18:34:44.660
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-13 18:34:44.377
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-13 18:34:44.056
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-13 18:34:43.695
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-12 22:21:01.488
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-12 22:21:01.207
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-12 22:21:00.958
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-12 22:21:00.708
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-12 22:21:00.459
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-12 22:21:00.209
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz
    Percentage of memory in use: 69%
    Total physical RAM: 3069.21 MB
    Available physical RAM: 947.28 MB
    Total Virtual: 3007.47 MB
    Available Virtual: 499.19 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:179.24 GB) (Free:25.37 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive e: () (Fixed) (Total:43.55 GB) (Free:22.09 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.8 GB) (Disk ID: 10000000)
    Partition 1: (Active) - (Size=179.2 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=43.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

  5. #5
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    Did you run combofix ? I'd like to see the log report. You can find it here ===> C:\ComboFix.txt<=====. Please post it first then follow the rest of instructions.

    A few items to fix

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.
    Code:
    start
    CloseProcesses:
    CreateRestorePoint:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2578409918-2136055275-2787630165-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2578409918-2136055275-2787630165-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-59a7d624&q={searchTerms}
    SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-59a7d624&q={searchTerms}
    SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2578409918-2136055275-2787630165-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-59a7d624&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2578409918-2136055275-2787630165-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 catchme; \??\C:\Users\mark\AppData\Local\Temp\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 yeddef; System32\Drivers\yeddef.sys [X]
    AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C
    AlternateDataStreams: C:\ProgramData:6C06D612AA2581CA
    AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C
    AlternateDataStreams: C:\Users\All Users:6C06D612AA2581CA
    AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C
    AlternateDataStreams: C:\ProgramData\Application Data:6C06D612AA2581CA
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    RemoveProxy:
    hosts:
    Emptytemp:
    • Click Format and ensure Wordwrap is unchecked.
    • Save as Fixlist.txt to your Desktop (Must be in this location)
    • Run FRST/FRST64 and press the Fix button just once and wait.
    • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.


    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    Next

    Please download AdwCleaner by Xplode onto your Desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the logfile button and the log will open in Notepad.
    • Click on the Clean button follow the prompts.
    • A log file will automatically open after the scan has finished and the PC has rebooted.
    • Please post the content of that log file with your next answer.
    • The report will be saved in the C:\AdwCleaner folder.

    Next

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.


    In your next reply post;

    • Fixlog.txt
    • The AdwCleaner [SO].txt Log
    • The JRT.txt Log

  6. #6
    Member
    Join Date
    Jul 2012
    Posts
    32
    Points
    0

    Default

    Yes, I ran it a couple of days ago. Here is the report. Thanks again for the help.

