Jump to content

need help with removing malware.


Recommended Posts

i have tried junkware removal tool,adware cleaner, eset nod,hitmanpro and malware byte. i still can't get rid of this malware. it's some type of malware that makes about 20-30 dllhost.exe show up in taskmngr and the computer and internet go slow. it also keeps making some virus called datamngr show up. i used malware bytes a couple days ago after eset and hitman pro both failed,and i thought it got rid of it,but nope. so i tried malware bytes again,and now it keeps getting stuck on heuristic analysis so i can't even use malware bytes now. please help

Link to post
Share on other sites

here are my farbar recovery logs and addition logs:

 

Farbar:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Victoria (administrator) on VICTORIA-PC on 15-09-2014 21:49:48
Running from C:\Users\Victoria\Desktop\New folder (7)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
( ) C:\Windows\System32\lxddcoms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
() C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PC Drivers Headquarters) C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
() C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
() C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Mine) C:\ProgramData\Windows Genuine Advantage\{838DDB36-BAB4-47D1-9508-78FA20CB9780}\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Victoria\Desktop\New folder (7)\FRST64 (2).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [lxddmon.exe] => C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe [291496 2009-04-27] ()
HKLM\...\Run: [lxddamon] => C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe [25256 2009-04-27] ()
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe [1023104 2013-02-06] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe [801920 2013-02-06] (Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671640 1999-12-31] (Realtek Semiconductor)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [560128 2011-09-26] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-2698232268-2154043033-3228781758-1000\...\Run: [DriverBoost] => C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe [3979632 2013-10-24] (PC Drivers Headquarters)
HKU\S-1-5-21-2698232268-2154043033-3228781758-1000\...\Run: [.tluafed** <*>] => C:\Users\Victoria\Application Data\{00007DD8-641C-73CB-7D97-6695673F7C6A}.ex <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2698232268-2154043033-3228781758-1000\...\Run: [Loumkeobosude] => "C:\Users\Victoria\AppData\Roaming\Emnaky\igyqow.exe"
HKU\S-1-5-21-2698232268-2154043033-3228781758-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_38_ActiveX.exe [840072 2014-01-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-2698232268-2154043033-3228781758-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-21-2698232268-2154043033-3228781758-501\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-29] (Google Inc.)
HKU\S-1-5-21-2698232268-2154043033-3228781758-501\...\Run: [EPSON NX410 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCA.EXE [223232 2008-10-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2698232268-2154043033-3228781758-501\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272624 2013-02-05] (Microsoft Corporation)
HKU\S-1-5-21-2698232268-2154043033-3228781758-501\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [4527424 2011-08-17] (DT Soft Ltd)
HKU\S-1-5-21-2698232268-2154043033-3228781758-501\...\Run: [DriverFinder] => C:\Program Files (x86)\DriverFinder\DriverFinder.exe [7151816 2011-07-18] ()
HKU\S-1-5-21-2698232268-2154043033-3228781758-501\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563096 2014-01-03] (SUPERAntiSpyware)
HKU\S-1-5-21-2698232268-2154043033-3228781758-501\...\Run: [PC Speed Maximizer] => "C:\Program Files (x86)\PC Speed Maximizer\SPMStarter.exe"
HKU\S-1-5-21-2698232268-2154043033-3228781758-501\...\Run: [sPMTray] => "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
HKU\S-1-5-21-2698232268-2154043033-3228781758-501\...\Run: [Free Download Manager] => "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
HKU\S-1-5-21-2698232268-2154043033-3228781758-501\...\Run: [DownloadAccelerator] => C:\Program Files (x86)\DAP\DAP.EXE [3774680 2012-07-22] (Speedbit Ltd.)
HKU\S-1-5-21-2698232268-2154043033-3228781758-501\...\Run: [steam] => "C:\Program Files (x86)\Steam\Steam.exe" -silent
HKU\S-1-5-21-2698232268-2154043033-3228781758-501\...\Run: [DriverBoost] => C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe [3979632 2013-10-24] (PC Drivers Headquarters)
HKU\S-1-5-21-2698232268-2154043033-3228781758-501\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-29] (Google Inc.)
HKU\S-1-5-21-2698232268-2154043033-3228781758-501\...\MountPoints2: {a5b16509-4ed2-11e2-b331-842b2baf6f10} - I:\Install.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard..lnk
ShortcutTarget: NETGEAR WG111v2 Smart Wizard..lnk -> C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\TheGuest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
ShortcutTarget: start.lnk -> C:\Users\Victoria\31ifp7kidvc849\ozds.vbs ()
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKCU - Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {3B240033-DC49-4933-8B91-D9D2EA8C3D99} URL = 
SearchScopes: HKCU - {CC7EA43B-A8BD-43C4-AFDB-260AD0A8FD6E} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=599486&p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: FreePriceAlerts -> {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} -> C:\Program Files (x86)\FreePriceAlerts\win64\vbobho.dll No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Ad Nuker -> {459CAF0F-CA9F-4d69-A1A9-B0699D07AB8A} -> C:\Windows\SysWow64\NukerBand.dll ()
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll (Speedbit Ltd.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Ad Nuker - {459CAF0F-CA9F-4d69-A1A9-B0699D07AB8A} - C:\Windows\SysWow64\NukerBand.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\pslr2j3b.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\pslr2j3b.default\searchplugins\yahoo_ff.xml
FF Extension: ClipConverter Desktop - C:\Users\Victoria\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\desktop@clipconverter.cc.xpi [2013-10-20]
FF Extension: Ziftr Alerts - formerly FreePriceAlerts.com - C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\pslr2j3b.default\Extensions\extension@freepricealerts.com [2013-06-01]
FF Extension: SaveSense - C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\pslr2j3b.default\Extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b} [2014-02-03]
FF Extension: DownTango Launcher - C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\pslr2j3b.default\Extensions\{411beae9-8c58-477c-8903-201536f61512} [2012-12-01]
FF Extension: Universal Downloader - C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\pslr2j3b.default\Extensions\{9051303c-7e41-4311-a783-d6fe5ef2832d}.xpi [2013-04-04]
FF Extension: Adblock Plus - C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\pslr2j3b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-20]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker [2012-07-22]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-30]
FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox
FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files (x86)\DAP\DAPFireFox [2012-07-22]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> AF95F7E612630FA95B465DC5ACD3D91476418306986A906DF7DECEFA9F0F19F4
CHR DefaultSearchURL: Default -> 33E9012285D7C5E5480B8D3AB8D6AD2BE038570B16B498E5E25BE1A7B9B6E202
CHR Profile: C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-03]
CHR Extension: (Google Drive) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-03]
CHR Extension: (DAP Link Checker) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh [2013-08-13]
CHR Extension: (Adblock Plus) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-08-13]
CHR Extension: (Google Search) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-03]
CHR Extension: (Video Downloader professional) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-01-03]
CHR Extension: (Download Accelerator Plus (DAP)) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2013-08-13]
CHR Extension: (RealPlayer Downloader) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-25]
CHR Extension: (FVD Downloader) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-07-06]
CHR Extension: (Google Wallet) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-03]
CHR Profile: C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (No Name) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd [2012-12-08]
CHR Extension: (No Name) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2012-07-22]
CHR Extension: (No Name) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg [2012-12-08]
CHR Extension: (No Name) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2013-02-02]
CHR Extension: (No Name) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ngifmmghggmgbhdohdfjpaklhflocdad [2013-01-02]
CHR HKLM\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_adk-c1_1_0.crx [2012-04-11]
CHR HKLM-x32\...\Chrome\Extension: [bodfdknjhecmadheclfjkhhiofeagdbh] - C:\Program Files (x86)\DAP\daplinkchecker.crx [2012-07-22]
CHR HKLM-x32\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx [2012-07-22]
CHR HKLM-x32\...\Chrome\Extension: [gladcbhcbkdeddbidiblppadjdjalidb] - C:\Program Files (x86)\DownTangoFTToolbar\chrome\DownTangoFTToolbar.crx [2012-07-22]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-10-11] (SUPERAntiSpyware.com) [File not signed]
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
S3 BRSptSvc; C:\programdata\bitraider\BRSptSvc.exe [938776 2013-05-18] (BitRaider, LLC)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-07-04] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-07-04] (BlueStack Systems, Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 lxdd_device; C:\Windows\system32\lxddcoms.exe [567216 2007-05-25] ( )
R2 lxdd_device; C:\Windows\SysWOW64\lxddcoms.exe [537520 2007-05-25] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [158832 2011-03-13] (McAfee, Inc.)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32568 2014-05-02] (The OpenVPN Project)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-07-31] (IBM Corp.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-06-30] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-10] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed]
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-04-22] (Atheros) [File not signed]
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2013-03-24] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 BRDriver64; C:\programdata\bitraider\BRDriver64.sys [74024 2013-04-25] (BitRaider)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-07-04] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2011-10-15] (DT Soft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-09-15] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2013-03-24] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
U4 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [156792 2011-03-13] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [639216 2011-03-13] (McAfee, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\npf.sys [32512 2005-08-02] (CACE Technologies) [File not signed]
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R1 RapportCerberus_80049; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80049.sys [768184 2014-09-02] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [444184 2014-07-31] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [536984 2014-07-31] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [562136 2014-07-31] (IBM Corp.)
R3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [450048 2010-04-06] (NETGEAR Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-11] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-09-09] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-03-19] (Anchorfree Inc.)
R3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2013-05-28] (Spotflux, Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 HWiNFO32; \??\C:\Users\Victoria\AppData\Local\Temp\HWiNFO64A.SYS [X]
