Jump to content

Infected with coupon alert


Recommended Posts

Hi

 

My PC appears to be infected with coupon alert which malwarebytes premium  is not detecting. Also malwarebytes constantly stops working even after reloading. I also get an error message when it reboots on removal of threats.

I have run farbar with the following reports

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014 01
Ran by Dad (administrator) on DADSPC on 14-07-2014 19:04:55
Running from C:\Users\Dad\Downloads
Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Systweak Inc., (www.systweak.com)) C:\Program Files (x86)\Disk Speedup\DSUDefragSrv64.exe
(Reimage®) C:\Program Files\eFix\eFix Pro\ReiGuard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Virgin Media) C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Radialpoint SafeCare Inc.) C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
(Gemalto N.V.) C:\Users\Dad\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\Advanced System Optimizer 3\MemoryOptimizer.exe
(Avid Development GmbH) C:\Program Files (x86)\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Creative Technology Ltd.) C:\Windows\V0230Mon.exe
(Virgin Media) C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe
(Virgin Media) C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [HP Remote Software] => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [172032 2009-02-06] ()
HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-03-03] (Eastman Kodak Company)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-01-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM-x32\...\Run: [updateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [updateLBPShortCut] => c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [updatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [updatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2009-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1328424 2009-04-09] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [185640 2009-04-09] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2009-03-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [V0230Mon.exe] => C:\Windows\V0230Mon.exe [32768 2006-09-07] (Creative Technology Ltd.)
HKLM-x32\...\Run: [serviceManager.exe] => C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe [10200376 2011-11-16] (Virgin Media)
HKLM-x32\...\Run: [DHSClient.exe] => C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe [2032952 2011-03-23] (Virgin Media)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Users\Charlie\Desktop\PowerISO\PWRISOVM.EXE [336992 2012-05-31] (Power Software Ltd)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [sSDMonitor] => "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
HKLM-x32\...\Run: [RMAlert] => "C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe" /PRODUCT=RM /R
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-10] (AVAST Software)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3056196216-2092468813-2006533984-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-08-05] (Hewlett-Packard)
HKU\S-1-5-21-3056196216-2092468813-2006533984-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [102400 2010-06-10] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3056196216-2092468813-2006533984-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-09-22] (Google Inc.)
HKU\S-1-5-21-3056196216-2092468813-2006533984-1000\...\Run: [sanDiskSecureAccess_Manager.exe] => C:\Users\Dad\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [27311232 2011-06-29] (Gemalto N.V.)
HKU\S-1-5-21-3056196216-2092468813-2006533984-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3056196216-2092468813-2006533984-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1753280 2014-06-30] (Valve Corporation)
HKU\S-1-5-21-3056196216-2092468813-2006533984-1000\...\Run: [uTorrent] => C:\Users\Charlie\Desktop\uTorrent.exe [1021840 2012-06-23] (BitTorrent, Inc.)
HKU\S-1-5-21-3056196216-2092468813-2006533984-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\S-1-5-21-3056196216-2092468813-2006533984-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3056196216-2092468813-2006533984-1000\...\Run: [Advanced System Optimizer - Memory Optimizer] => c:\program files (x86)\advanced system optimizer 3\memoryoptimizer.exe [166184 2013-03-05] (Systweak Software, (www.systweak.com))
HKU\S-1-5-21-3056196216-2092468813-2006533984-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-3056196216-2092468813-2006533984-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3056196216-2092468813-2006533984-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-3056196216-2092468813-2006533984-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3056196216-2092468813-2006533984-1000\...\MountPoints2: F - F:\INSTALL.EXE
HKU\S-1-5-21-3056196216-2092468813-2006533984-1000\...\MountPoints2: {1922050b-764d-11e1-a0a2-00261855f3fe} - K:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Pinnacle Streaming Server.lnk
ShortcutTarget: Pinnacle Streaming Server.lnk -> C:\Program Files (x86)\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe (Avid Development GmbH)
Startup: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Jeana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0FB88D08E316CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {42F468CA-F130-46F1-90B5-2B3549DB8C6D} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {42F468CA-F130-46F1-90B5-2B3549DB8C6D} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = 
BHO: ROiyalCoUpON -> {019FAF3C-E997-337A-D411-186A99EAACA3} -> C:\ProgramData\ROiyalCoUpON\VrRVChh.x64.dll No File
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll No File
BHO: SalesMMAgnett -> {4F55D6F9-D97A-AD82-6B63-2DEBA5503C6E} -> C:\ProgramData\SalesMMAgnett\x6.x64.dll No File
BHO: FinoeDealSoft -> {4F9C5E41-28C3-47F4-E4B2-3BFEF017AA73} -> C:\ProgramData\FinoeDealSoft\inowUyAB8.x64.dll No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll No File
BHO: dieoall4me -> {C0CEBD58-D06F-A919-0924-6C42BC567B8C} -> C:\ProgramData\dieoall4me\aHX39l.x64.dll No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll No File
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll No File
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll No File
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll No File
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2009-06-11] (EasyBits Software Corp.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\znsta0r5.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @radialpoint.com/SPA,version=1 - C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @radialpoint.com/SPA,version=1 - C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\znsta0r5.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-03]
FF Extension: MediaBar - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\znsta0r5.default\Extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} [2011-02-07]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010-02-22]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-05-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-09-22]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-05]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-10]
 
Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (YouTube) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-04]
CHR Extension: (Google Search) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-04]
CHR Extension: (FastestChrome - Browse Faster) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2012-06-30]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-07-03]
CHR Extension: (Gmail) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-10]
CHR HKLM-x32\...\Chrome\Extension: [lmmhpfbhngkongobaoibpmnijjokabmj] - C:\Program Files (x86)\Virgin Media\Service Manager\ChromeExtension.crx [2012-01-29]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 ASO3DiskOptimizer; C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [264488 2013-03-05] (Systweak Software, (www.systweak.com))
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-10] (AVAST Software)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-09-15] (Microsoft Corp.)
R2 DSUDiskOptimizer; C:\Program Files (x86)\Disk Speedup\DSUDefragSrv64.exe [690488 2012-02-16] (Systweak Inc., (www.systweak.com))
R2 eFixRealTimeProtection; C:\Program Files\eFix\eFix Pro\ReiGuard.exe [5100392 2014-01-16] (Reimage®)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-01-04] (EasyBits Sofware AS) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-14] (SurfRight B.V.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-07-12] (SurfRight B.V.)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
R2 HsdService; C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe [1406264 2011-03-23] (Virgin Media)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2010-06-28] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
R2 ServicepointService; C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe [10310968 2011-11-16] (Radialpoint SafeCare Inc.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [X]
S2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31744 2011-04-27] (Google Inc)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-07-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-10] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-07-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-10] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-07-14] ()
S3 Ltn_stk7070P_64; C:\Windows\System32\DRIVERS\Ltn_stk7070P_64.sys [543232 2007-06-14] (LITEON)
S3 Ltn_stkrc_64; C:\Windows\System32\DRIVERS\Ltn_stkrc_64.sys [16256 2007-06-13] (LITEON)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.) [File not signed]
S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [167456 2008-11-12] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [194640 2010-09-17] (Trend Micro Inc.)
S3 V0230Vfx; C:\Windows\System32\DRIVERS\V0230Vfx.sys [10752 2006-05-05] (EyePower Games Pte. Ltd.)
S3 V0230VID; C:\Windows\System32\DRIVERS\V0230VID.sys [595488 2007-08-07] (Creative Technology Ltd.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-03-19] (CyberLink Corp.)
S3 dump_wmimmc; \??\c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-14 19:04 - 2014-07-14 19:05 - 00035705 _____ () C:\Users\Dad\Downloads\FRST.txt
2014-07-14 19:04 - 2014-07-14 19:05 - 00000000 ____D () C:\FRST
2014-07-14 19:03 - 2014-07-14 19:03 - 02086912 _____ (Farbar) C:\Users\Dad\Downloads\FRST64.exe
2014-07-14 18:30 - 2014-07-14 18:30 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-07-14 18:17 - 2014-07-14 18:17 - 00001734 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-07-14 18:17 - 2014-07-14 18:17 - 00001352 _____ () C:\Users\Dad\Desktop\hitmanpro_x64 (1) - Shortcut.lnk
2014-07-14 18:17 - 2014-07-14 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-07-14 18:17 - 2014-07-14 18:17 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-14 18:14 - 2014-07-14 18:50 - 00000000 ____D () C:\Windows\CryptoGuard
2014-07-14 18:14 - 2014-07-14 18:14 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-07-14 18:14 - 2014-07-14 18:14 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-07-14 18:14 - 2014-07-14 18:14 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys
2014-07-14 18:14 - 2014-07-14 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-07-14 18:14 - 2014-07-14 18:14 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-07-12 20:04 - 2014-07-12 20:04 - 00001205 _____ () C:\Users\Dad\Downloads\FixNCR.reg
2014-07-12 17:55 - 2014-07-14 18:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-12 17:55 - 2014-07-12 17:55 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-12 17:55 - 2014-07-12 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-12 17:55 - 2014-07-12 17:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-12 17:55 - 2014-07-12 17:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-12 17:55 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-12 17:55 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-12 17:55 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-12 17:53 - 2014-07-12 17:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dad\Downloads\mbam-consumer (2).exe
2014-07-12 17:52 - 2014-07-12 17:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dad\Downloads\mbam-consumer (1).exe
2014-07-12 17:44 - 2014-07-12 17:44 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Dad\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-12 17:06 - 2014-07-12 17:25 - 00000340 _____ () C:\Windows\system32\.crusader
2014-07-12 16:52 - 2014-07-12 17:09 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-12 16:52 - 2014-07-12 16:52 - 11185664 _____ (SurfRight B.V.) C:\Users\Dad\Downloads\hitmanpro_x64 (1).exe
2014-07-12 16:51 - 2014-07-12 16:51 - 11185664 _____ (SurfRight B.V.) C:\Users\Dad\Downloads\hitmanpro_x64.exe
2014-07-12 16:50 - 2014-07-12 16:50 - 01876816 _____ (SurfRight B.V.) C:\Users\Dad\Desktop\hmpalert.exe
2014-07-10 22:09 - 2014-07-10 22:09 - 00000000 ____D () C:\Users\Jeana\AppData\Roaming\AVAST Software
2014-07-10 22:05 - 2014-07-14 18:42 - 00070094 _____ () C:\Windows\PFRO.log
2014-07-10 17:31 - 2014-07-10 17:31 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\DropboxMaster
2014-07-10 17:30 - 2014-07-10 17:30 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-10 17:29 - 2014-07-10 17:31 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Dropbox
2014-07-10 17:25 - 2014-07-10 17:25 - 00001831 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-10 17:25 - 2014-07-10 17:25 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\AVAST Software
2014-07-10 17:25 - 2014-07-10 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-10 17:24 - 2014-07-12 17:38 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-10 17:21 - 2014-07-10 17:24 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-10 17:21 - 2014-07-10 17:20 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-10 17:21 - 2014-07-10 17:20 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-10 17:21 - 2014-07-10 17:20 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-10 17:21 - 2014-07-10 17:20 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-10 17:21 - 2014-07-10 17:20 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-07-10 17:21 - 2014-07-10 17:20 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-07-10 17:21 - 2014-07-10 17:20 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-10 17:20 - 2014-07-10 17:20 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-10 17:20 - 2014-07-10 17:20 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-10 17:18 - 2014-07-10 17:18 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-10 17:16 - 2014-07-10 17:18 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-10 17:16 - 2014-07-10 17:16 - 04862664 _____ (AVAST Software) C:\Users\Dad\Downloads\avast_free_antivirus_setup_online.exe
2014-07-09 23:19 - 2014-07-10 07:51 - 00000000 ____D () C:\Program Files (x86)\Coupon Alert Removal Tool
2014-07-09 23:17 - 2014-07-09 23:18 - 03250240 _____ (Security Stronghold ) C:\Users\Dad\Downloads\CouponAlertRemovalTool.exe
2014-07-09 23:11 - 2014-07-10 07:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-07-09 23:11 - 2014-07-10 07:48 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-07-09 23:10 - 2014-07-09 23:11 - 15847248 _____ (Anvisoft) C:\Users\Dad\Downloads\csbsetup.exe
2014-07-09 22:59 - 2014-07-09 22:59 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Systweak
2014-07-09 21:11 - 2014-06-07 03:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 21:11 - 2014-06-07 03:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 21:11 - 2014-06-07 03:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 21:11 - 2014-06-07 03:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 21:11 - 2014-06-07 03:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 21:11 - 2014-06-07 01:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 21:11 - 2014-06-07 00:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 21:11 - 2014-06-07 00:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 21:11 - 2014-06-06 23:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-09 21:11 - 2014-06-06 23:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 21:11 - 2014-06-06 23:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 21:11 - 2014-06-06 23:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 21:11 - 2014-06-06 23:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 21:11 - 2014-06-06 23:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 21:10 - 2014-06-07 05:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 21:10 - 2014-06-07 04:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 21:10 - 2014-06-07 03:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 21:10 - 2014-06-07 03:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 21:10 - 2014-06-07 03:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-09 21:10 - 2014-06-07 03:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 21:10 - 2014-06-07 03:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 21:10 - 2014-06-07 03:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 21:10 - 2014-06-07 03:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 21:10 - 2014-06-07 03:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 21:10 - 2014-06-07 03:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 21:10 - 2014-06-07 03:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 21:10 - 2014-06-07 03:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-09 21:10 - 2014-06-07 03:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-09 21:10 - 2014-06-07 03:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-09 21:10 - 2014-06-07 03:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 21:10 - 2014-06-07 00:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 21:10 - 2014-06-07 00:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 21:10 - 2014-06-07 00:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 21:10 - 2014-06-07 00:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-09 21:10 - 2014-06-06 23:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 21:10 - 2014-06-06 23:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 21:10 - 2014-06-06 23:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 21:10 - 2014-06-06 23:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 21:10 - 2014-06-06 23:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-09 21:10 - 2014-06-06 23:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 21:10 - 2014-06-06 23:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-09 21:10 - 2014-06-06 23:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-09 21:09 - 2014-06-07 01:33 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 21:09 - 2014-06-06 09:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 21:09 - 2014-06-06 08:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 21:09 - 2014-05-30 08:10 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 19:01 - 2014-07-09 19:01 - 00005459 _____ () C:\Users\Dad\Desktop\JRT.txt
2014-07-09 18:33 - 2014-07-09 18:33 - 00000000 ____D () C:\Windows\ERUNT
2014-07-09 18:32 - 2014-07-09 18:33 - 01016261 _____ (Thisisu) C:\Users\Dad\Downloads\JRT.exe
2014-07-09 08:08 - 2014-07-09 08:08 - 01348263 _____ () C:\Users\Dad\Downloads\adwcleaner_3.215 (1).exe
2014-07-09 07:53 - 2014-07-09 07:53 - 01348263 _____ () C:\Users\Dad\Downloads\adwcleaner_3.215.exe
2014-07-04 16:31 - 2014-07-04 16:31 - 00001886 _____ () C:\Users\Jeana\Downloads\No Subject.eml
2014-07-04 08:30 - 2013-11-05 14:38 - 01122304 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll
2014-07-04 08:30 - 2013-11-05 14:38 - 00274432 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll
2014-07-04 08:30 - 2012-12-10 11:04 - 00356352 _____ (eSellerate Inc.) C:\Windows\eSellerateEngine.dll
2014-07-04 08:30 - 2012-12-10 11:04 - 00081920 _____ (eSellerate Inc.) C:\Windows\eSellerateControl350.dll
2014-07-04 08:29 - 2014-07-04 08:29 - 03250240 _____ (Security Stronghold ) C:\Users\Dad\Downloads\CouponAlertsRemovalTool.exe
2014-07-03 17:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-03 17:46 - 2014-07-09 08:12 - 00000000 ____D () C:\AdwCleaner
2014-07-03 17:45 - 2014-07-03 17:45 - 01346519 _____ () C:\Users\Dad\Downloads\adwcleaner_3.214.exe
2014-06-29 17:40 - 2014-06-29 17:40 - 00000594 _____ () C:\Users\Jeana\Downloads\download (9) - Shortcut ().lnk
2014-06-29 17:40 - 2014-06-29 17:40 - 00000594 _____ () C:\Users\Jeana\Downloads\download (8) - Shortcut ().lnk
2014-06-29 17:40 - 2014-06-29 17:40 - 00000594 _____ () C:\Users\Jeana\Downloads\download (7) - Shortcut ().lnk
2014-06-29 17:40 - 2014-06-29 17:40 - 00000594 _____ () C:\Users\Jeana\Downloads\download (11) - Shortcut ().lnk
2014-06-29 17:40 - 2014-06-29 17:40 - 00000594 _____ () C:\Users\Jeana\Downloads\download (10) - Shortcut ().lnk
2014-06-29 17:39 - 2014-06-29 17:39 - 00000594 _____ () C:\Users\Jeana\Downloads\download (6) - Shortcut ().lnk
2014-06-29 17:39 - 2014-06-29 17:39 - 00000594 _____ () C:\Users\Jeana\Downloads\download (5) - Shortcut ().lnk
2014-06-29 17:39 - 2014-06-29 17:39 - 00000574 _____ () C:\Users\Jeana\Downloads\download - Shortcut (7).lnk
2014-06-29 17:39 - 2014-06-29 17:39 - 00000574 _____ () C:\Users\Jeana\Downloads\download - Shortcut (6).lnk
2014-06-29 17:38 - 2014-06-29 17:38 - 00000594 _____ () C:\Users\Jeana\Downloads\download (4) - Shortcut ().lnk
2014-06-29 17:38 - 2014-06-29 17:38 - 00000594 _____ () C:\Users\Jeana\Downloads\download (3) - Shortcut ().lnk
2014-06-29 17:38 - 2014-06-29 17:38 - 00000574 _____ () C:\Users\Jeana\Downloads\download - Shortcut (5).lnk
2014-06-29 17:37 - 2014-06-29 17:37 - 00000594 _____ () C:\Users\Jeana\Downloads\download (2) - Shortcut ().lnk
2014-06-29 17:37 - 2014-06-29 17:37 - 00000574 _____ () C:\Users\Jeana\Downloads\download - Shortcut (4).lnk
2014-06-29 17:37 - 2014-06-29 17:37 - 00000574 _____ () C:\Users\Jeana\Downloads\download - Shortcut (3).lnk
2014-06-29 17:36 - 2014-06-29 17:36 - 00000594 _____ () C:\Users\Jeana\Downloads\download (4) - Shortcut.lnk
2014-06-29 17:36 - 2014-06-29 17:36 - 00000574 _____ () C:\Users\Jeana\Downloads\download - Shortcut (2).lnk
2014-06-29 17:35 - 2014-06-29 17:35 - 00000594 _____ () C:\Users\Jeana\Downloads\download (3) - Shortcut.lnk
2014-06-29 17:35 - 2014-06-29 17:35 - 00000594 _____ () C:\Users\Jeana\Downloads\download (2) - Shortcut.lnk
2014-06-29 17:35 - 2014-06-29 17:35 - 00000594 _____ () C:\Users\Jeana\Downloads\download (1) - Shortcut.lnk
2014-06-29 17:35 - 2014-06-29 17:35 - 00000574 _____ () C:\Users\Jeana\Downloads\download - Shortcut.lnk
2014-06-29 17:33 - 2014-06-29 17:33 - 00043248 _____ () C:\Users\Jeana\Downloads\download.rar
2014-06-29 17:16 - 2014-06-29 17:16 - 00205553 _____ () C:\Users\Jeana\Downloads\download (3).htm
2014-06-29 17:16 - 2014-06-29 17:16 - 00205416 _____ () C:\Users\Jeana\Downloads\download (4).htm
2014-06-29 17:15 - 2014-06-29 17:15 - 00341996 _____ () C:\Users\Jeana\Downloads\Outlook.com - jeanaellis@hotmail.com.htm
2014-06-29 17:15 - 2014-06-29 17:15 - 00205551 _____ () C:\Users\Jeana\Downloads\download (2).htm
2014-06-29 17:15 - 2014-06-29 17:15 - 00205551 _____ () C:\Users\Jeana\Downloads\download (1).htm
2014-06-29 17:15 - 2014-06-29 17:15 - 00205419 _____ () C:\Users\Jeana\Downloads\download.htm
2014-06-29 17:14 - 2014-06-29 17:15 - 00000000 ____D () C:\Users\Jeana\Downloads\Outlook.com - jeanaellis@hotmail.com_files
2014-06-29 16:27 - 2014-06-29 16:28 - 02390822 _____ () C:\Users\Jeana\Downloads\Outlook.com.zip
 
