Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Numerous instances of dllhost.exe *.32 com surrogate running


  • This topic is locked This topic is locked
48 replies to this topic

#1 e143slime8

e143slime8

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 10 March 2014 - 04:00 AM

Hello, was recently infected with CryptoLocker and then Cryptorbit. Have since then run Malwarebytes along with Hitmanpro to insure all was gone. Since the infection however, it seems that when I'm connected to the internet, my machine resources start getting used up and I've noticed that there are now numerous instances of dllhost.exe *.32 com surrogate running in the background. Looking for answers I see that this same problem seems to have been dealt with here before so I'm looking for help.

 

Thank you very much.



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 10 March 2014 - 05:08 AM

Hello,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 e143slime8

e143slime8
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 10 March 2014 - 11:31 AM

Thanks for the help, here are both files:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-03-2014 02
Ran by Steve at 2014-03-10 12:20:26
Running from C:\Users\Steve\Desktop\Bleeping Tools
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

ACDSee Pro 6 (HKLM\...\{CAF674E0-808C-4CF4-8868-A755EBABA228}) (Version: 6.2.212 - ACD Systems International Inc.)
Acronis True Image 2014 (HKLM-x32\...\{4A79A394-835A-49D7-8662-60643872DFF6}Visible) (Version: 17.0.6614 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6614 - Acronis) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.01 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.00.01 - ASUSTeK Computer Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
All My Movies (HKLM-x32\...\{DEE77D4F-249F-46DF-8176-4BC4822D68AD}_is1) (Version: 7.8 - Bolide Software)
Angry Birds (HKLM-x32\...\{370CA4B0-A1D8-4863-A3C5-6879AEE1663A}) (Version: 3.0.0 - Rovio)
Angry Birds (HKLM-x32\...\{DE96EDE7-7D0A-49D7-9C11-121BA91F84E0}) (Version: 3.3.0 - Rovio Entertainment Ltd.)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.4.4.0 - SlySoft)
AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version:  - AOL Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version:  - )
ASUS PC Diagnostics (HKLM-x32\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.2.6 - ASUSTeK Computer Inc.)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
BitLord 2.3 (HKLM-x32\...\BitLord) (Version: 2.3.2-245 - House of Life)
Bitlord Packages (HKCU\...\Bitlord Packages) (Version:  - ) <==== ATTENTION
BulletProof FTP (HKLM-x32\...\BulletProof FTP) (Version: 2.40 - BulletProof Software)
BulletProof FTP Server 2011 (remove only) (HKLM-x32\...\BulletProof FTP Server 2011_is1) (Version:  - BulletProof Software LLC)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.5 - Canon Inc.)
Canon Easy-PhotoPrint Pro - PRO-1 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - PRO-1 series Extention Data) (Version: 1.2.0 - Canon Inc.)
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version: 1.2.0 - Canon Inc.)
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version: 1.2.0 - Canon Inc.)
Canon Easy-PhotoPrint Pro (HKLM-x32\...\Easy-PhotoPrint Pro) (Version: 2.7.2 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon MG8100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8100_series) (Version:  - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Capture NX 2 (HKLM\...\Capture NX 2) (Version: 2.4.3 - NIKON CORPORATION)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
Cool Reader version 3.0.56 (HKLM-x32\...\{6219CB33-794D-4DF3-88D9-101A8AF76CA4}_is1) (Version: 3.0.56 - Download Freely, LLC)
CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CyberLink BD_3D Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.5425 - CyberLink Corp.)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5311 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3019_44673 - CyberLink Corp.) Hidden
CyberLink Power2Go 7 (x32 Version: 7.0.0.3126b - CyberLink Corp.) Hidden
CyberLink PowerProducer 5.5 (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.5.3.4118 - CyberLink Corp.)
CyberLink PowerProducer 5.5 (x32 Version: 5.5.3.4118 - CyberLink Corp.) Hidden
Definition update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{43D3FAD5-4352-4D4E-881B-37F8C05ACB98}) (Version:  - Microsoft)
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version:  - Delta) <==== ATTENTION
Delta toolbar   (HKLM-x32\...\delta) (Version: 1.8.16.16 - Delta) <==== ATTENTION
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DnsBasic 1.0 build 123 (HKLM-x32\...\DnsBasic) (Version:  - )
DomaIQ (HKLM-x32\...\DomaIQ Uninstaller) (Version:  - Tuguu SLU)
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - AOL Inc.) <==== ATTENTION
DVDFab 9.1.1.9 (18/12/2013) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Face Filter (x32 Version: 1.0.007 - Roxio) Hidden
ffdshow v1.3.4504 [2013-03-12] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4504.0 - )
ffdshow x64 v1.3.4500 [2013-01-06] (HKLM\...\ffdshow64_is1) (Version: 1.3.4500.0 - )
FlashFXP 4 (HKLM-x32\...\FlashFXP 4) (Version: 4.4.3.2031 - OpenSight Software LLC)
Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Hallmark Card Studio 2013 Deluxe (HKLM-x32\...\{A6E08FBC-FC99-4CEE-B645-83A42107BE89}) (Version: 14.0.1.1 - Creative Home)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.212 - SurfRight B.V.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Network Connections 17.2.154.0 (HKLM\...\PROSetDX) (Version: 17.2.154.0 - Intel)
Intel® Network Connections 17.2.154.0 (Version: 17.2.154.0 - Intel) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Internet Explorer Toolbar 4.7 by SweetPacks (HKLM-x32\...\{80F3F10B-A177-4494-93CE-98090D819093}) (Version: 4.7.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kleptomania 2.6 (HKLM-x32\...\Kleptomania 2.6) (Version:  - )
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LightScribe System Software (HKLM-x32\...\{10427BCB-0742-43BE-81E2-3920972946F5}) (Version: 1.18.23.1 - LightScribe)
MagniPic (HKLM\...\{D98D144E-1149-4AA2-A849-596B026E36B8}) (Version: 1.0 - ) <==== ATTENTION
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft ASP.NET 2.0 AJAX Extensions 1.0 (HKLM-x32\...\{082BDF7B-4810-4599-BF0D-E3AC44EC8524}) (Version: 1.0.61025 - Microsoft Corporation)
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL Inc.) Hidden
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
No-IP.com DUC (remove only) (HKLM-x32\...\No-IP.com DUC) (Version: v2.2.1 - Vitalwerks & No-IP.com)
NVIDIA 3D Vision Controller Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Control Panel 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