S3 RTHDMIAzAudService; system32\drivers\RtHDMIVX.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 21:37 - 2014-09-15 21:37 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-15 20:47 - 2014-09-15 20:47 - 02105856 _____ (Farbar) C:\Users\Victoria\Downloads\FRST64 (2).exe
2014-09-15 20:38 - 2014-09-15 21:49 - 00000000 ____D () C:\Users\Victoria\Desktop\New folder (7)
2014-09-15 20:36 - 2014-09-15 20:36 - 02105856 _____ (Farbar) C:\Users\Victoria\Downloads\FRST64 (1).exe
2014-09-15 20:18 - 2014-09-15 20:18 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-09-15 20:17 - 2014-09-15 20:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-15 20:17 - 2014-09-15 20:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-15 20:17 - 2014-09-15 20:17 - 00001357 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-15 20:17 - 2014-09-15 20:17 - 00001345 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-15 20:17 - 2014-09-15 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-15 20:17 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-09-15 20:14 - 2014-09-15 20:16 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Victoria\Downloads\spybot-2.4.exe
2014-09-15 20:03 - 2014-09-15 21:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 20:03 - 2014-09-15 20:03 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-15 20:03 - 2014-09-15 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-15 20:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-15 20:03 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-15 20:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-15 20:02 - 2014-09-15 20:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-15 20:00 - 2014-09-15 20:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Victoria\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-09-15 19:58 - 2014-09-15 19:58 - 00003246 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2698232268-2154043033-3228781758-1000
2014-09-15 19:57 - 2014-09-15 19:57 - 00003374 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2698232268-2154043033-3228781758-1000
2014-09-15 19:45 - 2014-09-15 20:37 - 00083374 _____ () C:\Users\Victoria\Downloads\FRST.txt
2014-09-15 19:44 - 2014-09-15 21:49 - 00000000 ____D () C:\FRST
2014-09-15 19:43 - 2014-09-15 19:44 - 02105856 _____ (Farbar) C:\Users\Victoria\Downloads\FRST64.exe
2014-09-15 19:06 - 2014-09-15 19:06 - 00000000 ____D () C:\Users\TheGuest\Desktop\Passwords
2014-09-15 18:39 - 2014-09-15 18:39 - 00189480 _____ () C:\Users\Victoria\Desktop\lol.rar
2014-09-15 18:34 - 2014-09-15 18:34 - 00000000 ____D () C:\Users\TheGuest\Desktop\Settings
2014-09-15 18:34 - 2014-09-15 18:34 - 00000000 ____D () C:\Users\TheGuest\Desktop\Plugins
2014-09-15 18:33 - 2014-09-15 18:33 - 00085504 _____ () C:\Users\TheGuest\Desktop\PluginCompiler.exe
2014-09-15 18:33 - 2014-09-15 18:33 - 00018432 _____ () C:\Users\TheGuest\Desktop\ServerPlugin.dll
2014-09-15 18:33 - 2014-09-15 18:33 - 00016384 _____ () C:\Users\TheGuest\Desktop\ClientPlugin.dll
2014-09-15 18:33 - 2014-09-15 18:33 - 00009216 _____ () C:\Users\TheGuest\Desktop\LZLoader.dll
2014-09-15 18:33 - 2014-09-15 18:33 - 00000229 _____ () C:\Users\TheGuest\Desktop\Readme.txt
2014-09-15 18:33 - 2014-09-15 18:33 - 00000030 _____ () C:\Users\TheGuest\Desktop\8C1A0000.log
2014-09-15 18:33 - 2014-09-15 18:33 - 00000000 ____D () C:\Users\TheGuest\Desktop\Resources
2014-09-15 18:30 - 2014-09-15 18:30 - 00000000 ____D () C:\Users\TheGuest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
2014-09-15 18:30 - 2014-09-15 18:30 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\Vitalwerks
2014-09-15 18:29 - 2014-09-15 18:29 - 00000000 __SHD () C:\Users\TheGuest\AppData\Roaming\Eziriz
2014-09-15 18:17 - 2014-09-15 18:17 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\ESET
2014-09-15 17:09 - 2014-09-15 17:09 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-09-15 16:00 - 2014-09-15 15:59 - 00000962 _____ () C:\Users\Victoria\Desktop\JRT.txt
2014-09-15 15:34 - 2014-09-15 15:36 - 01373475 _____ () C:\Users\Victoria\Downloads\AdwCleaner (1).exe
2014-09-15 15:10 - 2014-09-15 15:10 - 01016261 _____ (Thisisu) C:\Users\Victoria\Downloads\JRT (2).exe
2014-09-15 14:23 - 2014-09-15 19:10 - 00003352 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2698232268-2154043033-3228781758-1000
2014-09-15 14:23 - 2014-09-15 19:10 - 00003224 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2698232268-2154043033-3228781758-1000
2014-09-15 14:15 - 2014-09-15 14:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Victoria\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-09-14 22:24 - 2014-09-14 22:27 - 00007986 _____ () C:\Users\Victoria\Documents\Uninstall Dragon Age Origins.log
2014-09-14 13:49 - 2014-09-14 13:49 - 00000000 ____D () C:\Users\Victoria\AppData\Local\ESET
2014-09-14 12:30 - 2014-09-14 20:27 - 00000000 ____D () C:\Users\Victoria\AppData\Roaming\Emnaky
2014-09-14 12:27 - 2014-09-14 12:27 - 01696192 _____ (ESET) C:\Users\Victoria\Downloads\eset_nod32_antivirus_live_installer (2).exe
2014-09-14 12:26 - 2014-09-14 12:27 - 01696192 _____ (ESET) C:\Users\Victoria\Downloads\eset_nod32_antivirus_live_installer (1).exe
2014-09-14 12:25 - 2014-09-14 12:27 - 01696192 _____ (ESET) C:\Users\Victoria\Downloads\eset_nod32_antivirus_live_installer.exe
2014-09-14 03:49 - 2014-09-14 03:49 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-14 03:37 - 2014-09-14 03:38 - 02347384 _____ (ESET) C:\Users\Victoria\Desktop\esetsmartinstaller_enu.exe
2014-09-14 03:14 - 2014-09-15 17:07 - 00005074 _____ () C:\Windows\system32\.crusader
2014-09-14 02:23 - 2014-09-15 17:06 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-14 02:23 - 2014-09-14 02:24 - 11194928 _____ (SurfRight B.V.) C:\Users\Victoria\Downloads\HitmanPro_x64.exe
2014-09-14 02:22 - 2014-09-14 02:23 - 10280824 _____ (SurfRight B.V.) C:\Users\Victoria\Downloads\HitmanPro.exe
2014-09-14 01:30 - 2014-09-14 01:30 - 01373475 _____ () C:\Users\Victoria\Downloads\AdwCleaner.exe
2014-09-14 00:34 - 2014-09-14 00:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Victoria\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-14 00:15 - 2014-09-14 00:15 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Victoria\Downloads\mbam-clean-2.1.1.1001.exe
2014-09-13 20:46 - 2014-09-13 20:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Victoria\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-13 19:33 - 2014-09-15 04:12 - 00000000 ____D () C:\Users\Victoria\Desktop\lol
2014-09-13 18:51 - 2014-09-15 21:23 - 00000000 ____D () C:\Users\Victoria\Desktop\Bytes Protection
2014-09-13 15:22 - 2014-09-13 15:22 - 01016261 _____ (Thisisu) C:\Users\Victoria\Downloads\JRT (1).exe
2014-09-13 05:46 - 2014-09-13 05:46 - 00000000 ____D () C:\Users\Victoria\AppData\Roaming\Yxenpeb
2014-09-13 01:38 - 2014-09-13 01:53 - 00000000 ____D () C:\Users\Victoria\Desktop\9000+ Icon Pack
2014-09-13 00:58 - 2014-09-13 01:32 - 475068837 _____ () C:\Users\Victoria\Downloads\9000+ Icon Pack.rar
2014-09-11 05:48 - 2014-09-11 05:48 - 16487046 _____ () C:\Users\Victoria\Downloads\Protect your Bytes.rar
2014-09-10 18:29 - 2014-09-15 21:26 - 00000000 ____D () C:\Users\Victoria\Desktop\IM3
2014-09-10 16:46 - 2014-09-10 16:46 - 00007168 __RSH () C:\Users\Victoria\AppData\Roaming\{00007DD8-641C-73CB-7D97-6695673F7C6A}.exe
2014-09-10 15:24 - 2014-09-10 15:24 - 00323696 _____ (Dropbox, Inc.) C:\Users\Victoria\Downloads\DropboxInstaller (3).exe
2014-09-10 14:53 - 2014-09-10 14:53 - 01016261 _____ (Thisisu) C:\Users\Victoria\Downloads\JRT.exe
2014-09-10 14:53 - 2014-09-10 14:53 - 00000000 ____D () C:\Windows\ERUNT
2014-09-09 17:34 - 2014-09-09 17:34 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn Disc Burning Software.lnk
2014-09-09 17:34 - 2014-09-09 17:34 - 00001112 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2014-09-09 17:33 - 2014-09-09 17:33 - 01563200 _____ (NCH Software) C:\Users\Victoria\Downloads\debutsetup.exe
2014-09-09 17:33 - 2014-09-09 17:33 - 00001202 _____ () C:\Users\Public\Desktop\NCH Suite.lnk
2014-09-09 17:33 - 2014-09-09 17:33 - 00001076 _____ () C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2014-09-09 16:10 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-09 16:06 - 2014-09-15 16:06 - 00000000 ____D () C:\AdwCleaner
2014-09-09 16:06 - 2014-09-09 16:06 - 01370467 _____ () C:\Users\Victoria\Downloads\adwcleaner_3.309.exe
2014-09-07 17:41 - 2014-09-07 17:41 - 00000000 ____D () C:\Users\TheGuest\AppData\Roaming\WinRAR
2014-09-07 17:40 - 2014-09-14 17:21 - 00000000 ____D () C:\Users\TheGuest\Desktop\BC
2014-09-07 17:40 - 2014-09-07 17:40 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\WinZip
2014-09-07 17:38 - 2014-09-07 17:38 - 00000000 ____D () C:\Users\TheGuest\AppData\Roaming\Dell
2014-09-07 17:37 - 2014-09-07 17:37 - 00087632 _____ () C:\Users\TheGuest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-07 17:37 - 2014-09-07 17:37 - 00000000 ____D () C:\Users\TheGuest\AppData\Roaming\DAEMON Tools Pro
2014-09-07 17:37 - 2014-09-07 17:37 - 00000000 ____D () C:\Users\TheGuest\AppData\Roaming\ATI
2014-09-07 17:37 - 2014-09-07 17:37 - 00000000 ____D () C:\Users\TheGuest\AppData\Roaming\Atheros
2014-09-07 17:37 - 2014-09-07 17:37 - 00000000 ____D () C:\Users\TheGuest\AppData\Roaming\Apple Computer
2014-09-07 17:37 - 2014-09-07 17:37 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\Wondershare
2014-09-07 17:37 - 2014-09-07 17:37 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\Stardock_Corporation
2014-09-07 17:37 - 2014-09-07 17:37 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\ATI
2014-09-07 17:37 - 2014-09-07 17:37 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\antiphishing-vmninternethelper1_1dn
2014-09-07 17:37 - 2014-09-07 17:37 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\Adobe
2014-09-07 17:36 - 2014-09-07 17:37 - 00000000 ____D () C:\Users\TheGuest\AppData\Roaming\Real
2014-09-07 17:36 - 2014-09-07 17:37 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\VirtualStore
2014-09-07 17:36 - 2014-09-07 17:36 - 00001472 _____ () C:\Users\TheGuest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-07 17:36 - 2014-09-07 17:36 - 00000000 ____D () C:\Users\TheGuest\AppData\Roaming\Adobe
2014-09-07 17:36 - 2014-09-07 17:36 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\Google
2014-09-07 17:35 - 2014-09-15 18:07 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\SoftThinks
2014-09-07 17:35 - 2014-09-07 17:36 - 00000000 ____D () C:\Users\TheGuest
2014-09-07 17:35 - 2014-09-07 17:35 - 00000020 ___SH () C:\Users\TheGuest\ntuser.ini
2014-09-07 17:35 - 2014-04-17 03:21 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\Microsoft Help
2014-09-07 17:35 - 2013-05-18 08:51 - 00002066 _____ () C:\Users\TheGuest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-09-07 17:35 - 2011-09-26 18:09 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\Trusteer
2014-09-07 17:35 - 2011-07-05 17:11 - 00000000 ____D () C:\Users\TheGuest\AppData\Roaming\Trusteer
2014-09-07 17:35 - 2010-11-29 20:58 - 00000000 ____D () C:\Users\TheGuest\AppData\Roaming\Macromedia
2014-09-07 17:35 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\TheGuest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-07 17:35 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\TheGuest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-07 13:39 - 2014-09-07 13:39 - 00000000 ____D () C:\Users\Victoria\Desktop\Settings
2014-09-07 13:37 - 2014-09-10 21:18 - 00000467 _____ () C:\Users\Victoria\Desktop\8C1A0000.log
2014-09-07 13:37 - 2014-09-07 13:37 - 00009216 _____ () C:\Users\Victoria\Desktop\LZLoader.dll
2014-09-07 13:23 - 2014-09-15 19:54 - 00167374 _____ () C:\Windows\PFRO.log
2014-09-06 18:02 - 2014-09-06 18:02 - 00018432 _____ () C:\Users\Victoria\Downloads\ServerPlugin.dll
2014-09-06 18:02 - 2014-09-06 18:02 - 00000000 ____D () C:\Users\Victoria\Downloads\Plugins
2014-09-06 18:01 - 2014-09-06 18:01 - 00016384 _____ () C:\Users\Victoria\Downloads\ClientPlugin.dll
2014-09-06 15:02 - 2014-09-15 19:55 - 00000840 _____ () C:\Windows\setupact.log
2014-09-06 15:02 - 2014-09-06 15:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-03 14:58 - 2014-09-03 14:58 - 00000286 _____ () C:\Windows\wininit.ini
2014-09-02 21:58 - 2014-09-02 22:19 - 00000164 _____ () C:\Users\Victoria\Desktop\ss.txt
2014-09-01 16:23 - 2014-09-01 16:33 - 00000008 _____ () C:\Users\Victoria\Desktop\settings.bin