    ComboFix 15-11-09.01 - mark 11/10/2015 16:44:54.4.2 - x86
    Microsoft Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2007 [GMT -6:00]
    Running from: c:\users\mark\Desktop\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-10-10 to 2015-11-10 )))))))))))))))))))))))))))))))
    .
    .
    2015-11-10 22:57 . 2015-11-10 22:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2015-11-10 22:57 . 2015-11-10 22:57 -------- d-----w- c:\users\Public\AppData\Local\temp
    2015-11-10 22:57 . 2015-11-10 22:57 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-11-10 19:01 . 2015-11-10 19:26 -------- d-----w- C:\snapshots
    2015-11-10 16:50 . 2015-11-10 16:50 322760 ----a-w- c:\windows\system32\aswBoot.exe
    2015-11-10 16:50 . 2015-11-10 16:50 43112 ----a-w- c:\windows\avastSS.scr
    2015-11-10 15:02 . 2015-11-10 15:03 -------- d-----w- c:\users\mark\AppData\Local\EukuWmow
    2015-11-10 15:02 . 2015-11-10 15:03 -------- d--h--w- c:\programdata\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-11-10 16:50 . 2015-08-01 04:28 167152 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
    2015-11-10 16:50 . 2014-05-08 13:41 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2015-11-10 16:50 . 2013-03-06 15:33 435464 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2015-11-10 16:50 . 2013-03-06 15:33 57888 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2015-11-10 16:50 . 2013-03-06 15:33 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2015-11-10 16:50 . 2013-03-06 15:33 81168 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2015-11-10 16:50 . 2013-03-06 15:33 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2015-11-10 16:50 . 2013-03-06 15:33 209432 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2015-11-10 16:49 . 2013-03-06 15:33 794952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2015-11-10 16:49 . 2015-08-01 04:27 121368 ----a-w- c:\windows\system32\drivers\ngvss.sys
    2015-11-10 15:23 . 2014-05-19 14:55 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-10-19 03:08 . 2012-10-19 17:29 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2015-10-19 03:08 . 2012-10-19 17:29 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2015-10-17 14:25 . 2013-02-19 22:48 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2015-10-05 14:50 . 2014-05-19 14:55 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-10-05 14:50 . 2014-05-19 14:55 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-10-05 14:50 . 2013-04-15 23:58 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2015-11-10 16:50 749192 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-11-10 7004376]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Users^mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
    path=c:\users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2015-09-14 14:25 1045720 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2015-03-20 23:12 60712 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLBUCATS]
    2007-02-12 22:36 73728 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\dlbutime.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-19 06:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
    2014-05-19 20:35 2303256 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2015-04-07 05:29 157480 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17RunE]
    2008-03-28 14:57 14848 ----a-w- c:\windows\System32\P17RunE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2014-10-02 20:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2015-06-09 00:08 334896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2013-06-14 04:16 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 06:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
    2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-19 06:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2578409918-2136055275-2787630165-1000]
    "EnableNotificationsRef"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-19 03:08]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = https://www.google.com/?trackid=sp-006
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: dell.com
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\qp4cydfl.default-1439305111912\
    FF - prefs.js: browser.startup.homepage - Google
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2015-11-10 16:57
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PaceLicenseDServices]
    "ImagePath"="\"c:\program files\Common Files\PACE\Services\LicenseServices\LDSvc.exe\" -u https://activation.paceap.com/InitiateActivation"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2578409918-2136055275-2787630165-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F0B6534C-E7ED-E506-1203-E1BD4741C6A6}*]
    "oafpmfnekciinidljdpjapllioplnn"=hex:6b,61,6a,6b,69,6b,68,66,6f,6b,66,6f,6d,6a,
    68,64,62,68,6d,6c,6d,61,00,00
    "napggdpgbppaoofeochgjbocfpfa"=hex:6b,61,6a,6b,69,6b,68,66,6f,6b,66,6f,6d,6a,
    68,64,62,68,6d,6c,6d,61,00,00
    .
    [HKEY_USERS\S-1-5-21-2578409918-2136055275-2787630165-1000_Classes\CLSID\{F7117AE6-81F2-45B8-96EE-56F6FD357A48}\InprocServer32]
    @Denied: (C D 2 3 6) (CreatorAuthority-4)
    @Denied: (C D 2 3 6) (Everyone)
    @Allowed: (Read) (S-1-5-21-2578409918-2136055275-2787630165-1000)
    @SACL=(02 0001)
    @Ace=(0x11) (1 3) (S-1-16-12288)
    "ThreadingModel"="Apartment"
    @="c:\\ProgramData\\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}\\getuname.dll"
    .
    [HKEY_USERS\S-1-5-21-2578409918-2136055275-2787630165-1000_Classes\Drive\ShellEx\FolderExtensions\{F7117AE6-81F2-45B8-96EE-56F6FD357A48}]
    @Denied: (C D 2 3 6) (CreatorAuthority-4)
    @Denied: (C D 2 3 6) (Everyone)
    @Allowed: (Read) (S-1-5-21-2578409918-2136055275-2787630165-1000)
    @SACL=(02 0001)
    @Ace=(0x11) (1 3) (S-1-16-12288)
    "DriveMask"=dword:ffffffff
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7117AE6-81F2-45B8-96EE-56F6FD357A48}\InprocServer32]
    @Denied: (C D 2 3 6) (CreatorAuthority-4)
    @Denied: (C D 2 3 6) (Everyone)
    @SACL=(02 0001)
    @Ace=(0x11) (1 3) (S-1-16-12288)
    "ThreadingModel"="Apartment"
    @="c:\\ProgramData\\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}\\getuname.dll"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{F7117AE6-81F2-45B8-96EE-56F6FD357A48}]
    @Denied: (C D 2 3 6) (CreatorAuthority-4)
    @Denied: (C D 2 3 6) (Everyone)
    @SACL=(02 0001)
    @Ace=(0x11) (1 3) (S-1-16-12288)
    "DriveMask"=dword:ffffffff
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2015-11-10 17:02:09
    ComboFix-quarantined-files.txt 2015-11-10 23:01
    ComboFix2.txt 2015-08-04 12:20
    ComboFix3.txt 2013-10-26 05:43
    ComboFix4.txt 2013-01-22 01:14
    .
    Pre-Run: 29,829,341,184 bytes free
    Post-Run: 28,491,329,536 bytes free
    .
    - - End Of File - - 7058B995C003D9D3E1E95F4FF6825614
    5C616939100B85E558DA92B899A0FC36