OffScrub_O15msi_OFFICE15.00C1 (HKLM\...\OFFICE15.00C1) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Photomatix Pro version 4.2.7 (HKLM\...\PhotomatixPro42x64_is1) (Version: 4.2.7 - HDRsoft Ltd)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Roxio BackOnTrack (x32 Version: 4.1 - Roxio) Hidden
Roxio BackOnTrackPE (x32 Version: 4.0 - Roxio) Hidden
Roxio Burn - Secure (x32 Version: 1.6 - Roxio) Hidden
Roxio CinePlayer (x32 Version: 5.8 - Roxio) Hidden
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio Creator 2012 Pro (HKLM-x32\...\{AAB42DD0-9551-4E30-A3E4-F87D4A4E1C52}) (Version: 13.5 - Roxio)
Roxio Creator 2012 Pro (x32 Version: 1.3.675 - Roxio) Hidden
Roxio Creator 2012 Pro (x32 Version: 6.5.0 - Roxio) Hidden
Roxio System Rollback (Version: 3.9.0 - Roxio) Hidden
Roxio System Rollback Recovery Disk (x32 Version: 3.9.0 - Roxio) Hidden
Roxio Video Capture USB (x32 Version: 1.22.0000 - Roxio) Hidden
SafeSaver 1.74 (HKLM-x32\...\SP_f5d3e0aa) (Version:  - ) <==== ATTENTION
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
SimpPro 2.2 (HKLM-x32\...\{9792FE82-7DEA-435E-9792-C0BAAA58CBDE}) (Version: 02.02.0026 - Secway)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.7 - SmartSound Software Inc.) Hidden
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Titan FTP Server (HKLM-x32\...\{DB2112AD-0000-DAD1-0000-000004281965}) (Version: 8.40.1331 - South River Technologies)
TreeSize Professional V5.5.5 (HKLM-x32\...\TreeSize Professional_is1) (Version: 5.5.5 - JAM Software)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version:  - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2309 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0474 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0186 - Intuit Inc.) Hidden
TurboTax 2012 wnyiper (x32 Version: 012.000.1585 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1693 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0437 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0162 - Intuit Inc.) Hidden
TurboTax 2013 wnyiper (x32 Version: 013.000.1220 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - InstallX, LLC)
Uninstall Helper (x32 Version: 2.0.1.0 - InstallX, LLC) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2013 (KB2760350) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A784BEFA-1BAB-4285-9F90-7D1A40A72DF8}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2760339) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C5241E8F-37A5-40EC-90DD-FF1400818C4B}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2760556) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6A30D7B7-A8BE-46B2-B038-632D0E68C3C6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{43EB1F58-DAA0-4F61-A4EE-C5651F85A047}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726961) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F0316FE0-38FC-4F3E-81FA-8B51BB649901}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{76CACE05-7A19-4EAC-87D7-5BFF63AF7CDF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2752025) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{068372FB-7EAF-463F-8074-77AB35BB13E6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2752094) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E911A320-7B4A-4383-82D2-007375B27EC2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3FF4EA9F-3505-4726-A974-6593A968FFCC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760343) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6215502A-6412-47AA-86D6-37DA058BC55B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8587E5B1-6279-4396-B9AC-20B334F4FF88}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2767860) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0C0A2F4A-757C-4F10-935F-508E1A2D4719}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2767861) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0424A09F-A630-42DD-B46A-896D56B5C5A1}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2767864) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{95F93360-48B0-4100-AE95-7DB2884D7944}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768333) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{FA9970D1-FB2A-44C4-B99B-FD31CA9DD0FA}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2768011) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{567C8326-0F30-477E-BEFB-E5C336C3D8BB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2738013) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8173D1AC-2997-448F-88E3-72306D63D7C9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2727013) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D6543BBD-68C5-4EF7-A8EF-A87E6602B063}) (Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2768356) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F3B426C7-1270-406A-820D-0FF49AB28639}) (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2810008) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{54960E56-266C-417A-85F5-4769614C2694}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D1F1940B-94DF-4DCB-BF82-9530D7FBB1BF}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2768007) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BEF4A15A-E1CC-41A1-AAA8-23E0711219F0}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2768337) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1E137370-60AB-48D4-9871-F2E789A17D92}) (Version:  - Microsoft)
Updater By SweetPacks 2.0.0.609 (HKLM\...\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}_is1) (Version: 2.0.0.609 - SweetPacks) <==== ATTENTION
USBFast (HKLM-x32\...\{AED142A8-96EA-42DE-B212-60BFC98D6CC7}) (Version: 1.3.0.30 - Prolific Technology Inc.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{267B6912-6F26-4FFD-9342-8E84A7B26151}) (Version: 2.13.1103 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{041E914E-7B73-4E8B-967F-B7FFC527FF80}) (Version: 2.14.0106 - Samsung Electronics Co., Ltd.)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual MP3 Splitter & Joiner 6.0 (HKLM-x32\...\Visual MP3 Splitter & Joiner Update trial to full_is1) (Version:  - )
Visual MP3 Splitter & Joiner 6.0 (HKLM-x32\...\Visual MP3 Splitter & Joiner_is1) (Version:  - ManiacTools.com)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WinRAR 5.00 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.5 - win.rar GmbH)
Xilisoft DVD Creator (HKLM-x32\...\Xilisoft DVD Creator) (Version: 7.1.3.20130417 - Xilisoft)
Xilisoft HD Video Converter (HKLM-x32\...\Xilisoft HD Video Converter) (Version: 7.7.0.20121224 - Xilisoft)
Zoodles (HKLM-x32\...\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1) (Version: 3.0.5 - Inquisitive Minds, Inc)
Zoodles (x32 Version: 3.0.5 - Inquisitive Minds, Inc) Hidden