2014-09-01 16:22 - 2014-09-01 16:33 - 00004656 _____ () C:\Users\Victoria\Desktop\server.log
2014-09-01 16:22 - 2014-09-01 16:25 - 00001103 _____ () C:\Users\Victoria\Desktop\builder.log
2014-09-01 16:22 - 2014-09-01 16:23 - 00000112 _____ () C:\Users\Victoria\Desktop\plugins.bin
2014-09-01 16:22 - 2014-09-01 16:22 - 00000048 _____ () C:\Users\Victoria\Desktop\public.bin
2014-09-01 16:21 - 2014-09-07 13:38 - 00000000 ____D () C:\Users\Victoria\Desktop\Plugins
2014-09-01 16:21 - 2014-09-01 16:33 - 00000000 ____D () C:\Users\Victoria\Desktop\Databases
2014-09-01 16:20 - 2014-09-15 19:24 - 00000000 ____D () C:\Users\Victoria\Desktop\x86
2014-09-01 16:20 - 2014-09-07 13:37 - 00018432 _____ () C:\Users\Victoria\Desktop\ServerPlugin.dll
2014-09-01 16:20 - 2014-09-07 13:37 - 00016384 _____ () C:\Users\Victoria\Desktop\ClientPlugin.dll
2014-09-01 16:20 - 2014-09-07 13:37 - 00000000 ____D () C:\Users\Victoria\Desktop\Resources
2014-09-01 16:20 - 2014-09-01 16:20 - 00262144 _____ (http://system.data.sqlite.org/) C:\Users\Victoria\Desktop\System.Data.SQLite.dll
2014-09-01 16:20 - 2014-09-01 16:20 - 00026197 _____ () C:\Users\Victoria\Desktop\ServerPlugin.xml
2014-09-01 16:20 - 2014-09-01 16:20 - 00008366 _____ () C:\Users\Victoria\Desktop\ClientPlugin.xml
2014-09-01 16:20 - 2014-09-01 16:20 - 00000028 _____ () C:\Users\Victoria\Desktop\E8250000.log
2014-09-01 16:20 - 2014-09-01 16:20 - 00000000 ____D () C:\Users\Victoria\Desktop\x64
2014-09-01 15:32 - 2014-09-11 05:52 - 00000000 ____D () C:\Users\Victoria\Desktop\Data Protector V2
2014-08-31 19:24 - 2014-08-31 19:24 - 00000017 _____ () C:\Users\Victoria\Desktop\Password.txt
2014-08-31 18:56 - 2014-08-31 18:59 - 08536806 _____ () C:\Users\Victoria\Desktop\download.mp4
2014-08-31 18:47 - 2014-08-31 18:47 - 00160789 _____ () C:\Users\Victoria\Downloads\n-west-w-1776.zip
2014-08-31 17:37 - 2014-08-31 21:17 - 00000057 _____ () C:\Users\Victoria\Desktop\96380000.log
2014-08-29 17:13 - 2014-08-29 17:13 - 00000000 __SHD () C:\Users\Victoria\AppData\Roaming\Eziriz
2014-08-29 17:09 - 2014-08-29 17:09 - 00001530 _____ () C:\Users\Victoria\Desktop\info1.txt
2014-08-29 15:29 - 2014-08-29 15:47 - 00409600 _____ () C:\database.mdb
2014-08-29 15:29 - 2014-08-29 15:47 - 00000000 ____D () C:\Maps
2014-08-29 15:28 - 2014-08-29 15:28 - 00000000 ____D () C:\Users\Victoria\AppData\Local\IsolatedStorage
2014-08-29 14:53 - 2014-08-29 15:26 - 00000174 _____ () C:\Users\Victoria\Desktop\D4300000.log
2014-08-26 10:34 - 2014-09-15 21:31 - 00000376 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job
2014-08-26 10:34 - 2014-09-15 21:31 - 00000376 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job
2014-08-26 10:34 - 2014-08-26 10:34 - 00002670 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0814tb_rmv
2014-08-26 10:34 - 2014-08-26 10:34 - 00002668 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0814tb_rel
2014-08-26 10:34 - 2014-08-26 10:34 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-25 19:09 - 2014-09-14 03:14 - 00000000 ____D () C:\Users\Victoria\Desktop\Icon
2014-08-25 04:16 - 2014-08-25 04:16 - 00664064 _____ () C:\Users\Victoria\Downloads\VPN Installer (4).exe
2014-08-16 18:50 - 2014-09-15 15:06 - 00000000 _RSHD () C:\Users\Victoria\247r33h
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 21:49 - 2014-09-15 20:38 - 00000000 ____D () C:\Users\Victoria\Desktop\New folder (7)
2014-09-15 21:49 - 2014-09-15 19:44 - 00000000 ____D () C:\FRST
2014-09-15 21:44 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2014-09-15 21:37 - 2014-09-15 21:37 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-15 21:34 - 2014-09-15 18:13 - 00000000 ____D () C:\Users\TheGuest\AppData\Roaming\uTorrent
2014-09-15 21:32 - 2014-09-15 20:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 21:32 - 2010-11-29 20:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 21:31 - 2014-08-26 10:34 - 00000376 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job
2014-09-15 21:31 - 2014-08-26 10:34 - 00000376 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job
2014-09-15 21:31 - 2010-11-18 19:14 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-09-15 21:26 - 2014-09-10 18:29 - 00000000 ____D () C:\Users\Victoria\Desktop\IM3
2014-09-15 21:23 - 2014-09-13 18:51 - 00000000 ____D () C:\Users\Victoria\Desktop\Bytes Protection
2014-09-15 21:20 - 2012-04-11 21:38 - 00000000 ____D () C:\Program Files (x86)\Shop to Win 24
2014-09-15 21:19 - 2010-11-29 20:57 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 21:03 - 2012-04-29 15:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 20:58 - 2014-06-11 01:45 - 00000000 ____D () C:\Users\Victoria\Desktop\NetRevenue E-Book
2014-09-15 20:47 - 2014-09-15 20:47 - 02105856 _____ (Farbar) C:\Users\Victoria\Downloads\FRST64 (2).exe
2014-09-15 20:37 - 2014-09-15 19:45 - 00083374 _____ () C:\Users\Victoria\Downloads\FRST.txt
2014-09-15 20:36 - 2014-09-15 20:36 - 02105856 _____ (Farbar) C:\Users\Victoria\Downloads\FRST64 (1).exe
2014-09-15 20:22 - 2014-09-15 20:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-15 20:20 - 2014-09-15 20:17 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-15 20:18 - 2014-09-15 20:18 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-09-15 20:17 - 2014-09-15 20:17 - 00001357 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-15 20:17 - 2014-09-15 20:17 - 00001345 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-15 20:17 - 2014-09-15 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-15 20:16 - 2014-09-15 20:14 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Victoria\Downloads\spybot-2.4.exe
2014-09-15 20:16 - 2011-05-08 17:20 - 00000000 ____D () C:\Users\Victoria\AppData\Roaming\BitTorrent
2014-09-15 20:09 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 20:09 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 20:03 - 2014-09-15 20:03 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-15 20:03 - 2014-09-15 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-15 20:03 - 2014-09-15 20:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-15 20:02 - 2014-09-15 20:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Victoria\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-09-15 20:02 - 2012-05-04 16:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-15 20:02 - 2009-07-14 01:10 - 01902294 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 19:58 - 2014-09-15 19:58 - 00003246 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2698232268-2154043033-3228781758-1000
2014-09-15 19:57 - 2014-09-15 19:57 - 00003374 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2698232268-2154043033-3228781758-1000
2014-09-15 19:55 - 2014-09-06 15:02 - 00000840 _____ () C:\Windows\setupact.log
2014-09-15 19:55 - 2011-03-23 11:24 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-09-15 19:55 - 2010-11-18 19:35 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-09-15 19:55 - 2010-11-18 19:35 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-09-15 19:55 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 19:54 - 2014-09-07 13:23 - 00167374 _____ () C:\Windows\PFRO.log
2014-09-15 19:44 - 2014-09-15 19:43 - 02105856 _____ (Farbar) C:\Users\Victoria\Downloads\FRST64.exe
2014-09-15 19:29 - 2012-01-15 20:06 - 00000000 ____D () C:\Users\Victoria\AppData\Local\CrashDumps
2014-09-15 19:24 - 2014-09-01 16:20 - 00000000 ____D () C:\Users\Victoria\Desktop\x86
2014-09-15 19:10 - 2014-09-15 14:23 - 00003352 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2698232268-2154043033-3228781758-1000
2014-09-15 19:10 - 2014-09-15 14:23 - 00003224 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2698232268-2154043033-3228781758-1000
2014-09-15 19:06 - 2014-09-15 19:06 - 00000000 ____D () C:\Users\TheGuest\Desktop\Passwords
2014-09-15 18:39 - 2014-09-15 18:39 - 00189480 _____ () C:\Users\Victoria\Desktop\lol.rar
2014-09-15 18:34 - 2014-09-15 18:34 - 00000000 ____D () C:\Users\TheGuest\Desktop\Settings
2014-09-15 18:34 - 2014-09-15 18:34 - 00000000 ____D () C:\Users\TheGuest\Desktop\Plugins
2014-09-15 18:33 - 2014-09-15 18:33 - 00085504 _____ () C:\Users\TheGuest\Desktop\PluginCompiler.exe
2014-09-15 18:33 - 2014-09-15 18:33 - 00018432 _____ () C:\Users\TheGuest\Desktop\ServerPlugin.dll
2014-09-15 18:33 - 2014-09-15 18:33 - 00016384 _____ () C:\Users\TheGuest\Desktop\ClientPlugin.dll
2014-09-15 18:33 - 2014-09-15 18:33 - 00009216 _____ () C:\Users\TheGuest\Desktop\LZLoader.dll
2014-09-15 18:33 - 2014-09-15 18:33 - 00000229 _____ () C:\Users\TheGuest\Desktop\Readme.txt
2014-09-15 18:33 - 2014-09-15 18:33 - 00000030 _____ () C:\Users\TheGuest\Desktop\8C1A0000.log
2014-09-15 18:33 - 2014-09-15 18:33 - 00000000 ____D () C:\Users\TheGuest\Desktop\Resources
2014-09-15 18:30 - 2014-09-15 18:30 - 00000000 ____D () C:\Users\TheGuest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
2014-09-15 18:30 - 2014-09-15 18:30 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\Vitalwerks
2014-09-15 18:30 - 2014-04-12 17:11 - 00000000 ____D () C:\Program Files (x86)\No-IP
2014-09-15 18:29 - 2014-09-15 18:29 - 00000000 __SHD () C:\Users\TheGuest\AppData\Roaming\Eziriz
2014-09-15 18:17 - 2014-09-15 18:17 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\ESET
2014-09-15 18:07 - 2014-09-07 17:35 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\SoftThinks
2014-09-15 17:09 - 2014-09-15 17:09 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-09-15 17:09 - 2010-11-29 20:22 - 00000000 ____D () C:\Users\Victoria
2014-09-15 17:07 - 2014-09-14 03:14 - 00005074 _____ () C:\Windows\system32\.crusader
2014-09-15 17:06 - 2014-09-14 02:23 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-15 16:06 - 2014-09-09 16:06 - 00000000 ____D () C:\AdwCleaner
2014-09-15 16:00 - 2012-09-02 23:41 - 06098432 ___SH () C:\Users\Victoria\Downloads\Thumbs.db
2014-09-15 15:59 - 2014-09-15 16:00 - 00000962 _____ () C:\Users\Victoria\Desktop\JRT.txt
2014-09-15 15:36 - 2014-09-15 15:34 - 01373475 _____ () C:\Users\Victoria\Downloads\AdwCleaner (1).exe
2014-09-15 15:17 - 2013-05-21 21:19 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-09-15 15:10 - 2014-09-15 15:10 - 01016261 _____ (Thisisu) C:\Users\Victoria\Downloads\JRT (2).exe
2014-09-15 15:06 - 2014-08-16 18:50 - 00000000 _RSHD () C:\Users\Victoria\247r33h
2014-09-15 15:06 - 2014-08-12 17:28 - 00000000 _RSHD () C:\Users\Victoria\97b97kwoolvw8
2014-09-15 15:06 - 2014-08-11 17:47 - 00000000 _RSHD () C:\Users\Victoria\tn2t6v6dh6w
2014-09-15 15:06 - 2014-07-27 19:17 - 00000000 _RSHD () C:\Users\Victoria\31ifp7kidvc849
2014-09-15 15:06 - 2014-07-23 22:55 - 00000000 ____D () C:\Users\Victoria\mzs68wt9sws
2014-09-15 15:06 - 2014-04-25 05:59 - 00000000 _RSHD () C:\Users\Victoria\ocrplg4mntz5jm
2014-09-15 15:06 - 2012-04-11 23:54 - 00000000 ____D () C:\Program Files\PrivacySafeGuard
2014-09-15 14:16 - 2014-09-15 14:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Victoria\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-09-15 04:12 - 2014-09-13 19:33 - 00000000 ____D () C:\Users\Victoria\Desktop\lol
2014-09-15 02:00 - 2010-11-29 20:58 - 00000000 ____D () C:\Users\Victoria\AppData\Local\Adobe
2014-09-15 00:36 - 2013-10-06 14:35 - 00001057 _____ () C:\Users\Victoria\AppData\Roaming\vso_ts_preview.xml
2014-09-15 00:36 - 2013-10-05 16:21 - 00000000 ____D () C:\Users\Victoria\AppData\Roaming\Vso
2014-09-15 00:29 - 2009-07-13 23:20 - 00000000 __RSD () C:\Windows\Media
2014-09-14 22:29 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-14 22:28 - 2013-01-10 12:53 - 00000000 ____D () C:\Users\Victoria\Documents\WB Games
2014-09-14 22:27 - 2014-09-14 22:24 - 00007986 _____ () C:\Users\Victoria\Documents\Uninstall Dragon Age Origins.log
2014-09-14 22:27 - 2014-03-21 17:22 - 00000000 ____D () C:\ProgramData\BioWare
2014-09-14 22:27 - 2012-11-30 11:52 - 00000000 ____D () C:\Users\Victoria\Documents\BioWare
2014-09-14 22:12 - 2014-01-20 19:20 - 00000000 ____D () C:\Users\Victoria\AppData\Roaming\vlc
2014-09-14 20:27 - 2014-09-14 12:30 - 00000000 ____D () C:\Users\Victoria\AppData\Roaming\Emnaky
2014-09-14 19:35 - 2014-05-11 22:27 - 00000000 _RSHD () C:\Users\Victoria\r41uo3t1735784
2014-09-14 18:27 - 2014-06-30 16:00 - 00000000 ____D () C:\Users\Victoria\Desktop\sddfjsd
2014-09-14 18:26 - 2014-08-06 18:09 - 00000000 ____D () C:\Users\Victoria\Desktop\DataScrambler
2014-09-14 18:26 - 2014-06-30 20:47 - 00000000 ____D () C:\Users\Victoria\Desktop\dc