==================== One Month Modified Files and Folders =======
 
2014-07-14 19:05 - 2014-07-14 19:04 - 00035705 _____ () C:\Users\Dad\Downloads\FRST.txt
2014-07-14 19:05 - 2014-07-14 19:04 - 00000000 ____D () C:\FRST
2014-07-14 19:03 - 2014-07-14 19:03 - 02086912 _____ (Farbar) C:\Users\Dad\Downloads\FRST64.exe
2014-07-14 18:52 - 2009-07-13 22:05 - 00003570 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-07-14 18:51 - 2010-05-26 17:43 - 00000000 ____D () C:\ProgramData\Radialpoint
2014-07-14 18:51 - 2009-09-05 13:07 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-14 18:50 - 2014-07-14 18:14 - 00000000 ____D () C:\Windows\CryptoGuard
2014-07-14 18:49 - 2014-07-12 17:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 18:49 - 2013-05-27 00:55 - 00000418 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2014-07-14 18:49 - 2010-09-22 21:38 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-14 18:49 - 2009-09-10 17:38 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-07-14 18:47 - 2009-07-13 22:03 - 01582151 _____ () C:\Windows\WindowsUpdate.log
2014-07-14 18:46 - 2012-06-26 20:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-14 18:45 - 2006-11-02 16:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-14 18:42 - 2014-07-10 22:05 - 00070094 _____ () C:\Windows\PFRO.log
2014-07-14 18:42 - 2010-12-24 16:21 - 00000300 _____ () C:\Windows\Tasks\BearShareNAG.job
2014-07-14 18:42 - 2009-09-12 14:04 - 00000000 ____D () C:\ProgramData\Kodak
2014-07-14 18:42 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-14 18:42 - 2006-11-02 16:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-14 18:42 - 2006-11-02 16:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-14 18:41 - 2006-11-02 16:42 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-14 18:30 - 2014-07-14 18:30 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-07-14 18:29 - 2010-09-22 21:38 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-14 18:17 - 2014-07-14 18:17 - 00001734 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-07-14 18:17 - 2014-07-14 18:17 - 00001352 _____ () C:\Users\Dad\Desktop\hitmanpro_x64 (1) - Shortcut.lnk
2014-07-14 18:17 - 2014-07-14 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-07-14 18:17 - 2014-07-14 18:17 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-14 18:14 - 2014-07-14 18:14 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-07-14 18:14 - 2014-07-14 18:14 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-07-14 18:14 - 2014-07-14 18:14 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys
2014-07-14 18:14 - 2014-07-14 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-07-14 18:14 - 2014-07-14 18:14 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-07-14 18:06 - 2009-09-17 19:39 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-14 17:49 - 2013-05-27 00:45 - 00000358 _____ () C:\Windows\Tasks\Playtopus Updater.job
2014-07-14 17:13 - 2011-08-01 18:57 - 00003678 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F3D7915C-A58C-43C9-94B4-77293C71CF5F}
2014-07-14 17:09 - 2014-01-02 09:59 - 00000000 ____D () C:\Users\Jeana\AppData\Roaming\Skype
2014-07-14 16:00 - 2012-02-03 18:42 - 00000000 ____D () C:\Users\Jeana\AppData\Roaming\Radialpoint
2014-07-14 13:27 - 2010-07-16 17:24 - 00000000 ____D () C:\Users\Jeana\AppData\Roaming\LimeWire
2014-07-14 13:10 - 2011-08-01 19:48 - 00003670 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{ED467A69-F13F-44BC-BA8E-2EC0D7FAADC7}
2014-07-14 12:56 - 2012-01-29 16:47 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Radialpoint
2014-07-13 16:50 - 2014-02-23 18:27 - 00048576 _____ () C:\Windows\system32\ScanResults.xml
2014-07-13 16:48 - 2014-03-16 19:24 - 00001056 _____ () C:\Windows\system32\SettingsFile
2014-07-12 20:04 - 2014-07-12 20:04 - 00001205 _____ () C:\Users\Dad\Downloads\FixNCR.reg
2014-07-12 17:55 - 2014-07-12 17:55 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-12 17:55 - 2014-07-12 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-12 17:55 - 2014-07-12 17:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-12 17:55 - 2014-07-12 17:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-12 17:53 - 2014-07-12 17:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dad\Downloads\mbam-consumer (2).exe
2014-07-12 17:53 - 2014-07-12 17:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dad\Downloads\mbam-consumer (1).exe
2014-07-12 17:44 - 2014-07-12 17:44 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Dad\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-12 17:38 - 2014-07-10 17:24 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-12 17:25 - 2014-07-12 17:06 - 00000340 _____ () C:\Windows\system32\.crusader
2014-07-12 17:09 - 2014-07-12 16:52 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-12 17:06 - 2012-01-11 08:47 - 00000000 __SHD () C:\Users\Dad\AppData\Local\{b33f991b-6f86-5524-132e-b5afd234eee6}
2014-07-12 16:52 - 2014-07-12 16:52 - 11185664 _____ (SurfRight B.V.) C:\Users\Dad\Downloads\hitmanpro_x64 (1).exe
2014-07-12 16:51 - 2014-07-12 16:51 - 11185664 _____ (SurfRight B.V.) C:\Users\Dad\Downloads\hitmanpro_x64.exe
2014-07-12 16:50 - 2014-07-12 16:50 - 01876816 _____ (SurfRight B.V.) C:\Users\Dad\Desktop\hmpalert.exe
2014-07-12 16:46 - 2009-09-10 17:39 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-11 19:48 - 2013-08-01 19:48 - 00000426 _____ () C:\Windows\Tasks\ASO-OneClickCare.job
2014-07-11 07:25 - 2014-03-02 14:28 - 00002015 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-10 22:09 - 2014-07-10 22:09 - 00000000 ____D () C:\Users\Jeana\AppData\Roaming\AVAST Software
2014-07-10 22:02 - 2012-08-07 09:46 - 00000000 ____D () C:\Users\Dad\AppData\Local\{57B1E8F4-E06C-11E1-8270-B8AC6F996F26}
2014-07-10 19:50 - 2013-08-01 19:48 - 00000456 _____ () C:\Windows\Tasks\ASO-AutoCheckUpdate7Days.job
2014-07-10 19:16 - 2009-06-11 16:44 - 00000943 _____ () C:\Users\Public\Desktop\Internet Explorer.lnk
2014-07-10 17:31 - 2014-07-10 17:31 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\DropboxMaster
2014-07-10 17:31 - 2014-07-10 17:29 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Dropbox
2014-07-10 17:30 - 2014-07-10 17:30 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-10 17:25 - 2014-07-10 17:25 - 00001831 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-10 17:25 - 2014-07-10 17:25 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\AVAST Software
2014-07-10 17:25 - 2014-07-10 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-10 17:24 - 2014-07-10 17:21 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-10 17:20 - 2014-07-10 17:21 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-10 17:20 - 2014-07-10 17:21 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-10 17:20 - 2014-07-10 17:21 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-10 17:20 - 2014-07-10 17:21 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-10 17:20 - 2014-07-10 17:21 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-07-10 17:20 - 2014-07-10 17:21 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-07-10 17:20 - 2014-07-10 17:21 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-10 17:20 - 2014-07-10 17:20 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-10 17:20 - 2014-07-10 17:20 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-10 17:20 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-07-10 17:18 - 2014-07-10 17:18 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-10 17:18 - 2014-07-10 17:16 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-10 17:16 - 2014-07-10 17:16 - 04862664 _____ (AVAST Software) C:\Users\Dad\Downloads\avast_free_antivirus_setup_online.exe
2014-07-10 17:13 - 2012-08-11 11:36 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-07-10 08:22 - 2014-02-18 17:53 - 00000000 ____D () C:\ProgramData\CDB
2014-07-10 08:22 - 2012-02-03 17:29 - 00000000 ____D () C:\Users\Charlie\AppData\Roaming\BitTorrent
2014-07-10 08:22 - 2011-03-29 16:57 - 00000000 ____D () C:\Users\Charlie\AppData\Roaming\uTorrent
2014-07-10 08:22 - 2006-11-02 16:07 - 00000000 ____D () C:\Windows\ShellNew
2014-07-10 08:22 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 08:22 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\spool
2014-07-10 08:22 - 2006-11-02 14:33 - 00000000 __RSD () C:\Windows\Media
2014-07-10 08:22 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\registration
2014-07-10 07:51 - 2014-07-09 23:19 - 00000000 ____D () C:\Program Files (x86)\Coupon Alert Removal Tool
2014-07-10 07:48 - 2014-07-09 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-07-10 07:48 - 2014-07-09 23:11 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-07-10 07:42 - 2009-09-06 09:46 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Adobe
2014-07-10 07:13 - 2009-09-14 18:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-10 07:12 - 2014-02-18 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eFix Pro
2014-07-10 07:12 - 2012-06-23 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2014-07-10 07:12 - 2011-08-19 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Power Speed
2014-07-10 07:12 - 2009-09-13 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 5.5
2014-07-10 07:12 - 2009-06-11 23:41 - 00000000 ____D () C:\Windows\Panther
2014-07-10 03:29 - 2006-11-02 16:21 - 00322688 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 03:01 - 2013-07-25 08:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:01 - 2006-11-02 13:35 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-09 23:18 - 2014-07-09 23:17 - 03250240 _____ (Security Stronghold ) C:\Users\Dad\Downloads\CouponAlertRemovalTool.exe
2014-07-09 23:11 - 2014-07-09 23:10 - 15847248 _____ (Anvisoft) C:\Users\Dad\Downloads\csbsetup.exe
2014-07-09 22:59 - 2014-07-09 22:59 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Systweak
2014-07-09 19:01 - 2014-07-09 19:01 - 00005459 _____ () C:\Users\Dad\Desktop\JRT.txt
2014-07-09 18:33 - 2014-07-09 18:33 - 00000000 ____D () C:\Windows\ERUNT
2014-07-09 18:33 - 2014-07-09 18:32 - 01016261 _____ (Thisisu) C:\Users\Dad\Downloads\JRT.exe
2014-07-09 15:46 - 2012-06-26 20:03 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 15:46 - 2012-06-26 20:03 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 15:46 - 2011-05-19 20:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 08:12 - 2014-07-03 17:46 - 00000000 ____D () C:\AdwCleaner
2014-07-09 08:08 - 2014-07-09 08:08 - 01348263 _____ () C:\Users\Dad\Downloads\adwcleaner_3.215 (1).exe
2014-07-09 07:53 - 2014-07-09 07:53 - 01348263 _____ () C:\Users\Dad\Downloads\adwcleaner_3.215.exe
2014-07-08 08:25 - 2010-04-20 17:55 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\HpUpdate
2014-07-04 16:31 - 2014-07-04 16:31 - 00001886 _____ () C:\Users\Jeana\Downloads\No Subject.eml
2014-07-04 08:29 - 2014-07-04 08:29 - 03250240 _____ (Security Stronghold ) C:\Users\Dad\Downloads\CouponAlertsRemovalTool.exe
2014-07-03 17:45 - 2014-07-03 17:45 - 01346519 _____ () C:\Users\Dad\Downloads\adwcleaner_3.214.exe
2014-07-03 17:06 - 2014-03-10 02:03 - 00000000 ____D () C:\ProgramData\4273ee94670410e0
2014-06-30 10:00 - 2009-09-05 12:18 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-06-29 17:40 - 2014-06-29 17:40 - 00000594 _____ () C:\Users\Jeana\Downloads\download (9) - Shortcut ().lnk
2014-06-29 17:40 - 2014-06-29 17:40 - 00000594 _____ () C:\Users\Jeana\Downloads\download (8) - Shortcut ().lnk
2014-06-29 17:40 - 2014-06-29 17:40 - 00000594 _____ () C:\Users\Jeana\Downloads\download (7) - Shortcut ().lnk
2014-06-29 17:40 - 2014-06-29 17:40 - 00000594 _____ () C:\Users\Jeana\Downloads\download (11) - Shortcut ().lnk
2014-06-29 17:40 - 2014-06-29 17:40 - 00000594 _____ () C:\Users\Jeana\Downloads\download (10) - Shortcut ().lnk
2014-06-29 17:39 - 2014-06-29 17:39 - 00000594 _____ () C:\Users\Jeana\Downloads\download (6) - Shortcut ().lnk
2014-06-29 17:39 - 2014-06-29 17:39 - 00000594 _____ () C:\Users\Jeana\Downloads\download (5) - Shortcut ().lnk
2014-06-29 17:39 - 2014-06-29 17:39 - 00000574 _____ () C:\Users\Jeana\Downloads\download - Shortcut (7).lnk
2014-06-29 17:39 - 2014-06-29 17:39 - 00000574 _____ () C:\Users\Jeana\Downloads\download - Shortcut (6).lnk
2014-06-29 17:38 - 2014-06-29 17:38 - 00000594 _____ () C:\Users\Jeana\Downloads\download (4) - Shortcut ().lnk
2014-06-29 17:38 - 2014-06-29 17:38 - 00000594 _____ () C:\Users\Jeana\Downloads\download (3) - Shortcut ().lnk
2014-06-29 17:38 - 2014-06-29 17:38 - 00000574 _____ () C:\Users\Jeana\Downloads\download - Shortcut (5).lnk
2014-06-29 17:37 - 2014-06-29 17:37 - 00000594 _____ () C:\Users\Jeana\Downloads\download (2) - Shortcut ().lnk
2014-06-29 17:37 - 2014-06-29 17:37 - 00000574 _____ () C:\Users\Jeana\Downloads\download - Shortcut (4).lnk
2014-06-29 17:37 - 2014-06-29 17:37 - 00000574 _____ () C:\Users\Jeana\Downloads\download - Shortcut (3).lnk
2014-06-29 17:36 - 2014-06-29 17:36 - 00000594 _____ () C:\Users\Jeana\Downloads\download (4) - Shortcut.lnk
2014-06-29 17:36 - 2014-06-29 17:36 - 00000574 _____ () C:\Users\Jeana\Downloads\download - Shortcut (2).lnk
2014-06-29 17:35 - 2014-06-29 17:35 - 00000594 _____ () C:\Users\Jeana\Downloads\download (3) - Shortcut.lnk
2014-06-29 17:35 - 2014-06-29 17:35 - 00000594 _____ () C:\Users\Jeana\Downloads\download (2) - Shortcut.lnk
2014-06-29 17:35 - 2014-06-29 17:35 - 00000594 _____ () C:\Users\Jeana\Downloads\download (1) - Shortcut.lnk
2014-06-29 17:35 - 2014-06-29 17:35 - 00000574 _____ () C:\Users\Jeana\Downloads\download - Shortcut.lnk
2014-06-29 17:33 - 2014-06-29 17:33 - 00043248 _____ () C:\Users\Jeana\Downloads\download.rar
2014-06-29 17:16 - 2014-06-29 17:16 - 00205553 _____ () C:\Users\Jeana\Downloads\download (3).htm
2014-06-29 17:16 - 2014-06-29 17:16 - 00205416 _____ () C:\Users\Jeana\Downloads\download (4).htm
2014-06-29 17:15 - 2014-06-29 17:15 - 00341996 _____ () C:\Users\Jeana\Downloads\Outlook.com - jeanaellis@hotmail.com.htm
2014-06-29 17:15 - 2014-06-29 17:15 - 00205551 _____ () C:\Users\Jeana\Downloads\download (2).htm
2014-06-29 17:15 - 2014-06-29 17:15 - 00205551 _____ () C:\Users\Jeana\Downloads\download (1).htm
2014-06-29 17:15 - 2014-06-29 17:15 - 00205419 _____ () C:\Users\Jeana\Downloads\download.htm
2014-06-29 17:15 - 2014-06-29 17:14 - 00000000 ____D () C:\Users\Jeana\Downloads\Outlook.com - jeanaellis@hotmail.com_files
2014-06-29 16:28 - 2014-06-29 16:27 - 02390822 _____ () C:\Users\Jeana\Downloads\Outlook.com.zip
2014-06-28 16:49 - 2006-11-02 13:46 - 00826362 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-23 22:24 - 2010-06-25 09:47 - 00000000 ____D () C:\Users\Jeana\AppData\Roaming\HpUpdate
 