==================== Restore Points  =========================

04-03-2014 18:22:53 Installed Microsoft Office Professional Plus 2013
04-03-2014 18:24:12 PROPLUS

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {07EFE2BC-719D-4659-A903-98F89847E41B} - System32\Tasks\Security Center Update - 525748818 => C:\Users\Steve\AppData\Roaming\Ublamy\ulephi.exe <==== ATTENTION
Task: {108DB9FC-9C9F-4DB7-9358-FB933D87CA7F} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-05-02] (ASUSTeK Computer Inc.)
Task: {28BE168E-7442-408F-86E7-90FD3B96172F} - System32\Tasks\Test TimeTrigger => C:\Users\Steve\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {33799BCF-4941-43B9-9BF7-B83C13766FC5} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {343710CC-09AE-4273-B967-5FB323948632} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {35F0E330-A2CA-4566-A7E7-FD5B1664CF57} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {407A3E55-DB2B-4AF6-AB12-A60E7A9A455C} - System32\Tasks\MagniPicUpdaterTask{F95C8B83-165A-429B-89DD-44493389DDC4} => C:\ProgramData\Premium\MagniPic\MagniPic.exe <==== ATTENTION
Task: {5210A6D0-3E4B-48A0-964F-7F6359FADD43} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-03-05] ()
Task: {727B6EF5-799E-43D8-84F2-0A68ABF753AF} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2012-07-23] (ASUSTeK Computer Inc.)
Task: {780AC172-15FB-4391-9660-E00852F5DA40} - System32\Tasks\Security Center Update - 4120729879 => C:\Users\Steve\AppData\Roaming\Kigysuny\vaupug.exe <==== ATTENTION
Task: {85AC561D-6C89-43C6-95E0-84D21E7ABC13} - System32\Tasks\Security Center Update - 2616698578 => C:\Users\Steve\AppData\Roaming\Ygqyzaby\tyucqu.exe <==== ATTENTION
Task: {A761FA31-F7E1-4247-9118-AC860016C557} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {AA1A03EF-7275-4297-9FAA-BE42FA6C2842} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {B21FE0D1-1C8C-4F40-BE23-A693B011E893} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\msoia.exe
Task: {B22CAAFC-23CF-48E5-B97C-7062B91FD4B3} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: {BAECEC81-5B39-478C-B15E-501820A8FE32} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\msoia.exe
Task: {D19C3F84-680D-4A75-9EB8-2C941B84937A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\MagniPicUpdaterTask{F95C8B83-165A-429B-89DD-44493389DDC4}.job => C:\ProgramData\Premium\MagniPic\MagniPic.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-04-05 13:04 - 2013-03-15 00:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-20 19:33 - 2013-02-22 17:59 - 06523456 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-01 11:26 - 2013-10-01 11:26 - 02810968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2011-06-12 19:07 - 2011-06-12 19:07 - 00785392 _____ () C:\Program Files\Roxio\Roxio Burn\RBVirtualFolder64.dll
2011-02-09 17:36 - 2011-02-09 17:36 - 00457200 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
2013-04-05 13:53 - 2013-04-05 13:53 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2011-07-15 01:03 - 2011-07-15 01:03 - 00021488 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2011-07-08 12:31 - 2011-07-08 12:31 - 00084464 _____ () C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
2011-06-12 19:07 - 2011-06-12 19:07 - 00506352 _____ () C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
2013-08-04 08:00 - 2013-08-04 08:00 - 00075864 _____ () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
2013-02-12 22:37 - 2013-02-12 22:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-08-31 01:01 - 2013-08-31 01:01 - 03233806 _____ () C:\Program Files (x86)\Tor\tor.exe
2011-06-12 19:07 - 2011-06-12 19:07 - 01358320 _____ () C:\Program Files (x86)\Roxio 2012\Roxio Burn\Roxio Burn.exe
2013-04-05 13:53 - 2014-03-09 12:47 - 00031232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2013-04-05 13:53 - 2010-06-29 06:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2009-09-14 18:54 - 2009-09-14 18:54 - 00135680 _____ () C:\Program Files (x86)\Secway\SimpPro 2.2\Plugins\WinsockHookDLL.dll
2011-07-15 01:03 - 2011-07-15 01:03 - 03297264 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2011-07-15 01:03 - 2011-07-15 01:03 - 00523248 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
2011-07-15 01:03 - 2011-07-15 01:03 - 00107504 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2013-04-05 14:09 - 2012-05-17 14:57 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2011-04-16 11:59 - 2011-04-16 11:59 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2011-04-16 11:59 - 2011-04-16 11:59 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2011-04-16 11:59 - 2011-04-16 11:59 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-10-24 18:06 - 2013-10-24 18:06 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2013-10-24 18:06 - 2013-10-24 18:06 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2013-02-12 22:38 - 2013-02-12 22:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2011-03-09 15:21 - 2011-03-09 15:21 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2011-03-09 15:21 - 2011-03-09 15:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-04-05 14:05 - 2012-07-31 15:21 - 00152064 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\gep.dll
2013-04-05 14:05 - 2012-08-08 16:45 - 00786432 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\func.dll
2013-04-05 14:05 - 2010-10-05 08:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\pngio.dll
2013-04-05 14:09 - 2012-07-05 12:05 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2011-06-12 19:07 - 2011-06-12 19:07 - 00645616 _____ () C:\Program Files (x86)\Roxio 2012\Roxio Burn\BBEngineAS.dll
2013-04-05 13:54 - 2011-07-12 19:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2013-04-05 13:54 - 2010-10-05 08:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2013-04-05 13:55 - 2011-09-26 19:36 - 00869376 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
2013-04-05 13:54 - 2012-03-21 12:07 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2013-04-05 14:03 - 2012-06-19 12:56 - 01305600 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2013-04-05 14:05 - 2012-07-25 09:56 - 01124864 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll
2013-04-05 14:06 - 2012-07-20 09:39 - 01047040 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2013-04-05 13:54 - 2012-05-25 10:33 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2013-04-05 13:54 - 2012-05-28 21:27 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2013-04-05 13:54 - 2011-09-19 20:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2013-04-05 13:54 - 2011-07-21 09:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2013-04-05 13:54 - 2011-10-14 20:03 - 00885248 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2013-04-05 13:53 - 2010-08-23 06:17 - 00662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2013-04-05 13:54 - 2010-10-05 08:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2013-04-05 14:11 - 2012-01-19 09:39 - 00028672 _____ () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\PEInfo.dll
2013-04-05 14:11 - 2010-09-23 11:51 - 00114688 _____ () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\AsIdxParser.dll
2013-04-05 14:11 - 2010-02-25 14:01 - 00139264 _____ () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\Aszip.dll
2013-04-05 13:54 - 2009-08-12 20:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2013-10-24 18:09 - 2013-10-24 18:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2013-04-05 14:09 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-02-16 18:26 - 2014-02-16 18:26 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/09/2014 00:48:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/09/2014 00:48:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/09/2014 00:48:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: UA.exe, version: 1.0.0.1, time stamp: 0x52df3e99
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0xc0000005
Fault offset: 0x00056b1d
Faulting process id: 0xebc
Faulting application start time: 0xUA.exe0
Faulting application path: UA.exe1
Faulting module path: UA.exe2
Report Id: UA.exe3

Error: (03/09/2014 00:48:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/09/2014 00:47:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/09/2014 00:47:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/09/2014 00:37:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 9.0.8112.16476, time stamp: 0x5126ee6c
Exception code: 0xc0000005
Fault offset: 0x002c9985
Faulting process id: 0x1180
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (03/09/2014 00:27:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/09/2014 00:27:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/09/2014 00:27:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: UA.exe, version: 1.0.0.1, time stamp: 0x52df3e99
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0xc0000005
Fault offset: 0x00056b1d
Faulting process id: 0xe1c
Faulting application start time: 0xUA.exe0
Faulting application path: UA.exe1
Faulting module path: UA.exe2
Report Id: UA.exe3


System errors:
=============
Error: (03/10/2014 00:07:36 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (03/10/2014 00:07:36 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (03/09/2014 00:51:00 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (03/09/2014 00:51:00 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/09/2014 00:49:48 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (03/09/2014 00:49:48 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (03/09/2014 00:47:19 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (03/09/2014 00:47:07 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (03/09/2014 00:47:07 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (03/09/2014 00:47:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================
Error: (03/09/2014 00:48:15 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