2014-09-14 18:26 - 2014-02-01 14:43 - 00000000 ____D () C:\Users\Victoria\Desktop\squid
2014-09-14 17:21 - 2014-09-07 17:40 - 00000000 ____D () C:\Users\TheGuest\Desktop\BC
2014-09-14 17:21 - 2014-05-07 23:16 - 00000000 _RSHD () C:\Users\Victoria\9r697hv
2014-09-14 13:49 - 2014-09-14 13:49 - 00000000 ____D () C:\Users\Victoria\AppData\Local\ESET
2014-09-14 12:40 - 2011-10-19 22:52 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-14 12:27 - 2014-09-14 12:27 - 01696192 _____ (ESET) C:\Users\Victoria\Downloads\eset_nod32_antivirus_live_installer (2).exe
2014-09-14 12:27 - 2014-09-14 12:26 - 01696192 _____ (ESET) C:\Users\Victoria\Downloads\eset_nod32_antivirus_live_installer (1).exe
2014-09-14 12:27 - 2014-09-14 12:25 - 01696192 _____ (ESET) C:\Users\Victoria\Downloads\eset_nod32_antivirus_live_installer.exe
2014-09-14 03:49 - 2014-09-14 03:49 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-14 03:38 - 2014-09-14 03:37 - 02347384 _____ (ESET) C:\Users\Victoria\Desktop\esetsmartinstaller_enu.exe
2014-09-14 03:18 - 2010-11-29 20:25 - 00000000 ____D () C:\Users\Victoria\AppData\Local\ATI
2014-09-14 03:14 - 2014-08-25 19:09 - 00000000 ____D () C:\Users\Victoria\Desktop\Icon
2014-09-14 03:14 - 2014-01-18 01:34 - 00000000 ____D () C:\Users\Victoria\Desktop\IPS v1.0
2014-09-14 03:13 - 2014-01-15 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spytech SpyAgent
2014-09-14 03:13 - 2013-05-13 20:30 - 00000000 ____D () C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IVMP
2014-09-14 03:13 - 2013-05-13 20:30 - 00000000 ____D () C:\Program Files (x86)\IVMP
2014-09-14 02:24 - 2014-09-14 02:23 - 11194928 _____ (SurfRight B.V.) C:\Users\Victoria\Downloads\HitmanPro_x64.exe
2014-09-14 02:23 - 2014-09-14 02:22 - 10280824 _____ (SurfRight B.V.) C:\Users\Victoria\Downloads\HitmanPro.exe
2014-09-14 02:21 - 2014-01-15 22:03 - 00000000 ___HD () C:\ProgramData\sacache
2014-09-14 01:40 - 2014-01-18 18:06 - 00000212 ____H () C:\ProgramData\emopts.dat
2014-09-14 01:30 - 2014-09-14 01:30 - 01373475 _____ () C:\Users\Victoria\Downloads\AdwCleaner.exe
2014-09-14 00:35 - 2014-09-14 00:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Victoria\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-14 00:15 - 2014-09-14 00:15 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Victoria\Downloads\mbam-clean-2.1.1.1001.exe
2014-09-13 20:47 - 2014-09-13 20:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Victoria\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-13 18:01 - 2014-02-18 15:17 - 00000000 ____D () C:\Users\Victoria\Desktop\rat users info
2014-09-13 17:34 - 2014-02-05 15:32 - 03186583 ____H () C:\ProgramData\sys005.log
2014-09-13 17:34 - 2014-02-05 15:32 - 00849078 ____H () C:\ProgramData\sys011.log
2014-09-13 17:34 - 2014-02-05 15:32 - 00509698 ____H () C:\ProgramData\sys002.log
2014-09-13 17:34 - 2014-02-05 15:32 - 00005555 ____H () C:\ProgramData\sys012.log
2014-09-13 17:34 - 2014-02-05 15:32 - 00000123 ____H () C:\ProgramData\sys006.log
2014-09-13 17:34 - 2014-01-15 22:04 - 00100372 ____H () C:\ProgramData\sys004.log
2014-09-13 15:22 - 2014-09-13 15:22 - 01016261 _____ (Thisisu) C:\Users\Victoria\Downloads\JRT (1).exe
2014-09-13 05:46 - 2014-09-13 05:46 - 00000000 ____D () C:\Users\Victoria\AppData\Roaming\Yxenpeb
2014-09-13 01:53 - 2014-09-13 01:38 - 00000000 ____D () C:\Users\Victoria\Desktop\9000+ Icon Pack
2014-09-13 01:32 - 2014-09-13 00:58 - 475068837 _____ () C:\Users\Victoria\Downloads\9000+ Icon Pack.rar
2014-09-12 18:01 - 2014-05-08 05:04 - 00000000 ____D () C:\Users\Victoria\Desktop\New folder (5)
2014-09-11 13:38 - 2013-02-03 12:36 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-11 05:52 - 2014-09-01 15:32 - 00000000 ____D () C:\Users\Victoria\Desktop\Data Protector V2
2014-09-11 05:48 - 2014-09-11 05:48 - 16487046 _____ () C:\Users\Victoria\Downloads\Protect your Bytes.rar
2014-09-11 05:02 - 2012-11-30 11:15 - 00000000 ____D () C:\Users\Victoria\Desktop\Nard's Music Collection
2014-09-10 21:18 - 2014-09-07 13:37 - 00000467 _____ () C:\Users\Victoria\Desktop\8C1A0000.log
2014-09-10 16:57 - 2012-05-20 02:26 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-09-10 16:46 - 2014-09-10 16:46 - 00007168 __RSH () C:\Users\Victoria\AppData\Roaming\{00007DD8-641C-73CB-7D97-6695673F7C6A}.exe
2014-09-10 15:28 - 2012-03-31 11:27 - 19321344 ___SH () C:\Users\Victoria\Desktop\Thumbs.db
2014-09-10 15:24 - 2014-09-10 15:24 - 00323696 _____ (Dropbox, Inc.) C:\Users\Victoria\Downloads\DropboxInstaller (3).exe
2014-09-10 14:53 - 2014-09-10 14:53 - 01016261 _____ (Thisisu) C:\Users\Victoria\Downloads\JRT.exe
2014-09-10 14:53 - 2014-09-10 14:53 - 00000000 ____D () C:\Windows\ERUNT
2014-09-09 17:34 - 2014-09-09 17:34 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn Disc Burning Software.lnk
2014-09-09 17:34 - 2014-09-09 17:34 - 00001112 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2014-09-09 17:33 - 2014-09-09 17:33 - 01563200 _____ (NCH Software) C:\Users\Victoria\Downloads\debutsetup.exe
2014-09-09 17:33 - 2014-09-09 17:33 - 00001202 _____ () C:\Users\Public\Desktop\NCH Suite.lnk
2014-09-09 17:33 - 2014-09-09 17:33 - 00001076 _____ () C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2014-09-09 17:33 - 2014-01-04 02:07 - 00001088 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2014-09-09 16:15 - 2014-08-02 13:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-09 16:15 - 2013-02-01 12:07 - 00000000 ____D () C:\Users\Victoria\AppData\Local\CRE
2014-09-09 16:06 - 2014-09-09 16:06 - 01370467 _____ () C:\Users\Victoria\Downloads\adwcleaner_3.309.exe
2014-09-09 15:52 - 2011-10-19 21:24 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-09-07 17:41 - 2014-09-07 17:41 - 00000000 ____D () C:\Users\TheGuest\AppData\Roaming\WinRAR
2014-09-07 17:40 - 2014-09-07 17:40 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\WinZip
2014-09-07 17:38 - 2014-09-07 17:38 - 00000000 ____D () C:\Users\TheGuest\AppData\Roaming\Dell
2014-09-07 17:37 - 2014-09-07 17:37 - 00087632 _____ () C:\Users\TheGuest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-07 17:37 - 2014-09-07 17:37 - 00000000 ____D () C:\Users\TheGuest\AppData\Roaming\DAEMON Tools Pro
2014-09-07 17:37 - 2014-09-07 17:37 - 00000000 ____D () C:\Users\TheGuest\AppData\Roaming\ATI
2014-09-07 17:37 - 2014-09-07 17:37 - 00000000 ____D () C:\Users\TheGuest\AppData\Roaming\Atheros
2014-09-07 17:37 - 2014-09-07 17:37 - 00000000 ____D () C:\Users\TheGuest\AppData\Roaming\Apple Computer
2014-09-07 17:37 - 2014-09-07 17:37 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\Wondershare
2014-09-07 17:37 - 2014-09-07 17:37 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\Stardock_Corporation
2014-09-07 17:37 - 2014-09-07 17:37 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\ATI
2014-09-07 17:37 - 2014-09-07 17:37 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\antiphishing-vmninternethelper1_1dn
2014-09-07 17:37 - 2014-09-07 17:37 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\Adobe
2014-09-07 17:37 - 2014-09-07 17:36 - 00000000 ____D () C:\Users\TheGuest\AppData\Roaming\Real
2014-09-07 17:37 - 2014-09-07 17:36 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\VirtualStore
2014-09-07 17:37 - 2014-02-05 15:32 - 00090005 ____H () C:\ProgramData\sys001.log
2014-09-07 17:36 - 2014-09-07 17:36 - 00001472 _____ () C:\Users\TheGuest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-07 17:36 - 2014-09-07 17:36 - 00000000 ____D () C:\Users\TheGuest\AppData\Roaming\Adobe
2014-09-07 17:36 - 2014-09-07 17:36 - 00000000 ____D () C:\Users\TheGuest\AppData\Local\Google
2014-09-07 17:36 - 2014-09-07 17:35 - 00000000 ____D () C:\Users\TheGuest
2014-09-07 17:35 - 2014-09-07 17:35 - 00000020 ___SH () C:\Users\TheGuest\ntuser.ini
2014-09-07 13:39 - 2014-09-07 13:39 - 00000000 ____D () C:\Users\Victoria\Desktop\Settings
2014-09-07 13:38 - 2014-09-01 16:21 - 00000000 ____D () C:\Users\Victoria\Desktop\Plugins
2014-09-07 13:37 - 2014-09-07 13:37 - 00009216 _____ () C:\Users\Victoria\Desktop\LZLoader.dll
2014-09-07 13:37 - 2014-09-01 16:20 - 00018432 _____ () C:\Users\Victoria\Desktop\ServerPlugin.dll
2014-09-07 13:37 - 2014-09-01 16:20 - 00016384 _____ () C:\Users\Victoria\Desktop\ClientPlugin.dll
2014-09-07 13:37 - 2014-09-01 16:20 - 00000000 ____D () C:\Users\Victoria\Desktop\Resources
2014-09-07 13:37 - 2014-03-29 05:00 - 00000229 _____ () C:\Users\Victoria\Desktop\README.txt
2014-09-06 18:02 - 2014-09-06 18:02 - 00018432 _____ () C:\Users\Victoria\Downloads\ServerPlugin.dll
2014-09-06 18:02 - 2014-09-06 18:02 - 00000000 ____D () C:\Users\Victoria\Downloads\Plugins
2014-09-06 18:02 - 2014-06-30 14:01 - 00000229 _____ () C:\Users\Victoria\Downloads\Readme.txt
2014-09-06 18:01 - 2014-09-06 18:01 - 00016384 _____ () C:\Users\Victoria\Downloads\ClientPlugin.dll
2014-09-06 18:01 - 2014-06-30 14:01 - 00000058 _____ () C:\Users\Victoria\Downloads\8C1A0000.log
2014-09-06 15:02 - 2014-09-06 15:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-05 23:26 - 2014-06-28 14:11 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-03 14:58 - 2014-09-03 14:58 - 00000286 _____ () C:\Windows\wininit.ini
2014-09-02 22:19 - 2014-09-02 21:58 - 00000164 _____ () C:\Users\Victoria\Desktop\ss.txt
2014-09-02 16:26 - 2014-03-10 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-09-02 03:07 - 2013-10-05 16:52 - 00000000 ____D () C:\Users\Victoria\Documents\ConvertXtoDVD
2014-09-01 16:33 - 2014-09-01 16:23 - 00000008 _____ () C:\Users\Victoria\Desktop\settings.bin
2014-09-01 16:33 - 2014-09-01 16:22 - 00004656 _____ () C:\Users\Victoria\Desktop\server.log
2014-09-01 16:33 - 2014-09-01 16:21 - 00000000 ____D () C:\Users\Victoria\Desktop\Databases
2014-09-01 16:25 - 2014-09-01 16:22 - 00001103 _____ () C:\Users\Victoria\Desktop\builder.log
2014-09-01 16:23 - 2014-09-01 16:22 - 00000112 _____ () C:\Users\Victoria\Desktop\plugins.bin
2014-09-01 16:22 - 2014-09-01 16:22 - 00000048 _____ () C:\Users\Victoria\Desktop\public.bin
2014-09-01 16:20 - 2014-09-01 16:20 - 00262144 _____ (http://system.data.sqlite.org/) C:\Users\Victoria\Desktop\System.Data.SQLite.dll
2014-09-01 16:20 - 2014-09-01 16:20 - 00026197 _____ () C:\Users\Victoria\Desktop\ServerPlugin.xml
2014-09-01 16:20 - 2014-09-01 16:20 - 00008366 _____ () C:\Users\Victoria\Desktop\ClientPlugin.xml
2014-09-01 16:20 - 2014-09-01 16:20 - 00000028 _____ () C:\Users\Victoria\Desktop\E8250000.log
2014-09-01 16:20 - 2014-09-01 16:20 - 00000000 ____D () C:\Users\Victoria\Desktop\x64
2014-09-01 16:19 - 2014-06-30 13:53 - 00000000 ____D () C:\ProgramData\Nimoru
2014-08-31 21:17 - 2014-08-31 17:37 - 00000057 _____ () C:\Users\Victoria\Desktop\96380000.log
2014-08-31 19:24 - 2014-08-31 19:24 - 00000017 _____ () C:\Users\Victoria\Desktop\Password.txt
2014-08-31 18:59 - 2014-08-31 18:56 - 08536806 _____ () C:\Users\Victoria\Desktop\download.mp4
2014-08-31 18:47 - 2014-08-31 18:47 - 00160789 _____ () C:\Users\Victoria\Downloads\n-west-w-1776.zip
2014-08-29 17:13 - 2014-08-29 17:13 - 00000000 __SHD () C:\Users\Victoria\AppData\Roaming\Eziriz
2014-08-29 17:09 - 2014-08-29 17:09 - 00001530 _____ () C:\Users\Victoria\Desktop\info1.txt
2014-08-29 15:47 - 2014-08-29 15:29 - 00409600 _____ () C:\database.mdb
2014-08-29 15:47 - 2014-08-29 15:29 - 00000000 ____D () C:\Maps
2014-08-29 15:28 - 2014-08-29 15:28 - 00000000 ____D () C:\Users\Victoria\AppData\Local\IsolatedStorage
2014-08-29 15:26 - 2014-08-29 14:53 - 00000174 _____ () C:\Users\Victoria\Desktop\D4300000.log
2014-08-26 10:34 - 2014-08-26 10:34 - 00002670 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0814tb_rmv
2014-08-26 10:34 - 2014-08-26 10:34 - 00002668 _____ () C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0814tb_rel
2014-08-26 10:34 - 2014-08-26 10:34 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-25 19:21 - 2014-04-11 19:24 - 00001871 _____ () C:\Users\Victoria\Desktop\Star Wars Knights of the Old Republic.lnk
2014-08-25 04:16 - 2014-08-25 04:16 - 00664064 _____ () C:\Users\Victoria\Downloads\VPN Installer (4).exe
2014-08-25 04:16 - 2014-07-04 03:24 - 00001012 _____ () C:\Users\Victoria\Desktop\Cryptic VPN.lnk
2014-08-25 04:16 - 2014-06-14 02:34 - 00000000 ____D () C:\Program Files (x86)\CrypticVPN
2014-08-25 04:16 - 2014-06-13 01:30 - 00462336 _____ (Dino Chiesa) C:\Users\Victoria\Downloads\Ionic.Zip.dll
2014-08-16 00:37 - 2009-07-14 01:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
 