Files to move or delete:
====================
C:\Users\Charlie\jagex_cl_runescape_LIVE.dat
C:\Users\Charlie\jagex_runescape_preferences.dat
C:\Users\Charlie\jagex_runescape_preferences2.dat
 
 
Some content of TEMP:
====================
C:\Users\Charlie\AppData\Local\Temp\6mjxdkua.dll
C:\Users\Charlie\AppData\Local\Temp\9f--uoq3.dll
C:\Users\Charlie\AppData\Local\Temp\a2zLyrics_1060-8102_v122.exe
C:\Users\Charlie\AppData\Local\Temp\AVG.exe
C:\Users\Charlie\AppData\Local\Temp\avguidx.dll
C:\Users\Charlie\AppData\Local\Temp\BackupSetup.exe
C:\Users\Charlie\AppData\Local\Temp\BearShare_setup.exe
C:\Users\Charlie\AppData\Local\Temp\BunndleOfferManager.dll
C:\Users\Charlie\AppData\Local\Temp\cci.exe
C:\Users\Charlie\AppData\Local\Temp\CheatEngine63Clean.exe
C:\Users\Charlie\AppData\Local\Temp\cloud_backup_setup.exe
C:\Users\Charlie\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Charlie\AppData\Local\Temp\DefaultAssets.exe
C:\Users\Charlie\AppData\Local\Temp\DefaultOfflineContent.exe
C:\Users\Charlie\AppData\Local\Temp\Delta.exe
C:\Users\Charlie\AppData\Local\Temp\DivXInstaller.exe
C:\Users\Charlie\AppData\Local\Temp\DivXSetup.exe
C:\Users\Charlie\AppData\Local\Temp\eFixPro.exe
C:\Users\Charlie\AppData\Local\Temp\eFixProPackage.exe
C:\Users\Charlie\AppData\Local\Temp\eFixProSetup.exe
C:\Users\Charlie\AppData\Local\Temp\ffunzip.exe
C:\Users\Charlie\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
C:\Users\Charlie\AppData\Local\Temp\GLF3227.tmp.ConduitEngineSetup.exe
C:\Users\Charlie\AppData\Local\Temp\iet2C48.tmp.exe
C:\Users\Charlie\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Charlie\AppData\Local\Temp\IminentSetup{2.q1q3SnVP.1}-20120103.exe
C:\Users\Charlie\AppData\Local\Temp\Installhelper.dll
C:\Users\Charlie\AppData\Local\Temp\InstallNorton.exe
C:\Users\Charlie\AppData\Local\Temp\kvs2sugb.dll
C:\Users\Charlie\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\Charlie\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Charlie\AppData\Local\Temp\msg2CA8.exe
C:\Users\Charlie\AppData\Local\Temp\NLStubInstallerResources.dll
C:\Users\Charlie\AppData\Local\Temp\o2skv7gj.dll
C:\Users\Charlie\AppData\Local\Temp\OnlineWeatherSetup.exe
C:\Users\Charlie\AppData\Local\Temp\optimizerelitemax.exe
C:\Users\Charlie\AppData\Local\Temp\Optimizer_Pro.exe
C:\Users\Charlie\AppData\Local\Temp\PCCU_Installer.exe
C:\Users\Charlie\AppData\Local\Temp\propsys.dll
C:\Users\Charlie\AppData\Local\Temp\RegAsm.exe
C:\Users\Charlie\AppData\Local\Temp\spdttm1.exe
C:\Users\Charlie\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Charlie\AppData\Local\Temp\SymcPCCUInstaller.exe
C:\Users\Charlie\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Charlie\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Charlie\AppData\Local\Temp\UpdaterCopy.exe
C:\Users\Charlie\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Charlie\AppData\Local\Temp\WSSetup.exe
C:\Users\Charlie\AppData\Local\Temp\_PC_DRIVERS_HQAssets.exe
C:\Users\Charlie\AppData\Local\Temp\{8638DCB0-14A8-4A26-A859-2DF0A4475426}-chrome_installer.exe
C:\Users\Charlie\AppData\Local\Temp\{D88537AE-2D49-4AD5-88FB-7CB45F105990}-GoogleUpdateSetup.exe
C:\Users\Dad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6gqnym.dll
C:\Users\Dad\AppData\Local\Temp\HitmanPro.exe
C:\Users\Jeana\AppData\Local\Temp\BearShare_setup.exe
C:\Users\Jeana\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Jeana\AppData\Local\Temp\gtb.exe
C:\Users\Jeana\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Jeana\AppData\Local\Temp\msg1119.exe
C:\Users\Jeana\AppData\Local\Temp\msg2C3D.exe
C:\Users\Jeana\AppData\Local\Temp\msg4062.exe
C:\Users\Jeana\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Jeana\AppData\Local\Temp\SkypeSetupFull(6.1.73.129)(Trackable457)trackable.exe
C:\Users\Jeana\AppData\Local\Temp\wlsetup-cvr.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-14 18:56
 