Error: (03/09/2014 00:48:15 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

Error: (03/09/2014 00:48:10 PM) (Source: Application Error)(User: )
Description: UA.exe1.0.0.152df3e99MSVCR90.dll9.0.30729.61614dace5b9c000000500056b1debc01cf3bb73dd50505C:\Users\Steve\AppData\Roaming\Verizon\UA_ar\UA.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll98bac4a2-a7aa-11e3-ac4e-00038a000015

Error: (03/09/2014 00:48:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/09/2014 00:47:19 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

Error: (03/09/2014 00:47:18 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

Error: (03/09/2014 00:37:06 PM) (Source: Application Error)(User: )
Description: dllhost.exe6.1.7600.163854a5bc6b7MSHTML.dll9.0.8112.164765126ee6cc0000005002c9985118001cf3bb4b3f5c931C:\Windows\syswow64\dllhost.exeC:\Windows\syswow64\MSHTML.dll0c95de3a-a7a9-11e3-bd49-00038a000015

Error: (03/09/2014 00:27:47 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

Error: (03/09/2014 00:27:47 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

Error: (03/09/2014 00:27:28 PM) (Source: Application Error)(User: )
Description: UA.exe1.0.0.152df3e99MSVCR90.dll9.0.30729.61614dace5b9c000000500056b1de1c01cf3bb46298ea63C:\Users\Steve\AppData\Roaming\Verizon\UA_ar\UA.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dllb3fbda88-a7a7-11e3-bd49-00038a000015


CodeIntegrity Errors:
===================================
  Date: 2014-03-10 12:08:30.093
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-10 10:17:33.127
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-09 14:24:34.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-09 13:56:06.607
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-09 12:48:15.950
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-09 12:27:48.726
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-09 12:22:22.228
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-09 11:37:22.763
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-09 11:28:46.958
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-09 10:32:59.754
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 32712.01 MB
Available physical RAM: 23421.87 MB
Total Pagefile: 65422.2 MB
Available Pagefile: 54490.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:2048 GB) (Free:1261.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:1397.26 GB) (Free:8.89 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:1397.26 GB) (Free:2.48 GB) NTFS
Drive f: () (Fixed) (Total:1397.26 GB) (Free:70.92 GB) NTFS
Drive h: (New Volume) (Fixed) (Total:931.51 GB) (Free:40.44 GB) NTFS
Drive p: (Extended) (Fixed) (Total:746.52 GB) (Free:18.53 GB) NTFS
Drive r: (CATCHING_FIRE) (CDROM) (Total:22.86 GB) (Free:0 GB) UDF
Drive s: (Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:907.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: D2628430)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: F576D7EB)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 1397 GB) (Disk ID: 97549754)
Partition 1: (Not Active) - (Size=-698723860480) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 5C062D84)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 2048 GB) (Disk ID: CE9A345D)

Partition: GPT Partition Type.

========================================================
Disk: 5 (Size: 747 GB) (Disk ID: 7B9D43BD)
Partition 1: (Active) - (Size=747 GB) - (Type=07 NTFS)