Files to move or delete:
====================
C:\ProgramData\emopts.dat
C:\ProgramData\saopts.dat
 
 
Some content of TEMP:
====================
C:\Users\TheGuest\AppData\Local\Temp\upnp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-08 01:23
 
==================== End Of Log ============================
 
 
 
 
Link to post
Share on other sites

here's the addition:

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014

Ran by Victoria at 2014-09-15 19:50:27

Running from C:\Users\Victoria\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

 

Ad Nuker 4.5 (HKLM-x32\...\Ad Nuker_is1) (Version:  - AdNuker.Com)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)

Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)

Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)

Adobe Photoshop Elements 12 (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden

Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)

AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden

Any Video Converter Professional 3.1.8 (HKLM-x32\...\Any Video Converter Professional_is1) (Version:  - Any-Video-Converter.com)

Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Archibald's Adventures (x32 Version: 2.2.0.95 - WildTangent) Hidden

Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.170 - Atheros)

ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.010.0517.1741 - )

AVG 2012 (Version: 12.0.2092 - AVG Technologies) Hidden

AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )

AVStoDVD 2.7.1 (HKLM-x32\...\AVStoDVD) (Version: 2.7.1 - MrC)

Batman: Arkham Asylum (HKLM-x32\...\{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}) (Version: 1.0.0.0 - Eidos Inc/Warner Brothers)

Bing Bar (HKLM-x32\...\{6F6D8BC6-CE36-493B-996F-04CD8CCC35A8}) (Version: 7.0.614.0 - Microsoft Corporation)

Birdies (x32 Version: 2.2.0.95 - WildTangent) Hidden

BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.3.1 - BitRaider, LLC)

Blekko search bar (HKLM-x32\...\blekkotb_soc) (Version: 1.1.0.1 - Visicom Media Inc.) <==== ATTENTION

BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.15.909 - BlueStack Systems, Inc.)

BlueStacks Notification Center (HKLM-x32\...\{74C85607-9668-4F88-B1D5-244889192DFC}) (Version: 0.7.15.909 - BlueStack Systems, Inc.)