==================== End Of Log ============================
 
 
Link to post
Share on other sites

This is the additional info from farbar 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2014 01
Ran by Dad at 2014-07-14 19:06:53
Running from C:\Users\Dad\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
2Moons (HKLM-x32\...\{1BD67531-A957-4592-9743-A2761BB4AC28}) (Version: 1.00.0000 - Acclaim)
888casino (HKLM-x32\...\888casino) (Version:  - )
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Advanced System Optimizer (HKLM-x32\...\{A1E21995-127E-4B7F-8C4D-CB04AA8A58EF}_is1) (Version: 3.5.1000.15127 - Systweak Software)
aioprnt (Version: 5.7.4.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 6.0.2.0 - Your Company Name) Hidden
Alliance of Valiant Arms (HKLM-x32\...\Steam App 102700) (Version:  - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{F7FF5EB8-E7C8-8096-0C33-A5B30CD2EA4C}) (Version: 3.0.710.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield Heroes (HKCU\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.309.0 - Microsoft Corporation)
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.6.0 - BitTorrent Inc.)
blinkx beat (HKCU\...\blinkx beat) (Version: 1.5.0 - blinkx)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
Call of Duty 4: Modern Warfare (HKLM-x32\...\Steam App 7940) (Version:  - Infinity Ward)
Call of Duty: World at War (HKLM-x32\...\Steam App 10090) (Version:  - Activision)
Canon Auto Update Service (HKLM-x32\...\Auto Update Service) (Version: 1.1.0.13 - Canon Inc.)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.6.0.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.)
Canon PowerShot S100 Camera User Guide (HKLM-x32\...\CameraUserGuide-PSS100) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM-x32\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.11 (HKLM-x32\...\DPP) (Version: 3.11.3.10 - Canon Inc.)
Canon Utilities Map Utility (HKLM-x32\...\MapUtility) (Version: 1.1.0.4 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.3.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.8.0.10 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.6.0.15 - Canon Inc.)
Casino-On-Net (HKLM-x32\...\Casino-On-Net) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0127.2137.38780 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0127.2137.38780 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0127.2137.38780 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0127.2137.38780 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0127.2137.38780 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0127.2137.38780 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0127.2137.38780 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0127.2137.38780 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0127.2136.38780 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0127.2136.38780 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0127.2136.38780 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0127.2136.38780 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0127.2136.38780 - ATI) Hidden
CCC Help English (x32 Version: 2009.0127.2136.38780 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0127.2136.38780 - ATI) Hidden
CCC Help French (x32 Version: 2009.0127.2136.38780 - ATI) Hidden
CCC Help German (x32 Version: 2009.0127.2136.38780 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0127.2136.38780 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0127.2136.38780 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0127.2136.38780 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0127.2136.38780 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0127.2136.38780 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0127.2136.38780 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0127.2136.38780 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0127.2136.38780 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0127.2136.38780 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0127.2136.38780 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0127.2136.38780 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0127.2136.38780 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0127.2136.38780 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0127.2137.38780 - ATI) Hidden
ccc-utility64 (Version: 2009.0127.2137.38780 - ATI) Hidden
center (x32 Version: 6.2.5.0 - Eastman Kodak Company) Hidden
Cheat Engine 5.5 (HKLM-x32\...\Cheat Engine 5.5_is1) (Version:  - Dark Byte)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Counter-Strike: Source Beta (HKLM-x32\...\Steam App 260) (Version:  - )
Creative Live! Cam Video IM Pro Driver (1.03.02.00) (HKLM\...\Creative VF0230) (Version:  - )
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2602 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 6.0.2602 - CyberLink Corp.) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Disk Speedup (HKLM-x32\...\{FC7E771F-8170-4573-825D-EDB6723C804F}_is1) (Version:  - Systweak INC.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
DriverBoost (HKLM-x32\...\{044E78D2-8F54-4F6F-AD2B-A122F8111EDB}) (Version: 8.1 - DriverBoost)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
eFix Pro (HKLM\...\eFix Pro) (Version: 1.7.1.1 - Reimage)
essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden
FlatOut: Ultimate Carnage (HKLM-x32\...\Steam App 12360) (Version:  - BugBear)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Team Garry)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Graboid Video 3.12 (HKLM-x32\...\Graboid Video) (Version: 3.12 - Graboid Inc.)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 5.1.5144.16 - PC-Doctor, Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.220 - SurfRight B.V.)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
HP Active Support Library (HKLM-x32\...\{0295F89F-F698-4101-9A7D-49F407EC2D82}) (Version: 3.1.10.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{B84739A3-F943-47E4-95D8-96381EF5AC48}) (Version: 5.7.0.2945 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.89 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{290CA856-3737-4874-864B-BA142F4823C8}_is1) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.2.2719 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 2.2.2719 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.2.2809 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 2.2.2809 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}) (Version: 2.1.12 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Picasso Media Center Add-In (x32 Version: 1.0.0 - HP) Hidden
HP Product Detection (HKLM-x32\...\{42D10994-A566-495D-A5E7-D0C6B5C6B35C}) (Version: 11.14.0006 - HP)
HP Recovery Manager RSS (x32 Version: 92.0.0.11 - Hewlet Packard Company) Hidden
HP Remote Software (HKLM\...\{5F240DB8-0D74-4F13-86C3-929760392A8D}) (Version: 1.0.5.0 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{1CC069FA-1A86-402E-9787-3F04E652C67A}) (Version: 10.1.0001 - Hewlett-Packard)
HP Total Care Setup (HKLM-x32\...\{784BEA84-FA66-4B19-BB80-7B545F248AC6}) (Version: 1.2.2854.2975 - Hewlett-Packard)
HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
Iminent (x32 Version: 5.26.21.0 - Iminent) Hidden <==== ATTENTION
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Kodak AIO Printer (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 6.2.6.20 - Eastman Kodak Company)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1402 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1402 - CyberLink Corp.) Hidden
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
LightScribe System Software (HKLM-x32\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version:  - EasyBits Software AS)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaBar (HKLM-x32\...\BearShare 2 MediaBar) (Version: 2.5.0.98385 - Musiclab, LLC) <==== ATTENTION
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{86A4C6D9-29EE-4719-AFA1-BA3341862B83}) (Version: 3.4.54.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 (x32 Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM-x32\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Visual C# 2008 Express Edition with SP1 - ENU (HKLM-x32\...\Microsoft Visual C# 2008 Express Edition with SP1 - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C# 2008 Express Edition with SP1 - ENU (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Game Studio 3.1 (ARP entry) (x32 Version: 3.1.10527.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 3.1 (HKLM-x32\...\XNA Game Studio 3.1) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Game Studio 3.1 (Platformer) (x32 Version: 3.1.10527.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 3.1 (Redists) (x32 Version: 3.1.10527.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 3.1 (Shared Components) (x32 Version: 3.1.10527.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 3.1 (VCSExpress) (x32 Version: 3.1.10527.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 3.1 (XnaLiveProxy) (x32 Version: 3.1.10527.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 3.1 Documentation (x32 Version: 3.1.10527.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio Platform Tools (HKLM-x32\...\{BED4CEEC-863F-4AB3-BA23-541764E2D2CE}) (Version: 1.1.0.0 - Microsoft Corporation)
MioMore Desktop 2008 (HKLM-x32\...\{7617FC2E-EA1B-4F07-A0F5-5D5F437CB32D}) (Version: 5.90.105 - Navman Technologies NZ Ltd)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 5.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 5.0 (x86 en-GB)) (Version: 5.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 5.0.0.1198 - MyHeritage.com)
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
PC Connectivity Solution (HKLM-x32\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia)
PC Power Speed 1.0.0.21 (HKLM-x32\...\{B0C56FD7-493D-44DD-B007-BBB5117D6E6F}_is1) (Version: 1.0.0.21 - Crawler, LLC.)
PC Tools Registry Mechanic 11.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.0 - PC Tools)
Pinnacle DistanTV Server (HKLM-x32\...\{7C7AC2D4-1077-45C8-826A-16445B5E0DB7}) (Version: 1.0.0.095 - Pinnacle Systems)
Pinnacle TVCenter Pro (HKLM-x32\...\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}) (Version: 4.99.2088 - Pinnacle Systems)
PKR (HKLM-x32\...\PKR) (Version:  - PKR Ltd)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2602 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2602 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2611 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2611 - CyberLink Corp.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.2 - Power Software Ltd)
PreReq (x32 Version: 6.2.2.60 - Eastman Kodak Company) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)
Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Radialpoint Dashboard Patch version 13.12.23.29994 (x32 Version: 13.12.23.29994 - ) Hidden
Radialpoint Security Advisor 2.5.19 (x32 Version: 2.5.19 - Radialpoint SafeCare Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
RPS CRT (x32 Version: 8.0.28 - Virgin Broadband) Hidden
RPS CRT (x32 Version: 9.0.34 - Virgin Media) Hidden
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Saints Row 2 (HKLM-x32\...\Steam App 9480) (Version:  - Volition)
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version:  - )
Samsung Mobile Modem Device Software (HKLM\...\Samsung Mobile Modem Device) (Version:  - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung New PC Studio USB Driver Installer (HKLM-x32\...\InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio USB Driver Installer (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Mobile Device Software (HKLM\...\SAMSUNG USB Mobile Device) (Version:  - )
SamsungConnectivityCableDriver (HKLM-x32\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
SanDiskSecureAccess_Manager.exe (HKCU\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19269 - Gemalto N.V.)
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Skins (x32 Version: 2009.0127.2137.38780 - ATI) Hidden
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Softonic for Windows (HKCU\...\Softonic for Windows) (Version: 1.5.11 - Softonic International S.L.)
sp44626 (HKLM-x32\...\sp44626) (Version:  - Hewlett-Packard)
SpeedItup Free 7.85 (HKLM-x32\...\SpeedItup Free_is1) (Version:  - SMicroSmarts LLC)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM-x32\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.3.5500.0 - Microsoft Corporation)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab (HKLM-x32\...\{1E99F5D7-4262-4C7C-9135-F066E7485811}) (Version: 4.1.14.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
The Official DSA Theory Test for Motorcyclists (x32 Version: 1.3.1 - Driving Standards Agency) Hidden
Toyota Touch & Go Toolbox (HKLM-x32\...\Toyota Touch & Go Toolbox) (Version: 3.2.0.19136 - NNG Llc.)
TuneUp Companion 2.4.6.4 (HKLM-x32\...\TuneUpMedia) (Version: 2.4.6.4 - TuneUp Media, Inc.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VIO Player version 1.0.1 (HKLM-x32\...\{C8A17598-7F89-41EA-9876-0F89DA0B24F1}_is1) (Version: 1.0.1 - VIO)
Virgin Media Digital Home Support 2.1.27 (HKLM-x32\...\RadialpointHomeSecurityDashboard_is1) (Version: 2.1.27 - Virgin Media)
Virgin Media Service Manager 4.1.16 (HKLM-x32\...\RadialpointClientGateway_is1) (Version: 4.1.16 - Virgin Media)
VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.7 - Vuze Inc.)
Windows Driver Package - Nokia pccsmcfd  (10/12/2007 6.85.4.0) (HKLM\...\BC15EA930074932BB2C4B4493C9FD4EA95087D1A) (Version: 10/12/2007 6.85.4.0 - Nokia)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XPort 360 (HKLM-x32\...\XPort 360_is1) (Version:  - )
 