========================================================
Disk: 11 (Size: 1863 GB) (Disk ID: 742F1840)
Partition 1: (Not Active) - (Size=-198626966528) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2014 02
Ran by Steve (administrator) on STEVE-PC on 10-03-2014 12:17:19
Running from C:\Users\Steve\Desktop\Bleeping Tools
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ACD Systems) C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Secway) C:\Program Files (x86)\Secway\SimpPro 2.2\SimpPro.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Structu Rise) C:\Program Files (x86)\Kleptomania\k-mania.exe
(Akamai Technologies, Inc.) C:\Users\Steve\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Akamai Technologies, Inc.) C:\Users\Steve\AppData\Local\Akamai\netsession_win.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Creative Home) C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2013 Deluxe\Planner\PLNRnote.exe
(Vitalwerks LLC) C:\Program Files (x86)\No-IP\DUC20.exe
() C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
() C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1391136322\ee\aolsoftware.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
() C:\Program Files (x86)\Tor\tor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
() C:\Program Files (x86)\Roxio 2012\Roxio Burn\Roxio Burn.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM\...\Run: [ACPW06EN] - C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe [1234120 2012-12-17] (ACD Systems)
HKLM\...\Run: [Goygivaw] - "C:\Users\Steve\AppData\Roaming\Ygqyzaby\tyucqu.exe"
HKLM\...\Run: [Fyqota] - "C:\Users\Steve\AppData\Roaming\Kigysuny\vaupug.exe"
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] - C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe [293360 2011-07-13] (Rovi Corporation)
HKLM-x32\...\Run: [CPMonitor] - C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe [84464 2011-07-08] ()
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe [506352 2011-06-12] ()
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478752 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM-x32\...\Run: [Kleptomania] - [X]
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805824 2013-10-24] (Acronis)
HKLM-x32\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [HostManager] - C:\Program Files (x86)\Common Files\AOL\1391136322\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [AddressBookReminderApp] - C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2013 Deluxe\ReminderApp.exe
HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [223096 2012-04-17] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] - C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\babmaint.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\file scout\filescout.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\orizt\imohog.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\orizt\imohog.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\adobe\win15ac.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\lsass.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\nvidia\win4836.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\orizt\imohog.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\kigysuny\vaupug.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\adobe\win15ac.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\adobe\win15ac.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\lsass.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\ygqyzaby\tyucqu.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\ygqyzaby\tyucqu.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\niwiy.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\file scout\filescout.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\kigysuny\vaupug.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xiyqf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\msaocsceh.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\file scout\filescout.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\etalb.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\xiyqf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\nvidia\win4836.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\ygqyzaby\tyucqu.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\kigysuny\vaupug.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\msaocsceh.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\ukqon.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\etalb.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\file scout\uninst.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\file scout\uninst.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ukqon.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\babmaint.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\file scout\uninst.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\lsass.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\babmaint.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\niwiy.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\nvidia\win4836.exe <====== ATTENTION
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2815506177-3542503733-3789753090-1000\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [7891880 2014-03-02] (SlySoft, Inc.)
HKU\S-1-5-21-2815506177-3542503733-3789753090-1000\...\Run: [Simp] - C:\Program Files (x86)\Secway\SimpPro 2.2\SimpPro.exe [629760 2009-03-13] (Secway)
HKU\S-1-5-21-2815506177-3542503733-3789753090-1000\...\Run: [BulletProof FTP Server 2011 Startup] - C:\Program Files (x86)\BulletProof FTP Server 2011\bpftpserver-2011.exe [6848000 2012-03-28] (BulletProof Software LLC)
HKU\S-1-5-21-2815506177-3542503733-3789753090-1000\...\Run: [WeatherWatcherLive] - "C:\Program Files (x86)\Weather Watcher Live\ww.exe"
HKU\S-1-5-21-2815506177-3542503733-3789753090-1000\...\Run: [Kleptomania] - C:\Program Files (x86)\Kleptomania\k-mania.exe [294912 2014-02-09] (Structu Rise)