  7. #7
    Member
    Join Date
    Jul 2012
    Posts
    32
    Points
    0

    Default

    Here are the items requested, hope they help as the problem continues.
    Thanks, Mark

    Fix result of Farbar Recovery Scan Tool (x86) Version:07-11-2015
    Ran by mark (2015-11-13 23:13:58) Run:1
    Running from C:\Users\mark\Desktop
    Loaded Profiles: mark (Available Profiles: mark & UpdatusUser)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    start
    CloseProcesses:
    CreateRestorePoint:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2578409918-2136055275-2787630165-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2578409918-2136055275-2787630165-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-59a7d624&q={searchTerms}
    SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-59a7d624&q={searchTerms}
    SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2578409918-2136055275-2787630165-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-59a7d624&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2578409918-2136055275-2787630165-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 catchme; \??\C:\Users\mark\AppData\Local\Temp\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 yeddef; System32\Drivers\yeddef.sys [X]
    AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C
    AlternateDataStreams: C:\ProgramData:6C06D612AA2581CA
    AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C
    AlternateDataStreams: C:\Users\All Users:6C06D612AA2581CA
    AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C
    AlternateDataStreams: C:\ProgramData\Application Data:6C06D612AA2581CA
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    RemoveProxy:
    hosts:
    Emptytemp:
    *****************

    Processes closed successfully.
    Restore point was successfully created.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
    "HKU\S-1-5-21-2578409918-2136055275-2787630165-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully.
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully.
    HKU\S-1-5-21-2578409918-2136055275-2787630165-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully.
    HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{fcd9f10e-0daa-405f-bca0-0dd3f37c59d9}" => key removed successfully.
    HKCR\CLSID\{fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} => key not found.
    HKU\S-1-5-21-2578409918-2136055275-2787630165-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
    "HKU\S-1-5-21-2578409918-2136055275-2787630165-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    blbdrive => service removed successfully.
    catchme => service removed successfully.
    IpInIp => service removed successfully.
    NwlnkFlt => service removed successfully.
    NwlnkFwd => service removed successfully.
    yeddef => service removed successfully.
    C:\ProgramData => ":482EE99B1E21CE8C" ADS removed successfully..
    C:\ProgramData => ":6C06D612AA2581CA" ADS removed successfully..
    "C:\Users\All Users" => ":482EE99B1E21CE8C" ADS not found.
    "C:\Users\All Users" => ":6C06D612AA2581CA" ADS not found.
    "C:\ProgramData\Application Data" => ":482EE99B1E21CE8C" ADS not found.
    "C:\ProgramData\Application Data" => ":6C06D612AA2581CA" ADS not found.

    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0 [ 7.0.6001 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    0 out of 0 jobs canceled.