==================== Restore Points  =========================
 
09-07-2014 07:41:41 Scheduled Checkpoint
09-07-2014 19:59:26 Windows Update
09-07-2014 22:11:37 Anvi CSB 3.3
10-07-2014 02:00:15 Windows Update
10-07-2014 07:13:22 Restore Operation
10-07-2014 16:17:29 avast! antivirus system restore point
12-07-2014 16:04:29 Checkpoint by HitmanPro
12-07-2014 16:05:59 Checkpoint by HitmanPro
12-07-2014 16:23:54 Checkpoint by HitmanPro
14-07-2014 17:30:07 Checkpoint by HitmanPro
 
==================== Hosts content: ==========================
 
2006-11-02 13:34 - 2014-03-02 05:00 - 00000863 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
54.225.95.126 cbaiddeoemldinncijanafifphajjppj
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {10DBD4C2-5678-409B-9A23-B789FD51125F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-10] (AVAST Software)
Task: {18F7DC92-4DD9-4600-B8FA-64F3BDEDDBFF} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {2926605F-2DE7-4ABC-9EE4-0129C0689107} - System32\Tasks\ASO-AutoCheckUpdate7Days => C:\Program Files (x86)\Advanced System Optimizer 3\CheckUpdate.exe [2013-03-05] (Systweak Software, (www.systweak.com))
Task: {29971E8D-F355-49D6-8592-366E70ED12FE} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {2CBAC12A-56EF-4BC2-A3BE-F5C1EBB91902} - \PC Optimizer Pro64 Scan No Task File <==== ATTENTION
Task: {2D26CF1C-8A18-4018-A9C4-6D9722E6AC80} - System32\Tasks\DriverBoost-RTMUpdater => C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe [2013-09-19] (PC Drivers Headquarters)
Task: {37B34DF6-713C-4E33-89F7-C42359F62875} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {4A60ECDA-474A-44E5-943C-2A73EDB3E7BF} - System32\Tasks\DriverBoost-RTMScan => C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe [2013-09-19] (PC Drivers Headquarters)
Task: {4CB3A53F-5E86-4891-9CCF-C1049339A5F9} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02] (PC-Doctor, Inc.)
Task: {5B14B091-B746-450E-9381-44EADB9DF995} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22] (Google Inc.)
Task: {5E26D1D8-340F-4491-979E-ABBBEC709AD9} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {6E005214-0A5F-4CEA-B113-C73FD5C9B303} - System32\Tasks\DriverBoost-RTMScanRunOnce => C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe [2013-09-19] (PC Drivers Headquarters)
Task: {77153E3E-B308-46B3-89BD-89A67BDBBD96} - System32\Tasks\BearShareNAG => C:\Users\Jeana\AppData\Local\Temp\BearShare_setup.exe [2010-12-24] (Musiclab, LLC                                                                                                                                                                                                                                                                                               ) <==== ATTENTION
Task: {7AD003E0-9554-4CE0-B46C-3DB6BEF42D4B} - \DTReg No Task File <==== ATTENTION
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {81F611DE-A4D8-4684-B03E-A38B74E04DD9} - \PC Optimizer Pro Updates No Task File <==== ATTENTION
Task: {825B83DB-FD5C-4EE7-9895-46CD041560A9} - System32\Tasks\ASO-OneClickCare => C:\Program Files (x86)\Advanced System Optimizer 3\ASO3.exe [2013-03-05] (Systweak Software, (www.systweak.com))
Task: {89AC8A94-EDE5-488B-9F03-719D64AF2AD6} - System32\Tasks\Playtopus Updater => Rundll32.exe C:\Users\Charlie\AppData\Local\PLAYTO~1\Updater.dll,ProcessRequest <==== ATTENTION
Task: {8AAF17DC-D455-4B44-8F96-2FF4CB304D9B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {912A7CAD-A1BC-4501-86EC-C836EDF89ED6} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)
Task: {94D0CC01-A7E8-4688-B6AB-98593517F387} - System32\Tasks\RecoveryCD => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2009-03-26] ()
Task: {9FBB9259-29A6-49BA-9E97-A35BBC51A553} - \PCHelpers_period No Task File <==== ATTENTION
Task: {A87E10FA-07E1-4128-AC63-8B8FA003D8E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22] (Google Inc.)
Task: {B5A0558C-EEB5-4F90-890A-CB49310A89CC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D3BFA12C-E665-418A-978A-5A8B0AF3AF95} - \PCHelpers1st No Task File <==== ATTENTION
Task: {D8F3791A-7251-46F7-B58E-0DB2CA4165B0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {DBEBE0AF-0513-4357-9F8A-6FDF2DAFA55C} - System32\Tasks\DriverBoost-RTMRules => C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe [2013-09-19] (PC Drivers Headquarters)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ASO-AutoCheckUpdate7Days.job => C:\Program Files (x86)\Advanced System Optimizer 3\CheckUpdate.exe
Task: C:\Windows\Tasks\ASO-OneClickCare.job => C:\Program Files (x86)\Advanced System Optimizer 3\ASO3.exe
Task: C:\Windows\Tasks\BearShareNAG.job => C:\Users\Jeana\AppData\Local\Temp\BearShare_setup.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe
Task: C:\Windows\Tasks\Playtopus Updater.job => C:\Users\Charlie\AppData\Local\PLAYTO~1\Updater.dll <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2009-11-05 21:00 - 2010-06-28 22:05 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-03-10 22:32 - 2010-03-10 22:32 - 00026112 _____ () C:\Windows\system32\atitmp64.dll
2009-02-06 13:11 - 2009-02-06 13:11 - 00172032 _____ () C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
2009-02-06 13:11 - 2009-02-06 13:11 - 00385024 _____ () C:\Program Files\Hewlett-Packard\HP Remote\Common.dll
2011-07-29 00:08 - 2011-07-29 00:08 - 01259376 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2009-02-06 13:11 - 2009-02-06 13:11 - 00151552 _____ () C:\Program Files\Hewlett-Packard\HP Remote\MCStateSink.dll
2009-06-11 16:07 - 2009-06-11 16:07 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-11-25 10:19 - 2008-11-25 10:19 - 01193472 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\wbocx.ocx
2008-12-10 15:32 - 2008-12-10 15:32 - 00020480 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-07-10 17:20 - 2014-07-10 17:20 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-14 08:04 - 2014-07-14 08:04 - 02792960 _____ () C:\Program Files\AVAST Software\Avast\defs\14071400\algo.dll
2014-07-14 19:07 - 2014-07-14 19:07 - 02792960 _____ () C:\Program Files\AVAST Software\Avast\defs\14071401\algo.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 01135616 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00656896 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00105472 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMCDP.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00098816 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\FolderCDP.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00077312 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00520234 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\sqlite3.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00450560 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 05717504 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00029184 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00147456 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoThumb.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 04671488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00070656 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00686080 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00152064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00027648 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00063488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ID3Driver.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00366592 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\tag.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00289792 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libThumbnail.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00023040 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00133120 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00290304 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\photoDriver.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00399826 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00013824 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\TextExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00031232 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\Autobackup.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00054784 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00044032 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\us.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-08-05 11:25 - 2009-08-05 11:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-08-05 11:26 - 2009-08-05 11:26 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2011-06-29 09:54 - 2011-06-29 09:56 - 11483264 _____ () C:\Users\Dad\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
2013-08-01 19:47 - 2013-03-05 16:47 - 00325928 _____ () C:\Program Files (x86)\Advanced System Optimizer 3\asohtm.dll
2008-03-25 14:45 - 2008-03-25 14:45 - 00111888 _____ () C:\Program Files (x86)\Pinnacle\Shared Files\Programs\StrmServer\UPnPStreamingDevice.dll
2009-04-09 23:22 - 2009-04-09 23:22 - 00906536 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2011-07-29 00:09 - 2011-07-29 00:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-07-10 17:20 - 2014-07-10 17:20 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-04 09:38 - 2014-03-02 03:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-04 09:38 - 2014-03-02 03:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-04 09:38 - 2014-03-02 03:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-04 09:38 - 2014-03-02 03:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
2014-03-04 09:38 - 2014-03-02 03:35 - 13632840 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
2014-01-17 12:08 - 2014-01-17 12:08 - 04591616 _____ () C:\Users\Dad\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll
2014-01-17 12:08 - 2014-01-17 12:08 - 00112128 _____ () C:\Users\Dad\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\Users\Dad\Downloads\FW Delivery Status Notification (Failure).eml:OECustomProperty
AlternateDataStreams: C:\Users\Dad\Downloads\No Subject (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Dad\Downloads\No Subject.eml:OECustomProperty
AlternateDataStreams: C:\Users\Dad\Downloads\Re Fwd Confirmation of hours (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Dad\Downloads\Re Fwd Confirmation of hours.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jeana\Downloads\FW Where are they now..re Anthony Cope.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jeana\Downloads\No Subject.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ServicepointService => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/14/2014 06:44:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/14/2014 06:32:13 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error RegSetValueExW(0x00000200,(null),0,REG_BINARY,0000000002D3E700.72).  hr = 0x80070005.
 