HKU\S-1-5-21-2815506177-3542503733-3789753090-1000\...\Run: [Ojtnics] - regsvr32.exe C:\Users\Steve\AppData\Local\Ojtnics\Tierserv.dll <===== ATTENTION
HKU\S-1-5-21-2815506177-3542503733-3789753090-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Steve\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2815506177-3542503733-3789753090-1000\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-04-16] (Hewlett-Packard Company)
HKU\S-1-5-21-2815506177-3542503733-3789753090-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-2815506177-3542503733-3789753090-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2815506177-3542503733-3789753090-1000\...\MountPoints2: {9ce235bd-f1c0-11e2-adc2-60a44c243c73} - S:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2815506177-3542503733-3789753090-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume4\Users\Steve\AppData\Local\Temp\stctqvi\spxkxce\wow.dll ATTENTION! ====> ZeroAccess?
AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll => c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll File Not Found
AppInit_DLLs:  c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No-IP DUC.lnk
ShortcutTarget: No-IP DUC.lnk -> C:\Program Files (x86)\No-IP\DUC20.exe (Vitalwerks LLC)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Steve\AppData\Roaming\Verizon\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={B95B433F-9EDE-11E2-8406-60A44C243C73}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={B95B433F-9EDE-11E2-8406-60A44C243C73}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319597&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPDEDEF0CD-F737-4586-94DE-C953ABA6D203&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319597&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPDEDEF0CD-F737-4586-94DE-C953ABA6D203&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0AB00488-251D-48C5-9D06-452F99862ACD} URL = http://websearch.ask.com/redirect?client=ie&tb=IMB&o=15781&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^HP&apn_dtid=^YYYYYY^YY^US&apn_uid=4bc3969f-af38-47aa-8a6f-1e8218c8f463&apn_sauid=2726C823-3750-45C9-81FC-18717DB5D4BE
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://isearch.babylon.com/?q={searchTerms}&affID=121232&babsrc=SP_ss_bayi&mntrId=344560A44C243C73
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic.com/?prt=dnsbsc50r1&sp=&keywords={searchTerms}
SearchScopes: HKCU - {6C172465-F717-4E61-A415-A0667FBFD67E} URL = http://searchou.com/?q={searchTerms}&id=34453fb900000000000060a44c243c73&r=127
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=&&st=23
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x­ä­ URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Updater By SweetPacks - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\n9y9fg2e.default-1374600355586
FF user.js: detected! => C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\n9y9fg2e.default-1374600355586\user.js
FF NewTab: hxxp://www.sweetpacks-search.com/?barid=&src=97&
FF DefaultSearchEngine: Sweetpacks Search
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: Sweetpacks Search
FF Homepage: https://www.google.com/
FF Keyword.URL: hxxp://mysearch.sweetpacks.com?src=6&barid=&&st=23&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @viewpoint.com/VMP - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\n9y9fg2e.default-1374600355586\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\n9y9fg2e.default-1374600355586\searchplugins\MyStart.xml
FF SearchPlugin: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\n9y9fg2e.default-1374600355586\searchplugins\Sweetpacks Search.xml
FF Extension: AOL Toolbar - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\n9y9fg2e.default-1374600355586\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2014-01-30]
FF Extension: Windows Media Player WMEncFileSource Class - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\n9y9fg2e.default-1374600355586\Extensions\{98610A01-C5DA-3D24-41D0-C65C8052500F} [2014-01-24]
FF Extension: SaveFrom.net helper - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\n9y9fg2e.default-1374600355586\Extensions\helper@savefrom.net.xpi [2013-11-16]
FF Extension: DnsBasic - C:\Program Files (x86)\Mozilla Firefox\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3} [2014-02-16]
FF Extension: DnsBasic - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3} [2014-02-16]
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-06-02]
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-08-13]
FF HKCU\...\Firefox\Extensions: [{0F827075-B026-42F3-885D-98981EE7B1AE}] - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3319597&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPDEDEF0CD-F737-4586-94DE-C953ABA6D203&SSPV=
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?ctid=CT3319597&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPDEDEF0CD-F737-4586-94DE-C953ABA6D203&q={searchTerms}&SSPV=
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-14]
CHR Extension: (Google Drive) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-14]
CHR Extension: (YouTube) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-14]
CHR Extension: (Google Search) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-14]
CHR Extension: (Updater By SweetPacks) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd [2013-06-19]
CHR Extension: (sAAffe  siave) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeadnkbobnhcgbgihaibncindoccjall [2013-06-13]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-06-06]
CHR Extension: (Google Wallet) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-28]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-04-14]
CHR Extension: (SweetPacks Chrome Extension) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj [2013-10-21]
CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-07-26]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx [2014-01-06]