    ========= End of CMD: =========


    ========= netsh winsock reset catalog =========


    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========


    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= RemoveProxy: =========

    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
    HKU\S-1-5-21-2578409918-2136055275-2787630165-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
    HKU\S-1-5-21-2578409918-2136055275-2787630165-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


    ========= End of RemoveProxy: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    # AdwCleaner v5.020 - Logfile created 14/11/2015 at 08:58:02
    # Updated 13/11/2015 by Xplode
    # Database : 2015-11-13.3 [Server]
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
    # Username : mark - MARK-PC
    # Running from : C:\Users\mark\Desktop\adwcleaner_5.020.exe
    # Option : Cleaning
    # Support : Forum - ToolsLib

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Users\mark\AppData\Local\PackageAware
    [-] Folder Deleted : C:\Users\mark\AppData\Roaming\ExpressFiles
    [x] Folder Not Deleted : C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\qp4cydfl.default-1439305111912\Extensions\anttoolbar@ant.com

    ***** [ Files ] *****

    [-] File Deleted : C:\Program Files\Mozilla Firefox\browser\nsprotector.js
    [-] File Deleted : C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eiimolhnbbbdagljikeckdkldgemmmlj_0.localstorage

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****

    [-] Task Deleted : Express FilesUpdate

    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
    [-] Key Deleted : HKCU\Software\ExpressFiles
    [-] Key Deleted : HKCU\Software\DownLite
    [-] Key Deleted : HKCU\Software\AppDataLow\Toolbar
    [-] Key Deleted : HKLM\SOFTWARE\ExpressFiles
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ExpressFiles
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lucky leap
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect

    ***** [ Web browsers ] *****

    [-] [C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearchresults.com
    [-] [C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
    [-] [C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
    [-] [C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2598 bytes] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.6.4 (09.28.2015:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by mark on Sat 11/14/2015 at 9:11:07.16
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks

    Successfully deleted: [Task] C:\Windows\System32\tasks\0



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update lucky leap



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] C:\Users\mark\Appdata\Local\cre



    ~~~ FireFox

    Successfully deleted: [File] C:\Users\mark\AppData\Roaming\mozilla\firefox\profiles\qp4cydfl.default-1439305111912\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
    Successfully deleted: [File] C:\Users\mark\AppData\Roaming\mozilla\firefox\profiles\qp4cydfl.default-1439305111912\searchplugins\youtube-video-search.xml
    Successfully deleted: [Folder] C:\Users\mark\AppData\Roaming\mozilla\firefox\profiles\qp4cydfl.default-1439305111912\extensions\anttoolbar@ant.com
    Emptied folder: C:\Users\mark\AppData\Roaming\mozilla\firefox\profiles\qp4cydfl.default-1439305111912\minidumps [10 files]



    ~~~ Chrome


    [C:\Users\mark\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\mark\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

    [C:\Users\mark\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\mark\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 11/14/2015 at 9:31:31.63
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  8. #8
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    You're using Firefox correct, lets reset it.

    How to reset Firefox;

    • Click the menu button and then click help .
    • From the Help menu choose Troubleshooting Information. ...
    • Click the Reset Firefox… button in the upper-right corner of the
    • Troubleshooting Information page.
    • To continue, click Reset Firefox in the confirmation window that opens.


    Next

    Please download TDSSKiller by Kaspersky and save it to your desktop.

    • Right-click on icon and select Run as Administrator to start the tool.
    • Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.
    • Your machine may appear very slow and unusable after that - it's normal.
    • TDSSKiller will run automaticaly. Click on Change parameters and click OK.
    • Click the Start Scan button and wait patiently.


    If anything will be found follow this guidelines:
    • If a suspicious object is detected, the default action will be Skip, click on Continue
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
      Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
      If Cure is not available, please choose Skip instead.
    • Do not choose Delete unless instructed!



    Let me know how things are after resetting Firefox.

    Joe

  9. #9
    Member
    Join Date
    Jul 2012
    Posts
    32
    Points
    0

    Default

    Hey Joe,
    Firefox works fine and no threats found with TDSSKiller. I'm still getting the pop ups from Avast about Threats being blocked. BTW, on my original post
    did you get the jpegs of the Avast messages. I was not sure about attachments?

  10. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    I did not get the attachments and would like to see them.

    Is this what we are getting
    popup that says a "Malware Blocked" or avast!Webshield has blocked a harmful webpage or url


    Have you run Malwarebytes ?

Page 1 of 4 123 ... LastLast