Error: (07/14/2014 06:32:13 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error RegSetValueExW(0x00000be0,(null),0,REG_BINARY,000000000B05D240.72).  hr = 0x80070005.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {19366862-b659-44e5-8d42-e48b109bf0cb}
 
Error: (07/14/2014 06:32:13 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error RegSetValueExW(0x0000029c,(null),0,REG_BINARY,0000000004A2D8B0.72).  hr = 0x80070005.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3579981b-d865-4d5d-8978-238854b38844}
 
Error: (07/14/2014 06:32:13 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error RegSetValueExW(0x00000210,(null),0,REG_BINARY,00000000042BDEA0.72).  hr = 0x80070005.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {d28fa085-f627-4281-ad43-71fefffc1859}
 
Error: (07/14/2014 06:32:13 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error RegSetValueExW(0x00000820,(null),0,REG_BINARY,00000000071FD790.72).  hr = 0x80070005.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {d55795d7-37a0-466b-b9c3-1cd0fc9c0523}
 
Error: (07/14/2014 06:32:13 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error RegSetValueExW(0x0000022c,(null),0,REG_BINARY,0000000003B5E420.72).  hr = 0x80070005.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {1853b123-ef69-422d-8474-0732d68b9085}
 
Error: (07/14/2014 06:32:13 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error RegSetValueExW(0x0000029c,(null),0,REG_BINARY,0000000004A2D8B0.72).  hr = 0x80070005.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3579981b-d865-4d5d-8978-238854b38844}
 
Error: (07/14/2014 06:32:13 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error RegSetValueExW(0x00000228,(null),0,REG_BINARY,0000000002B8E3B0.72).  hr = 0x80070005.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {2fbd2a1c-7065-4260-b9b3-5927e03654c7}
 
Error: (07/14/2014 06:32:13 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error RegSetValueExW(0x00000210,(null),0,REG_BINARY,00000000042BDEA0.72).  hr = 0x80070005.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {d28fa085-f627-4281-ad43-71fefffc1859}
 
 
System errors:
=============
Error: (07/14/2014 06:44:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
 
Error: (07/14/2014 06:08:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
 
Error: (07/14/2014 01:25:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
 
Error: (07/14/2014 08:05:59 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000WPDBusEnum
 
Error: (07/14/2014 08:05:59 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
 
Error: (07/13/2014 06:49:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
 
Error: (07/12/2014 09:38:16 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWDescription%%5
 
Error: (07/12/2014 09:38:16 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5
 
Error: (07/12/2014 09:38:16 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWDescription%%5
 
Error: (07/12/2014 09:38:16 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-14 19:06:18.990
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-14 19:06:18.451
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-14 19:06:17.956
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-14 19:06:17.433
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-14 19:06:16.741
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-14 19:06:16.263
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-14 19:06:15.793
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-14 19:06:15.294
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-14 19:05:28.762
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-14 19:05:28.180
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 66%
Total physical RAM: 4093.58 MB
Available physical RAM: 1361.47 MB
Total Pagefile: 8408.19 MB
Available Pagefile: 4942.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:450.7 GB) (Free:151.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:15.06 GB) (Free:1.78 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Welcome to the forum.

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Please run a Quick Scan with Malwarebytes

For Malwarebytes ver: 1.75

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Hi Mr C

 

Thank you for your help so far

 

This is the report created by RogueKiller

RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Dad [Admin rights]
Mode : Scan -- Date : 07/15/2014  18:45:43
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 14 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CB3FAE63-8593-4FAC-8638-306BEC15DE9D} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CB3FAE63-8593-4FAC-8638-306BEC15DE9D} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{CB3FAE63-8593-4FAC-8638-306BEC15DE9D} | DhcpNameServer : 194.168.4.100 194.168.8.100  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3056196216-2092468813-2006533984-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3056196216-2092468813-2006533984-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3056196216-2092468813-2006533984-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3056196216-2092468813-2006533984-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 4 ¤¤¤
[suspicious.Path] BearShareNAG.job -- C:\Users\Jeana\AppData\Local\Temp\BearShare_setup.exe (NAGMETHOD=Schedule) -> FOUND
[suspicious.Path] Playtopus Updater.job -- C:\Windows\SysWOW64\rundll32.exe (C:\Users\Charlie\AppData\Local\PLAYTO~1\Updater.dll,ProcessRequest) -> FOUND
[suspicious.Path] \\BearShareNAG -- C:\Users\Jeana\AppData\Local\Temp\BearShare_setup.exe (NAGMETHOD=Schedule) -> FOUND
[suspicious.Path] \\Playtopus Updater -- C:\Windows\SysWOW64\rundll32.exe (C:\Users\Charlie\AppData\Local\PLAYTO~1\Updater.dll,ProcessRequest) -> FOUND
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 3 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] ::1             localhost
[C:\Windows\System32\drivers\etc\hosts] 54.225.95.126 cbaiddeoemldinncijanafifphajjppj
 