Bob the Builder Can-Do-Zoo (x32 Version: 2.2.0.95 - WildTangent) Hidden

Boogie Bunnies (x32 Version: 2.2.0.98 - WildTangent) Hidden

Brain Challenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0517.1742.29870 - ATI) Hidden

Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0517.1742.29870 - ATI) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2010.0517.1742.29870 - ATI Technologies, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2010.0517.1742.29870 - ATI) Hidden

CCC Help Chinese Standard (x32 Version: 2010.0517.1741.29870 - ATI) Hidden

CCC Help Chinese Traditional (x32 Version: 2010.0517.1741.29870 - ATI) Hidden

CCC Help Czech (x32 Version: 2010.0517.1741.29870 - ATI) Hidden

CCC Help Danish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden

CCC Help Dutch (x32 Version: 2010.0517.1741.29870 - ATI) Hidden

CCC Help English (x32 Version: 2010.0517.1741.29870 - ATI) Hidden

CCC Help Finnish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden

CCC Help French (x32 Version: 2010.0517.1741.29870 - ATI) Hidden

CCC Help German (x32 Version: 2010.0517.1741.29870 - ATI) Hidden

CCC Help Greek (x32 Version: 2010.0517.1741.29870 - ATI) Hidden

CCC Help Hungarian (x32 Version: 2010.0517.1741.29870 - ATI) Hidden

CCC Help Italian (x32 Version: 2010.0517.1741.29870 - ATI) Hidden

CCC Help Japanese (x32 Version: 2010.0517.1741.29870 - ATI) Hidden

CCC Help Korean (x32 Version: 2010.0517.1741.29870 - ATI) Hidden

CCC Help Norwegian (x32 Version: 2010.0517.1741.29870 - ATI) Hidden

CCC Help Polish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden

CCC Help Portuguese (x32 Version: 2010.0517.1741.29870 - ATI) Hidden

CCC Help Russian (x32 Version: 2010.0517.1741.29870 - ATI) Hidden

CCC Help Spanish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden

CCC Help Swedish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden

CCC Help Thai (x32 Version: 2010.0517.1741.29870 - ATI) Hidden

CCC Help Turkish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden

ccc-core-static (x32 Version: 2010.0517.1742.29870 - ATI) Hidden

ccc-utility64 (Version: 2010.0517.1742.29870 - ATI) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)

Charter Browser Updater (HKCU\...\Charter Browser Updater) (Version:  - Charter Communications)

Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

ClipConverter (HKLM-x32\...\{86134348-6422-4486-AB6A-0E01DBA39DE6}) (Version: 1.1.0 - Lunaweb)

Clipdiary 3.5 (HKLM-x32\...\Clipdiary) (Version: 3.5 - Tiushkov Nikolay)

ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )

creepy 1.1 (HKLM-x32\...\{FCF4F348-E2F7-424B-8318-9C0E9FCBF39D}_is1) (Version: 1.1 - Ioannis Kakavas)

CS16 Full v32.1 Non-Steam (HKLM-x32\...\CS16 Full v32.1 Non-Steam) (Version:  - )

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 4.41.0315.0262 - DT Soft Ltd)

DAP Plug-in for 64 Bit IE (HKLM\...\{FB5688A1-05A2-4E9F-A5E7-872D71A6AAD6}) (Version: 9706.0.31 - SpeedBit)

Database Tour Pro 7.0.3.411 (HKLM-x32\...\Database Tour Pro 7_is1) (Version: 7.0.3.411 - Vitaliy Levchenko)

Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.02 - NCH Software)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)

Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)

Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)

Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)

Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)

Dell Dock (Version: 2.0 - Stardock Corporation) Hidden

Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)

Deus Ex - Human Revolution version 1.0 (HKLM-x32\...\{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1) (Version: 1.0 - Square Enix)

Download Accelerator Plus (DAP) (HKLM-x32\...\Download Accelerator Plus (DAP)) (Version: 10035 (Build 2446) - Speedbit Ltd.)

DownTango Launcher 2.1 (HKLM-x32\...\{4a505538-f48f-412e-9b69-dbac7e3149c3}_is1) (Version: 2.1 - DownTango Launcher) <==== ATTENTION

Driver Genius Professional Edition (HKLM-x32\...\Driver Genius Professional Edition_is1) (Version: 11.0 - Driver-Soft Inc.)

DriverBoost (HKLM-x32\...\{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}) (Version: 8.0.1 - DriverBoost)

DriverFinder (HKLM-x32\...\DriverFinder) (Version: 2.1.0 - DeskToolsSoft)

DriverUpdate (HKLM-x32\...\{850A14FC-F410-47F7-94E4-38F4D3F270D4}) (Version: 2.2.30452 - SlimWare Utilities, Inc.)

Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)

Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden

EPSON NX410 Series Printer Uninstall (HKLM\...\EPSON NX410 Series) (Version:  - SEIKO EPSON Corporation)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )

Escape From Paradise (x32 Version: 2.2.0.95 - WildTangent) Hidden

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 4.72 - NCH Software)

Express Zip File Compression Software (HKLM-x32\...\ExpressZip) (Version:  - NCH Software)

Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)

Fallout New Vegas (HKLM-x32\...\Fallout New Vegas_is1) (Version:  - )

Family Feud (x32 Version: 2.2.0.95 - WildTangent) Hidden

Family Feud 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Family Feud Battle of the Sexes (x32 Version: 2.2.0.95 - WildTangent) Hidden

Farm Frenzy: Gone Fishing (x32 Version: 2.2.0.97 - WildTangent) Hidden

ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )

FixCleaner (HKLM-x32\...\{540CBBEF-1433-4E5C-9817-4597493AA45F}) (Version: 2.0.4680 - Slimware Utilities, Inc.)

Forum Proxy Leecher 1.11 (HKLM-x32\...\Forum Proxy Leecher_is1) (Version:  - My-Proxy Software)

Free Dll Viewer 0.1 (HKLM-x32\...\Free Dll Viewer) (Version: 0.1 - )

FreePriceAlerts 2.3.5 (HKLM\...\{DC3381CB-10D4-431D-B9B3-7DB84B00645F}) (Version: 2.3.5 - myVBO LLC)

FVD Player 1.0.2 (HKLM-x32\...\FVD Player_is1) (Version:  - flashvideodownloader.org)

Gardenscapes: Mansion Makeover (x32 Version: 2.2.0.110 - WildTangent) Hidden

Gem Smashers (x32 Version: 2.2.0.98 - WildTangent) Hidden

Gold Rush Deluxe (x32 Version: 2.2.0.98 - WildTangent) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )

GSplit 3 (HKLM-x32\...\GSplit3Set) (Version: 3.0.1.0 - G.D.G. Software)

GTA San Andreas (HKLM-x32\...\{E0303B6A-C675-4102-95DA-C013625BFA99}) (Version: 1.00.00001 - Rockstar Games)

Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )

Half-Life 2 (HKCU\...\Half-Life 2) (Version:  - )

Half-Life 2: Episode Two (HKLM-x32\...\Half-Life 2: Episode Two_is1) (Version:  - HorseDIC86)

IE Password Revealer 3 (HKLM-x32\...\{A27C76B8-45D6-4894-BE8C-C8F94B8172C5}) (Version: 3.1 - WellTek Software)

ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)

Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )

Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Java 6 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416021FF}) (Version: 6.0.210 - Oracle)

Jojo's Fashion Show World Tour (x32 Version: 2.2.0.98 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Kvisoft Data Recovery1.5.2 (HKLM-x32\...\Kvisoft Data Recovery_is1) (Version: 1.5.2 - Kvisoft Co.,Ltd.)

Lexmark 2500 Series (HKLM\...\Lexmark 2500 Series) (Version:  - Lexmark International, Inc.)

LimeWire 5.5.10 (HKLM-x32\...\LimeWire) (Version: 5.5.10 - Lime Wire, LLC)

Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )

MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)

Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.02 - Electronic Arts, Inc.)

Mass Effect 3 © Bioware version 1 (HKLM-x32\...\TWFzcyBFZmZlY3QgMyAoYykgQmlvd2FyZQ==_is1) (Version: 1 - )

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)

Media Player Codec Pack 4.2.4 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.2.4 - Media Player Codec Pack) <==== ATTENTION

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden

MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)

Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

MultiClock 1.0 (HKLM-x32\...\MultiClock) (Version: 1.0 - Fried Cookie)

Multimedia Card Reader (HKLM-x32\...\InstallShield_{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}) (Version: 1.6.915.87 - Fitipower)

Multimedia Card Reader (x32 Version: 1.6.915.87 - Fitipower) Hidden

My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)

My Farm Life (x32 Version: 2.2.0.97 - WildTangent) Hidden

Nancy Drew - Legend of the Crystal Skull (x32 Version: 2.2.0.95 - WildTangent) Hidden

Nancy Drew: Trail of the Twister (x32 Version: 2.2.0.98 - WildTangent) Hidden

NETGEAR WG111v2 wireless USB 2.0 adapter (HKLM-x32\...\{4102037D-E8E0-48E0-B203-E521D194FB71}) (Version: 1.0.0.133 - NETGEAR)

NETGEAR WG111v2 wireless USB 2.0 adapter (HKLM-x32\...\InstallShield_{E0F252A6-DE85-4E93-A93B-DFC3537B3965}) (Version: 1.00.03281 - NETGEAR)

NETGEAR WG111v2 wireless USB 2.0 adapter (x32 Version: 1.00.03281 - NETGEAR) Hidden

Nick Jr Bingo (x32 Version: 2.2.0.98 - WildTangent) Hidden

No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.0 - Vitalwerks Internet Solutions LLC)

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

OpenMG Limited Patch 4.7-07-14-05-01 (HKLM-x32\...\OpenMG HotFix4.7-07-13-22-01) (Version:  - )

OpenMG Secure Module 4.7.00 (HKLM-x32\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation)

OpenMG Secure Module 4.7.00 (x32 Version: 4.7.00.12140 - Sony Corporation) Hidden

OpenVPN 2.3.4-I001  (HKLM-x32\...\OpenVPN) (Version: 2.3.4-I001 - )

Password Recovery Bundle 2012 (HKLM-x32\...\Password Recovery Bundle 2012_is1) (Version:  - Top Password Software, Inc.)

PDF Reader (HKCU\...\PDF Reader) (Version:  - )

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Plugin Update (HKLM-x32\...\uc@uc.com) (Version:  - )

Privacy SafeGuard version 1.0 (HKLM\...\{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1) (Version: 1.0 - Privacy SafeGuard)

PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden

QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)

Rapport (Version: 3.5.1201.78 - Trusteer) Hidden

Rapport (x32 Version: 3.5.1403.67 - Trusteer) Hidden

RealDownloader (x32 Version: 17.0.11 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.10 - RealNetworks)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)

Revo Uninstaller Pro 2.5.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.9 - VS Revo Group, Ltd.)