==================== Services (Whitelisted) =================

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2011-02-09] ()
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-04-05] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-04-05] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-04-05] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [324608 2013-04-05] (ASUSTeK Computer Inc.)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [21488 2011-07-15] ()
S4 BOTService; C:\Program Files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe [211440 2011-07-14] (Rovi Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-03-09] (SurfRight B.V.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-04-06] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1095664 2011-07-13] (Rovi Corporation)
S2 RoxWatch12; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [340976 2011-07-13] (Rovi Corporation)
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com)
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-31] ()

==================== Drivers (Whitelisted) ====================

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-02-15] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-02-15] (SlySoft, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 SysCow; C:\Windows\System32\drivers\syscowad64v.sys [164848 2010-05-23] (Sonic Solutions)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-02-07] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-02-07] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-02-07] (Acronis International GmbH)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Mv_Process; \??\c:\windows\syswow64\mv_process.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-10 12:16 - 2014-03-10 12:17 - 00000000 ____D () C:\Users\Steve\Desktop\Bleeping Tools
2014-03-10 12:15 - 2014-03-10 12:17 - 00000000 ____D () C:\FRST
2014-03-10 12:12 - 2014-03-10 12:12 - 00000315 _____ () C:\Users\Steve\Desktop\Numerous instances of dllhost.exe .32 com surrogate running - Virus, Trojan, Spyware, and Malware Removal Logs.URL
2014-03-09 12:22 - 2014-03-09 12:22 - 00004422 _____ () C:\Windows\system32\.crusader
2014-03-09 11:42 - 2014-03-09 11:42 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-03-09 11:40 - 2014-03-09 12:30 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-09 11:40 - 2014-03-09 11:42 - 00000000 ____D () C:\Program Files\HitmanPro
2014-03-09 11:09 - 2014-03-09 11:09 - 02947139 _____ () C:\Users\Steve\Downloads\O15CTRRemove.diagcab
2014-03-09 10:41 - 2014-03-09 10:46 - 00002872 _____ () C:\Users\Steve\Desktop\Rkill.txt
2014-03-09 10:38 - 2014-03-09 10:38 - 00002124 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-03-09 10:38 - 2014-03-09 10:38 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-03-09 10:37 - 2014-03-09 10:37 - 03185096 _____ () C:\Users\Steve\Downloads\advisorinstaller.exe
2014-03-07 21:18 - 2014-03-07 21:19 - 10768800 _____ () C:\Users\Steve\Downloads\SetupAnyDVD7440.exe
2014-03-05 13:16 - 2014-03-05 13:16 - 00000876 _____ () C:\Users\Steve\Desktop\Activation Helper v1.5 x64.exe - Shortcut.lnk
2014-03-05 12:56 - 2014-03-09 12:48 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-03-01 16:19 - 2014-03-02 11:37 - 00000000 ____D () C:\pictures from f drive
2014-03-01 16:14 - 2014-03-01 16:14 - 00001349 _____ () C:\Users\Steve\Desktop\Anti-CryptorBit v2.exe - Shortcut.lnk
2014-03-01 14:00 - 2014-03-01 14:00 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-01 14:00 - 2014-03-01 14:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-01 14:00 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-01 13:43 - 2014-03-01 13:43 - 00000000 ____D () C:\Users\Steve\AppData\Local\Norman Malware Cleaner
2014-02-28 14:13 - 2014-03-09 12:48 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-02-26 13:44 - 2014-02-26 13:44 - 00000000 ____D () C:\Users\Steve\AppData\Local\Power2Go