¤¤¤ Antirootkit : 133 (Driver: LOADED) ¤¤¤
[EAT:Addr] (explorer.exe) wdmaud.drv - DllCanUnloadNow : C:\Windows\system32\authui.dll @ 0x7fefa196650
[EAT:Addr] (explorer.exe) wdmaud.drv - DllGetClassObject : C:\Windows\system32\authui.dll @ 0x7fefa196664
[EAT:Addr] (explorer.exe) WINTRUST.dll - AddGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x7fefcd4bde8
[EAT:Addr] (explorer.exe) WINTRUST.dll - AttachWndProcA : C:\Windows\system32\DUser.dll @ 0x7fefcd60968
[EAT:Addr] (explorer.exe) WINTRUST.dll - AttachWndProcW : C:\Windows\system32\DUser.dll @ 0x7fefcd4a558
[EAT:Addr] (explorer.exe) WINTRUST.dll - AutoTrace : C:\Windows\system32\DUser.dll @ 0x7fefcd59360
[EAT:Addr] (explorer.exe) WINTRUST.dll - BeginTransition : C:\Windows\system32\DUser.dll @ 0x7fefcd60bdc
[EAT:Addr] (explorer.exe) WINTRUST.dll - BuildAnimation : C:\Windows\system32\DUser.dll @ 0x7fefcd4b9b8
[EAT:Addr] (explorer.exe) WINTRUST.dll - BuildDropTarget : C:\Windows\system32\DUser.dll @ 0x7fefcd59780
[EAT:Addr] (explorer.exe) WINTRUST.dll - BuildInterpolation : C:\Windows\system32\DUser.dll @ 0x7fefcd4b8d8
[EAT:Addr] (explorer.exe) WINTRUST.dll - CreateAction : C:\Windows\system32\DUser.dll @ 0x7fefcd4adf4
[EAT:Addr] (explorer.exe) WINTRUST.dll - CreateGadget : C:\Windows\system32\DUser.dll @ 0x7fefcd44840
[EAT:Addr] (explorer.exe) WINTRUST.dll - CreateTransition : C:\Windows\system32\DUser.dll @ 0x7fefcd60998
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserBuildGadget : C:\Windows\system32\DUser.dll @ 0x7fefcd60738
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserCastClass : C:\Windows\system32\DUser.dll @ 0x7fefcd60824
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserCastDirect : C:\Windows\system32\DUser.dll @ 0x7fefcd6089c
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserCastHandle : C:\Windows\system32\DUser.dll @ 0x7fefcd608dc
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserDeleteGadget : C:\Windows\system32\DUser.dll @ 0x7fefcd5ed30
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserFindClass : C:\Windows\system32\DUser.dll @ 0x7fefcd606c0
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserFlushDeferredMessages : C:\Windows\system32\DUser.dll @ 0x7fefcd4c844
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserFlushMessages : C:\Windows\system32\DUser.dll @ 0x7fefcd4c8b0
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserGetAlphaPRID : C:\Windows\system32\DUser.dll @ 0x7fefcd59cd0
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserGetGutsData : C:\Windows\system32\DUser.dll @ 0x7fefcd608f0
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserGetRectPRID : C:\Windows\system32\DUser.dll @ 0x7fefcd59ce0
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserGetRotatePRID : C:\Windows\system32\DUser.dll @ 0x7fefcd59cf0
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserGetScalePRID : C:\Windows\system32\DUser.dll @ 0x7fefcd59d00
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserInstanceOf : C:\Windows\system32\DUser.dll @ 0x7fefcd607a0
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserPostEvent : C:\Windows\system32\DUser.dll @ 0x7fefcd45fe0
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserPostMethod : C:\Windows\system32\DUser.dll @ 0x7fefcd5f8e0
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserRegisterGuts : C:\Windows\system32\DUser.dll @ 0x7fefcd4fb3c
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserRegisterStub : C:\Windows\system32\DUser.dll @ 0x7fefcd50660
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserRegisterSuper : C:\Windows\system32\DUser.dll @ 0x7fefcd51040
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserSendEvent : C:\Windows\system32\DUser.dll @ 0x7fefcd42370
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserSendMethod : C:\Windows\system32\DUser.dll @ 0x7fefcd5f804
[EAT:Addr] (explorer.exe) WINTRUST.dll - DUserStopAnimation : C:\Windows\system32\DUser.dll @ 0x7fefcd5a9f4
[EAT:Addr] (explorer.exe) WINTRUST.dll - DeleteHandle : C:\Windows\system32\DUser.dll @ 0x7fefcd43070
[EAT:Addr] (explorer.exe) WINTRUST.dll - DetachWndProc : C:\Windows\system32\DUser.dll @ 0x7fefcd41948
[EAT:Addr] (explorer.exe) WINTRUST.dll - DllMain : C:\Windows\system32\DUser.dll @ 0x7fefcd4ddf8
[EAT:Addr] (explorer.exe) WINTRUST.dll - DrawGadgetTree : C:\Windows\system32\DUser.dll @ 0x7fefcd605b4
[EAT:Addr] (explorer.exe) WINTRUST.dll - EndTransition : C:\Windows\system32\DUser.dll @ 0x7fefcd60d60
[EAT:Addr] (explorer.exe) WINTRUST.dll - EnumGadgets : C:\Windows\system32\DUser.dll @ 0x7fefcd60094
[EAT:Addr] (explorer.exe) WINTRUST.dll - FindGadgetFromPoint : C:\Windows\system32\DUser.dll @ 0x7fefcd46d80
[EAT:Addr] (explorer.exe) WINTRUST.dll - FindGadgetMessages : C:\Windows\system32\DUser.dll @ 0x7fefcd5fdb8
[EAT:Addr] (explorer.exe) WINTRUST.dll - FindStdColor : C:\Windows\system32\DUser.dll @ 0x7fefcd4a4a4
[EAT:Addr] (explorer.exe) WINTRUST.dll - FireGadgetMessages : C:\Windows\system32\DUser.dll @ 0x7fefcd5f9a0
[EAT:Addr] (explorer.exe) WINTRUST.dll - ForwardGadgetMessage : C:\Windows\system32\DUser.dll @ 0x7fefcd4d628
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x7fefcd60e24
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetDebug : C:\Windows\system32\DUser.dll @ 0x7fefcd593a0
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadget : C:\Windows\system32\DUser.dll @ 0x7fefcd603f8
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetAnimation : C:\Windows\system32\DUser.dll @ 0x7fefcd47154
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x7fefcd52f40
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x7fefcd5f4e0
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x7fefcd48d14
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x7fefcd604e0
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefcd471ec
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetRect : C:\Windows\system32\DUser.dll @ 0x7fefcd41dd0
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetRgn : C:\Windows\system32\DUser.dll @ 0x7fefcd44af0
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x7fefcd5f6dc
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x7fefcd5f2e4
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetScale : C:\Windows\system32\DUser.dll @ 0x7fefcd5f0e8
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetSize : C:\Windows\system32\DUser.dll @ 0x7fefcd601b4
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x7fefcd52c6c
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetGadgetTicket : C:\Windows\system32\DUser.dll @ 0x7fefcd454dc
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetMessageExA : C:\Windows\system32\DUser.dll @ 0x7fefcd533d0
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetMessageExW : C:\Windows\system32\DUser.dll @ 0x7fefcd5fae0
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdColorBrushF : C:\Windows\system32\DUser.dll @ 0x7fefcd60ff0
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdColorBrushI : C:\Windows\system32\DUser.dll @ 0x7fefcd41d10
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdColorF : C:\Windows\system32\DUser.dll @ 0x7fefcd60f7c
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdColorI : C:\Windows\system32\DUser.dll @ 0x7fefcd4daa4
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdColorName : C:\Windows\system32\DUser.dll @ 0x7fefcd612dc
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdColorPenF : C:\Windows\system32\DUser.dll @ 0x7fefcd6118c
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdColorPenI : C:\Windows\system32\DUser.dll @ 0x7fefcd610a4
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetStdPalette : C:\Windows\system32\DUser.dll @ 0x7fefcd61318
[EAT:Addr] (explorer.exe) WINTRUST.dll - GetTransitionInterface : C:\Windows\system32\DUser.dll @ 0x7fefcd60b18
[EAT:Addr] (explorer.exe) WINTRUST.dll - InitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x7fefcd5ebc4
[EAT:Addr] (explorer.exe) WINTRUST.dll - InitGadgets : C:\Windows\system32\DUser.dll @ 0x7fefcd491d0
[EAT:Addr] (explorer.exe) WINTRUST.dll - InvalidateGadget : C:\Windows\system32\DUser.dll @ 0x7fefcd42bb8
[EAT:Addr] (explorer.exe) WINTRUST.dll - IsGadgetParentChainStyle : C:\Windows\system32\DUser.dll @ 0x7fefcd5eec0
[EAT:Addr] (explorer.exe) WINTRUST.dll - IsInsideContext : C:\Windows\system32\DUser.dll @ 0x7fefcd5ee40
[EAT:Addr] (explorer.exe) WINTRUST.dll - IsStartDelete : C:\Windows\system32\DUser.dll @ 0x7fefcd4ba20
[EAT:Addr] (explorer.exe) WINTRUST.dll - LookupGadgetTicket : C:\Windows\system32\DUser.dll @ 0x7fefcd61610
[EAT:Addr] (explorer.exe) WINTRUST.dll - MapGadgetPoints : C:\Windows\system32\DUser.dll @ 0x7fefcd5426c
[EAT:Addr] (explorer.exe) WINTRUST.dll - PeekMessageExA : C:\Windows\system32\DUser.dll @ 0x7fefcd5fb78
[EAT:Addr] (explorer.exe) WINTRUST.dll - PeekMessageExW : C:\Windows\system32\DUser.dll @ 0x7fefcd5fc14
[EAT:Addr] (explorer.exe) WINTRUST.dll - PlayTransition : C:\Windows\system32\DUser.dll @ 0x7fefcd60a44
[EAT:Addr] (explorer.exe) WINTRUST.dll - PrintTransition : C:\Windows\system32\DUser.dll @ 0x7fefcd60ca0
[EAT:Addr] (explorer.exe) WINTRUST.dll - RegisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x7fefcd4e49c
[EAT:Addr] (explorer.exe) WINTRUST.dll - RegisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x7fefcd5fd90
[EAT:Addr] (explorer.exe) WINTRUST.dll - RegisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefcd4e654
[EAT:Addr] (explorer.exe) WINTRUST.dll - RemoveGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x7fefcd5fecc
[EAT:Addr] (explorer.exe) WINTRUST.dll - RemoveGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefcd4b5b0
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x7fefcd60ed4
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x7fefcd5264c
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x7fefcd5f5d8
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetFillF : C:\Windows\system32\DUser.dll @ 0x7fefcd5eff4
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetFillI : C:\Windows\system32\DUser.dll @ 0x7fefcd51f50
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x7fefcd48dec
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetFocusEx : C:\Windows\system32\DUser.dll @ 0x7fefcd4d784
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x7fefcd45348
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetOrder : C:\Windows\system32\DUser.dll @ 0x7fefcd602a4
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetParent : C:\Windows\system32\DUser.dll @ 0x7fefcd44d20
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefcd4bad0
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetRect : C:\Windows\system32\DUser.dll @ 0x7fefcd44980
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x7fefcd499d8
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x7fefcd5f3ec
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetScale : C:\Windows\system32\DUser.dll @ 0x7fefcd5f1e0
[EAT:Addr] (explorer.exe) WINTRUST.dll - SetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x7fefcd44390
[EAT:Addr] (explorer.exe) WINTRUST.dll - UninitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x7fefcd5ec78
[EAT:Addr] (explorer.exe) WINTRUST.dll - UnregisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x7fefcd5fcfc
[EAT:Addr] (explorer.exe) WINTRUST.dll - UnregisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x7fefcd5fd90
[EAT:Addr] (explorer.exe) WINTRUST.dll - UnregisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefcd6000c
[EAT:Addr] (explorer.exe) WINTRUST.dll - UtilBuildFont : C:\Windows\system32\DUser.dll @ 0x7fefcd61380
[EAT:Addr] (explorer.exe) WINTRUST.dll - UtilDrawBlendRect : C:\Windows\system32\DUser.dll @ 0x7fefcd61528
[EAT:Addr] (explorer.exe) WINTRUST.dll - UtilDrawOutlineRect : C:\Windows\system32\DUser.dll @ 0x7fefcd6154c
[EAT:Addr] (explorer.exe) WINTRUST.dll - UtilGetColor : C:\Windows\system32\DUser.dll @ 0x7fefcd61558
[EAT:Addr] (explorer.exe) WINTRUST.dll - UtilSetBackground : C:\Windows\system32\DUser.dll @ 0x7fefcd61324
[EAT:Addr] (explorer.exe) WINTRUST.dll - WaitMessageEx : C:\Windows\system32\DUser.dll @ 0x7fefcd5fcac
[EAT:Addr] (explorer.exe) AltTab.dll - EapHostPeerBeginSession : C:\Windows\system32\eappprxy.dll @ 0x7fefc7a2c68
[EAT:Addr] (explorer.exe) AltTab.dll - EapHostPeerClearConnection : C:\Windows\system32\eappprxy.dll @ 0x7fefc7a4a54
[EAT:Addr] (explorer.exe) AltTab.dll - EapHostPeerEndSession : C:\Windows\system32\eappprxy.dll @ 0x7fefc7a4918
[EAT:Addr] (explorer.exe) AltTab.dll - EapHostPeerFreeEapError : C:\Windows\system32\eappprxy.dll @ 0x7fefc7a4c9c
[EAT:Addr] (explorer.exe) AltTab.dll - EapHostPeerFreeRuntimeMemory : C:\Windows\system32\eappprxy.dll @ 0x7fefc7a4ce0
[EAT:Addr] (explorer.exe) AltTab.dll - EapHostPeerGetAuthStatus : C:\Windows\system32\eappprxy.dll @ 0x7fefc7a466c
[EAT:Addr] (explorer.exe) AltTab.dll - EapHostPeerGetIdentity : C:\Windows\system32\eappprxy.dll @ 0x7fefc7a3368
[EAT:Addr] (explorer.exe) AltTab.dll - EapHostPeerGetResponseAttributes : C:\Windows\system32\eappprxy.dll @ 0x7fefc7a4260
[EAT:Addr] (explorer.exe) AltTab.dll - EapHostPeerGetResult : C:\Windows\system32\eappprxy.dll @ 0x7fefc7a3b98
[EAT:Addr] (explorer.exe) AltTab.dll - EapHostPeerGetSendPacket : C:\Windows\system32\eappprxy.dll @ 0x7fefc7a38fc
[EAT:Addr] (explorer.exe) AltTab.dll - EapHostPeerGetUIContext : C:\Windows\system32\eappprxy.dll @ 0x7fefc7a3e54
[EAT:Addr] (explorer.exe) AltTab.dll - EapHostPeerInitialize : C:\Windows\system32\eappprxy.dll @ 0x7fefc7a2c3c
[EAT:Addr] (explorer.exe) AltTab.dll - EapHostPeerProcessReceivedPacket : C:\Windows\system32\eappprxy.dll @ 0x7fefc7a3790
[EAT:Addr] (explorer.exe) AltTab.dll - EapHostPeerSetResponseAttributes : C:\Windows\system32\eappprxy.dll @ 0x7fefc7a4500
[EAT:Addr] (explorer.exe) AltTab.dll - EapHostPeerSetUIContext : C:\Windows\system32\eappprxy.dll @ 0x7fefc7a40f0
[EAT:Addr] (explorer.exe) AltTab.dll - EapHostPeerUninitialize : C:\Windows\system32\eappprxy.dll @ 0x7fefc7a2c54
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST350041 8AS SCSI Disk Device +++++
--- User ---
[MBR] 25d0cc5ff9dc7d66502d2afbbc7a165f
[bSP] cbe1a3892920c024e3e7b9efc684338e : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 461515 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 945184275 | Size: 15421 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
Link to post
Share on other sites

Make sure you have created a restore point and.....
bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ------------------------

    Please go to the link below, download and run Fixit:
    http://support.microsoft.com/kb/972034 <---reset host file fixit

    -------------------------

    Please uninstall MediaBar from your add/remove programs if possible

    --------------------------

    Clean out temp files:

    Download TFC from here and save it to your desktop.
    http://oldtimer.geekstogo.com/TFC.exe
    http://www.bleepingcomputer.com/download/tfc/dl/92/
    Close any open programs and Internet browsers.
    Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
    Please be patient as clearing out temp files may take a while.
    Once it completes you may be prompted to restart your computer, please do so.
    Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

    ---------------------------

    Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
    Run FRST.exe/FRST64.exe and click Fix only once and wait
    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

    -------------------------

    Please download AdwCleaner from HERE or HERE to your desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
    Next..................

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Next.........

    If you're using Malwarebytes 2.0, please run a Threat Scan
    Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
    Same for PUM (Potentially Unwanted Modifications)
    Quarantine All that's found

    MrC
Link to post
Share on other sites

Hi Mr C

 

I'm having difficulty with this part

 

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
Run FRST.exe/FRST64.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

 

not sure i understand what you mean. I have tried but it says its not in the same directory

Link to post
Share on other sites

It looks like FRST64.exe is located in your downloads folder:
C:\Users\Dad\Downloads\FRST64.exe

I suggest you right click on it and choose Cut
Now right click on an empty spot on your desktop and choose Paste.

Do the same for the fixlist.txt

Now they will be in the same folder.

MrC

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.