Running Sheep (x32 Version: 2.2.0.98 - WildTangent) Hidden

Running Sheep: Tiny Worlds (x32 Version: 2.2.0.98 - WildTangent) Hidden

Secret of the Past The Mother's Diary (x32 Version: 3.0.2.32 - WildTangent) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

Settings Alerter (HKLM-x32\...\Settings Alerter) (Version: 4.5.0.5415 - Koyote-Lab, Inc) <==== ATTENTION

Shop To Win (HKLM-x32\...\{6FA9069B-C709-4092-878D-36FB41F6292F}_is1) (Version: 1.1.0.0 - Shop To Win, LLC)

Skins (x32 Version: 2010.0517.1742.29870 - ATI) Hidden

Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

SonicStage 4.3 (HKLM-x32\...\{A0EB195B-5876-48E6-879D-33D4B2102610}) (Version: 4.3 - Sony Corporation)

SpongeBob Typing (x32 Version: 2.2.0.98 - WildTangent) Hidden

Spytech SpyAgent (HKLM-x32\...\Spytech SpyAgent) (Version:  - )

Star Wars® Knights of the Old Republic® II: The Sith Lords (HKLM-x32\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)

Star Wars®: Knights of the Old Republic (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version:  - )

State of Decay (HKLM-x32\...\State of Decay_is1) (Version:  - )

Street Fighter X Tekken (HKLM-x32\...\{43430FA5-AF68-4A2D-A7D4-891000008200}) (Version: 1.0.0.0 - CAPCOM U.S.A., INC)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1148 - SUPERAntiSpyware.com)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)

System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)

TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )

TaxACT 2006 (HKLM-x32\...\TaxACT 2006) (Version:  - 2nd Story Software, Inc.)

TaxACT 2008 (HKLM-x32\...\TaxACT 2008) (Version:  - 2nd Story Software, Inc.)

TaxACT 2009 (HKLM-x32\...\TaxACT 2009) (Version:  - 2nd Story Software, Inc.)

TaxACT 2011 - 1040 Edition (HKLM-x32\...\TaxACT 2011 - 1040 Edition) (Version:  - 2nd Story Software, Inc.)

The Walking Dead Season 2 EP 2 (HKLM-x32\...\The Walking Dead Season 2 EP 2_is1) (Version:  - )

The Walking Dead: Season 2 (HKLM-x32\...\VGhlV2Fsa2luZ0RlYWRTZWFzb24y_is1) (Version: 1 - )

The Wolf Among Us Episode 2 (HKLM-x32\...\The Wolf Among Us Episode 2_is1) (Version:  - CODEX)

The Wolf Among Us Episode 3 (HKLM-x32\...\The Wolf Among Us Episode 3_is1) (Version:  - )

Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1403.67 - Trusteer)

Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)

Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden

VideoConverter (HKLM-x32\...\VideoConverter) (Version:  - PerformerSoft LLC) <==== ATTENTION

VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.61 - NCH Software)

Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)

VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.74 - VSO Software)

Watchtower Library 2009 - English (HKLM-x32\...\{4ABB4D92-0682-4887-A0BC-CE5F920DDD23}) (Version: 11.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)

Watchtower Library 2010 - English (HKLM-x32\...\{57729BE1-DE2C-45DB-9FFA-5C1949679B3E}) (Version: 12.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)

Watchtower Library 2011 - English (HKLM-x32\...\{EED1EFD7-2703-4f7e-9820-EAA3C4723EA3}) (Version: 13.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)

Watchtower Library 2012 - English (HKLM-x32\...\{11B5A3EB-8B76-46A9-A4B7-1C1FF5A3AAFD}) (Version: 14.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)

WBFS to ISO (HKLM-x32\...\{55F0E086-2E1C-4478-B52E-DA6025A46434}_is1) (Version:  - wbfstoiso.com)

WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.3.0 - WildTangent)

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)

WildTangent Games App (Dell Games) (x32 Version: 4.0.10.2 - WildTangent) Hidden

Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}) (Version: 17.0.10283 - WinZip Computing, S.L. )

Wondershare DVD Creator(Build 2.6.5) (HKLM-x32\...\Wondershare DVD Creator_is1) (Version:  - Wondershare)

Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

Zooloretto (x32 Version: 2.2.0.98 - WildTangent) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2698232268-2154043033-3228781758-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Victoria\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2698232268-2154043033-3228781758-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

CustomCLSID: HKU\S-1-5-21-2698232268-2154043033-3228781758-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Victoria\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2698232268-2154043033-3228781758-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Victoria\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2698232268-2154043033-3228781758-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Victoria\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

 

==================== Restore Points  =========================

 

14-09-2014 07:01:49 Checkpoint by HitmanPro

14-09-2014 07:06:16 Checkpoint by HitmanPro

14-09-2014 23:00:38 Windows Backup

15-09-2014 10:11:42 Windows Defender Checkpoint

15-09-2014 21:06:01 Checkpoint by HitmanPro

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2014-09-01 15:02 - 2014-09-15 19:33 - 00016223 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 metascan.org

127.0.0.1 www.metascan-online.com

127.0.0.1 virus-trap.org

127.0.0.1 anubis.iseclab.org

127.0.0.1 metascan.org

127.0.0.1 www.metascan-online.com

127.0.0.1 virus-trap.org

127.0.0.1 anubis.iseclab.org

127.0.0.1 metascan.org

127.0.0.1 www.metascan-online.com

127.0.0.1 virus-trap.org

127.0.0.1 anubis.iseclab.org

127.0.0.1 metascan.org

127.0.0.1 www.metascan-online.com

127.0.0.1 virus-trap.org

127.0.0.1 anubis.iseclab.org

127.0.0.1 metascan.org

127.0.0.1 www.metascan-online.com

127.0.0.1 virus-trap.org

127.0.0.1 anubis.iseclab.org

127.0.0.1 metascan.org

127.0.0.1 www.metascan-online.com

127.0.0.1 virus-trap.org

127.0.0.1 anubis.iseclab.org

127.0.0.1 metascan.org

127.0.0.1 www.metascan-online.com

127.0.0.1 virus-trap.org

127.0.0.1 anubis.iseclab.org

127.0.0.1 metascan.org

 

There are 494 more lines.

 

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0AC917F1-E3DE-4C14-A968-8C306C9F9A2F} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2698232268-2154043033-3228781758-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)

Task: {10DE3E35-4A76-41AF-A167-782804B17F11} - System32\Tasks\RealCreateProcessScheduledTask191247491S-1-5-21-2698232268-2154043033-3228781758-1000 => c:\program files (x86)\real\realplayer\realplay.exe [2014-06-30] (RealNetworks, Inc.)

Task: {33996CA1-2818-458C-8448-5FE2F923B40E} - System32\Tasks\NCH Software\VideoPadSevenDays => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe

Task: {3EF61FF3-1773-43A6-9738-B786F8552382} - System32\Tasks\{F410990A-E398-4367-B608-7256C0DAE4D2} => C:\Program Files (x86)\booddanet\Half-Life 2\hl2.exe [2007-02-20] ()

Task: {47998353-6C27-4C27-96CF-CB3D980FA4D0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)

Task: {492F5901-5FAD-4421-8206-4547A747B6EB} - System32\Tasks\DriverBoost-RTMUpdater => C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe [2013-10-24] (PC Drivers Headquarters)

Task: {4E1CCEFB-50FC-427D-A578-4E4706C6B33C} - System32\Tasks\DriverBoost-RTMScan => C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe [2013-10-24] (PC Drivers Headquarters)

Task: {684C344D-2D32-4A3C-9EC6-B0595903B458} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-20] (Adobe Systems Incorporated)

Task: {6BF9BC97-22C9-46B0-A7CD-3A0656AF5956} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)

Task: {6EFC4897-100E-43DB-80D6-CF445561DCA8} - System32\Tasks\{0370FED2-1BA4-475D-A03D-43001AC60595} => C:\Users\Victoria\Desktop\DataScrambler\DataScrambler.exe

Task: {84434FEC-BB06-4A43-B4B5-D61DD972AC06} - System32\Tasks\AdobeAAMUpdater-1.0-Victoria-PC-Victoria => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)

Task: {84E8609A-5DAA-4196-B936-8D18F5E031C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-29] (Google Inc.)

Task: {88ED1EE1-E91D-4BE5-8D03-23156344F7AE} - System32\Tasks\{848F7A6C-081D-440B-860A-7DF6E8393379} => C:\Users\Victoria\Desktop\DataScrambler\DataScrambler.exe

Task: {891E115C-A934-44BC-A919-198AB72093C5} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rel => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe

Task: {89CA0B8F-C706-4808-97FA-6836C50F947C} - System32\Tasks\{B8BF2E63-DF04-4CC2-AAD0-CB52E2AD9362} => C:\Users\Victoria\Desktop\DataScrambler\DataScrambler.exe

Task: {8A8A76D6-FB8B-4B97-84CB-7427A1DB78B9} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2698232268-2154043033-3228781758-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)

Task: {954E683D-5C25-4233-B792-24B2623EA401} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)

Task: {95789437-6591-464F-8E15-68464056EFD6} - \eType Setup No Task File <==== ATTENTION

Task: {9B5DE188-FCA2-48EF-9087-A62A227B50B8} - System32\Tasks\{BE3C13E3-09F8-4755-BAA7-1662BE6391C8} => C:\Program Files (x86)\booddanet\Half-Life 2\hl2.exe [2007-02-20] ()

Task: {9D0E67AB-CA6F-4064-838E-08548D448B0A} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION

Task: {9DCEAC5B-C417-4C83-AE78-A232CD420939} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {AE73005E-C445-468F-85D0-96D7418B276E} - System32\Tasks\DriverBoost-RTMRules => C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe [2013-10-24] (PC Drivers Headquarters)

Task: {B6FC4588-3E9A-4873-A3B8-B0D83ED3B95C} - System32\Tasks\{F69AE2BB-19E2-4F5F-A3B0-490A1B824A19} => C:\Users\Victoria\Desktop\Imminent Monitor\DataScrambler\DataScrambler.exe

Task: {B8E3F7FB-6D94-43DF-8424-E60562B9E353} - System32\Tasks\5014 => Wscript.exe C:\Users\Victoria\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION

Task: {C000CB22-2CAE-4D94-B7E3-6D0F48F4592A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-29] (Google Inc.)

Task: {C2B650F4-262B-462D-842F-57806165DB82} - System32\Tasks\NCH Software\ExpressZipReminder => C:\Program Files (x86)\NCH Software\ExpressZip\ExpressZip.exe

Task: {C822E71A-750F-4CC2-A2E8-98EFF0556258} - System32\Tasks\{D734C5AB-D32C-49EC-8CCF-0E03D456A788} => C:\Users\Victoria\Desktop\Imminent Monitor\DataScrambler\DataScrambler.exe

Task: {C84F6062-3FF1-4593-BFDC-37C96043BBA9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2698232268-2154043033-3228781758-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)

Task: {D349298D-BF91-400D-8494-D873F91B605A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {DB7FC948-E7FF-453F-A570-A023034D68D2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2698232268-2154043033-3228781758-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)

Task: {DC95C021-3C5C-4FE7-84AA-325AF8D3AED1} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2698232268-2154043033-3228781758-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)

Task: {E93B13C4-6E9B-445E-9A5B-E3FDA50E13D4} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rmv => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe

Task: {ED0BFCD5-F588-4655-BD4F-88440222AD26} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {EEAD3EB8-B72E-466B-9638-8AF8810B48AD} - \ProtectedSearch\Protected Search No Task File <==== ATTENTION

Task: {F44EE16D-85A1-4E7B-9028-4BB2799FC4FF} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2698232268-2154043033-3228781758-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)

Task: {FA0C7610-6900-4A8C-BA3C-BE4C9AAF5C2A} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2698232268-2154043033-3228781758-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-06-10] (RealNetworks, Inc.)

Task: {FE363D7E-3F91-4025-A83F-20AB8C0CE157} - System32\Tasks\NCH Software\ExpressBurnSevenDays => C:\Program Files (x86)\NCH Software\ExpressBurn\ExpressBurn.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2010-12-03 13:40 - 2007-02-27 07:20 - 00125952 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdddrpp.dll

2014-06-10 17:50 - 2014-06-10 17:50 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

2014-06-10 22:03 - 2014-06-10 22:03 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

2010-12-03 13:39 - 2009-04-27 15:37 - 00291496 _____ () C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe

2010-12-03 13:39 - 2009-04-27 15:37 - 00025256 _____ () C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe

2006-06-06 13:10 - 2006-06-06 13:10 - 01085440 _____ () C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe

2010-11-18 19:14 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

2014-04-25 03:34 - 2014-06-30 20:27 - 00861784 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll

2010-12-03 13:39 - 2007-01-09 19:10 - 00278528 _____ () C:\Program Files (x86)\Lexmark 2500 Series\lxddscw.dll

2010-12-03 13:39 - 2007-03-06 10:16 - 00589824 _____ () C:\Program Files (x86)\Lexmark 2500 Series\lxdddatr.dll

2010-12-03 13:39 - 2006-12-28 13:47 - 00073728 _____ () C:\Program Files (x86)\Lexmark 2500 Series\lxddcats.dll

2010-12-03 13:39 - 2008-05-16 14:35 - 00040960 _____ () C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Core.dll

2010-12-03 13:39 - 2008-05-16 14:35 - 00028672 _____ () C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Common.dll

2010-12-03 13:39 - 2008-05-16 14:34 - 00057344 _____ () C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll

2010-12-03 13:39 - 2007-04-30 10:19 - 00020480 _____ () C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.NetworkCardDevMon.dll

2010-12-03 13:39 - 2007-04-30 10:19 - 00020480 _____ () C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll

2010-12-03 13:39 - 2007-04-30 10:20 - 00011776 _____ () C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll

2005-07-20 05:53 - 2005-07-20 05:53 - 00966765 _____ () C:\Program Files (x86)\NETGEAR\WG111v2\acAuth.dll

2005-11-13 15:22 - 2005-11-13 15:22 - 00217088 _____ () C:\Program Files (x86)\NETGEAR\WG111v2\NWTools.dll

2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

2014-09-11 13:38 - 2014-09-03 23:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll

2014-09-11 13:38 - 2014-09-03 23:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll

2014-09-11 13:38 - 2014-09-03 23:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll

2014-09-11 13:38 - 2014-09-03 23:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll

2014-09-11 13:38 - 2014-09-03 23:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

AlternateDataStreams: C:\Users\Victoria\Downloads\Project Neptune Test Email.eml:OECustomProperty

AlternateDataStreams: C:\Users\Victoria\Downloads\[First Run] Neptune - BERNARD - Bernard (1).eml:OECustomProperty

AlternateDataStreams: C:\Users\Victoria\Downloads\[First Run] Neptune - BERNARD - Bernard (2).eml:OECustomProperty

AlternateDataStreams: C:\Users\Victoria\Downloads\[First Run] Neptune - BERNARD - Bernard.eml:OECustomProperty

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupreg: Shop To Win => C:\Program Files (x86)\Shop To Win\ShopToWin.exe

 

==================== Faulty Device Manager Devices =============

 

Name: DW1525 (802.11n) WLAN PCIe Card

Description: DW1525 (802.11n) WLAN PCIe Card

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Atheros Communications Inc.

Service: athr

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/15/2014 07:29:18 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17207, time stamp: 0x4a5bc6b7

Faulting module name: MSHTML.dll, version: 11.0.9600.17207, time stamp: 0x53a22b71

Exception code: 0xc00000fd

Fault offset: 0x000f9575

Faulting process id: 0x1c30

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

 

Error: (09/15/2014 05:23:36 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17207, time stamp: 0x4a5bc6b7

Faulting module name: MSHTML.dll, version: 11.0.9600.17207, time stamp: 0x53a22b71

Exception code: 0xc00000fd

Fault offset: 0x000f84f6

Faulting process id: 0xe0c

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

 

Error: (09/15/2014 05:09:35 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )

Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.

   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)

   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

 

Error: (09/15/2014 05:08:01 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f4,(null),0,REG_BINARY,0000000001D9F0B0.72).  hr = 0x80070005, Access is denied.

.

 

Error: (09/15/2014 05:08:01 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000744,(null),0,REG_BINARY,0000000003B8E3D0.72).  hr = 0x80070005, Access is denied.

.

 

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}

   Writer Name: WMI Writer

   Writer Instance ID: {f5e0dea4-1987-41f4-a9fb-c614e31a2eed}

 

Error: (09/15/2014 05:08:01 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000d78,(null),0,REG_BINARY,000000000158E2D0.72).  hr = 0x80070005, Access is denied.

.

 

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}

   Writer Name: MSSearch Service Writer

   Writer Instance ID: {07bb7b30-af03-4af3-864a-7c8ad1e6f4c4}

 

Error: (09/15/2014 05:08:01 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000308,(null),0,REG_BINARY,0000000002CDE2F0.72).  hr = 0x80070005, Access is denied.

.

 

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

   Writer Name: System Writer

   Writer Instance ID: {a99fe23a-d659-4072-b1a4-80ba54adb86f}

 

Error: (09/15/2014 05:08:01 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b4,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,0000000000FDF4C0.72).  hr = 0x80070005, Access is denied.

.

 

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}

   Writer Name: COM+ REGDB Writer

   Writer Instance ID: {57194913-0a6b-456e-b79b-e6855b78dae6}

 

Error: (09/15/2014 05:08:01 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000744,(null),0,REG_BINARY,0000000003B8E3D0.72).  hr = 0x80070005, Access is denied.

.

 

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}

   Writer Name: WMI Writer

   Writer Instance ID: {f5e0dea4-1987-41f4-a9fb-c614e31a2eed}

 

Error: (09/15/2014 05:08:01 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001a8,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,000000000208E9B0.72).  hr = 0x80070005, Access is denied.

.

 

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}

   Writer Name: Registry Writer

   Writer Instance ID: {7e4df222-dec0-4ff5-997c-00468346dad7}

 

 

System errors:

=============

Error: (09/15/2014 07:11:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

 

Error: (09/15/2014 07:10:30 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

Error: (09/15/2014 06:40:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

 

Error: (09/15/2014 06:22:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

 

Error: (09/15/2014 06:07:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

 

Error: (09/15/2014 05:12:42 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

Error: (09/15/2014 05:10:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

 

Error: (09/15/2014 05:09:43 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.

 

Error: (09/15/2014 05:09:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The BlueStacks Android Service service terminated with the following error: 

%%1064

 

Error: (09/15/2014 05:09:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The vToolbarUpdater18.1.9 service failed to start due to the following error: 

%%2

 

 

Microsoft Office Sessions:

=========================

Error: (09/15/2014 07:29:18 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe11.0.9600.172074a5bc6b7MSHTML.dll11.0.9600.1720753a22b71c00000fd000f95751c3001cfd13c45e93578C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll1cb74601-3d30-11e4-bae2-842b2baf6f10

 

Error: (09/15/2014 05:23:36 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe11.0.9600.172074a5bc6b7MSHTML.dll11.0.9600.1720753a22b71c00000fd000f84f6e0c01cfd12a9fa5f4c9C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll8d1be4da-3d1e-11e4-bae2-842b2baf6f10

 

Error: (09/15/2014 05:09:35 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )

Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.

   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)

   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

 

Error: (09/15/2014 05:08:01 PM) (Source: VSS) (EventID: 8193) (User: )

Description: RegSetValueExW(0x000001f4,(null),0,REG_BINARY,0000000001D9F0B0.72)0x80070005, Access is denied.

 

Error: (09/15/2014 05:08:01 PM) (Source: VSS) (EventID: 8193) (User: )

Description: RegSetValueExW(0x00000744,(null),0,REG_BINARY,0000000003B8E3D0.72)0x80070005, Access is denied.

 

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}

   Writer Name: WMI Writer

   Writer Instance ID: {f5e0dea4-1987-41f4-a9fb-c614e31a2eed}

 

Error: (09/15/2014 05:08:01 PM) (Source: VSS) (EventID: 8193) (User: )

Description: RegSetValueExW(0x00000d78,(null),0,REG_BINARY,000000000158E2D0.72)0x80070005, Access is denied.

 

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}

   Writer Name: MSSearch Service Writer

   Writer Instance ID: {07bb7b30-af03-4af3-864a-7c8ad1e6f4c4}

 

Error: (09/15/2014 05:08:01 PM) (Source: VSS) (EventID: 8193) (User: )

Description: RegSetValueExW(0x00000308,(null),0,REG_BINARY,0000000002CDE2F0.72)0x80070005, Access is denied.

 

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

   Writer Name: System Writer

   Writer Instance ID: {a99fe23a-d659-4072-b1a4-80ba54adb86f}

 

Error: (09/15/2014 05:08:01 PM) (Source: VSS) (EventID: 8193) (User: )

Description: RegSetValueExW(0x000001b4,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,0000000000FDF4C0.72)0x80070005, Access is denied.

 

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}

   Writer Name: COM+ REGDB Writer

   Writer Instance ID: {57194913-0a6b-456e-b79b-e6855b78dae6}

 

Error: (09/15/2014 05:08:01 PM) (Source: VSS) (EventID: 8193) (User: )

Description: RegSetValueExW(0x00000744,(null),0,REG_BINARY,0000000003B8E3D0.72)0x80070005, Access is denied.

 

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}

   Writer Name: WMI Writer

   Writer Instance ID: {f5e0dea4-1987-41f4-a9fb-c614e31a2eed}

 

Error: (09/15/2014 05:08:01 PM) (Source: VSS) (EventID: 8193) (User: )

Description: RegSetValueExW(0x000001a8,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,000000000208E9B0.72)0x80070005, Access is denied.

 

 

Operation:

   BackupShutdown Event

 

Context:

   Execution Context: Writer

   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}

   Writer Name: Registry Writer

   Writer Instance ID: {7e4df222-dec0-4ff5-997c-00468346dad7}

 

 

CodeIntegrity Errors:

===================================

  Date: 2012-12-08 09:12:43.331

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-12-08 09:12:43.253

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-12-08 09:12:43.175

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-12-08 09:12:43.112

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-12-08 09:12:09.306

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-12-08 09:12:09.236

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-12-08 09:12:09.166

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-12-08 09:12:09.096

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-12-08 09:11:48.756

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-12-08 09:11:48.686

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5 CPU 760 @ 2.80GHz

Percentage of memory in use: 68%

Total physical RAM: 6103.12 MB

Available physical RAM: 1946.8 MB

Total Pagefile: 12204.41 MB

Available Pagefile: 6969.76 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:920.03 GB) (Free:315.62 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 259D4594)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=11.4 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=920 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================


 

 

i think i have some virus called Poweliks

Link to post
Share on other sites

  • 2 weeks later...

Hello hatethiscomputer, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.  :)
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Please backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
     

======================================================
 

Yes, you are infected with Poweliks, a rootkit which also opens a backdoor on the compromised machine
As such, I must unfortunately issue you the following warning. Please let me know how you wish to proceed. 
 

goGMWSt.gifBACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.

Please disconnect your computer from the internet immediately. If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc). Consider these accounts already compromised.

If you have used a router, you will need to reset it with a strong logon/password to ensure the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Whilst the identified infection(s) can be removed, there is no way to guarantee that your computer will be trustworthy again. This is due to the nature of the infection, which allows the attacker complete control over the computer. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat the hard drive and reinstall the Operating System. Please read the following articles for more information.

Please let me know how you wish to proceed, and if you have any questions.

 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.