2014-02-26 13:08 - 2014-03-09 13:11 - 00000344 _____ () C:\Windows\lgfwup.ini
2014-02-26 13:08 - 2014-02-26 13:08 - 00000000 ____D () C:\Program Files (x86)\USBFast
2014-02-26 13:07 - 2014-03-09 13:12 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2014-02-26 13:07 - 2012-07-11 14:18 - 00023664 _____ (BitLeader) C:\Windows\SysWOW64\lgfwunis.exe
2014-02-26 13:07 - 2001-08-29 22:00 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemdisp.tlb
2014-02-26 13:07 - 1998-07-22 01:00 - 00102912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Vb6stkit.dll
2014-02-26 13:07 - 1998-07-22 01:00 - 00102160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6KO.DLL
2014-02-26 13:07 - 1998-06-24 01:00 - 00115016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.OCX
2014-02-26 13:02 - 2014-02-26 13:09 - 00029480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2014-02-26 13:02 - 2014-02-26 13:02 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\CyberLink
2014-02-26 13:01 - 2014-02-26 13:01 - 10761760 _____ () C:\Users\Steve\Downloads\SetupAnyDVD7436.exe
2014-02-26 12:58 - 2014-02-26 12:58 - 00000000 ____D () C:\Users\Steve\AppData\Local\Cyberlink
2014-02-26 12:55 - 2014-02-26 13:09 - 00000000 ____D () C:\ProgramData\install_clap
2014-02-26 12:50 - 2014-02-26 13:08 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-02-26 12:50 - 2014-02-26 12:53 - 00002050 _____ () C:\Users\Public\Desktop\CyberLink BD Advisor.lnk
2014-02-26 12:50 - 2014-02-26 12:51 - 00000000 ____D () C:\ProgramData\CyberLink
2014-02-26 12:50 - 2014-02-26 12:50 - 00000000 ____D () C:\ProgramData\CLSK
2014-02-24 14:09 - 2014-02-24 14:09 - 00001889 _____ () C:\Users\Steve\Desktop\ShadowExplorer.lnk
2014-02-24 14:09 - 2014-02-24 14:09 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\www.shadowexplorer.com
2014-02-24 14:09 - 2014-02-24 14:09 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer
2014-02-24 13:27 - 2014-02-25 19:11 - 00000000 ____D () C:\avast! sandbox
2014-02-23 14:31 - 2014-02-23 14:31 - 00001430 _____ () C:\Users\Steve\Desktop\rkill64.exe - Shortcut.lnk
2014-02-23 14:12 - 2014-02-23 21:28 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-02-23 14:12 - 2014-01-22 10:52 - 00131232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFW.sys
2014-02-23 14:11 - 2014-02-23 21:37 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-02-23 14:08 - 2014-02-25 19:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-23 13:07 - 2014-02-23 13:07 - 04703595 _____ () C:\Users\Steve\Downloads\Anti-CryptorBit.zip
2014-02-23 13:06 - 2014-02-23 13:06 - 05081128 _____ (Microsoft) C:\Users\Steve\Downloads\Anti-CryptorBit.exe
2014-02-22 15:27 - 2014-02-22 15:27 - 00001304 _____ () C:\Users\Steve\Desktop\Jellybean.txt - Shortcut.lnk
2014-02-21 03:26 - 2014-03-01 16:10 - 00000073 _____ () C:\Windows\EurekaLog.ini
2014-02-21 03:01 - 2014-02-21 03:01 - 00001468 _____ () C:\Users\Steve\Desktop\BDRB.exe - Shortcut.lnk
2014-02-21 00:36 - 2014-03-07 21:20 - 00021504 ___SH () C:\Users\Steve\Thumbs.db
2014-02-20 14:33 - 2014-02-20 14:33 - 00001203 _____ () C:\Users\Public\Desktop\CloneDVD2.lnk
2014-02-19 09:56 - 2014-02-20 23:52 - 00000000 ____D () C:\ProgramData\sjdofx
2014-02-19 08:16 - 2014-02-19 08:16 - 00001331 _____ () C:\Users\UpdatusUser\HOWDECRYPT.HTM
2014-02-19 08:16 - 2014-02-19 08:16 - 00001069 _____ () C:\Users\UpdatusUser\HOWDECRYPT.TXT
2014-02-19 08:09 - 2014-02-19 08:09 - 00001331 _____ () C:\Users\Steve\Downloads\HOWDECRYPT.HTM
2014-02-19 08:09 - 2014-02-19 08:09 - 00001331 _____ () C:\Users\Steve\Documents\HOWDECRYPT.HTM
2014-02-19 08:09 - 2014-02-19 08:09 - 00001069 _____ () C:\Users\Steve\Downloads\HOWDECRYPT.TXT
2014-02-19 08:09 - 2014-02-19 08:09 - 00001069 _____ () C:\Users\Steve\Documents\HOWDECRYPT.TXT
2014-02-19 07:10 - 2014-02-19 07:10 - 00001331 _____ () C:\Users\Steve\AppData\Local\HOWDECRYPT.HTM
2014-02-19 07:10 - 2014-02-19 07:10 - 00001069 _____ () C:\Users\Steve\AppData\Local\HOWDECRYPT.TXT
2014-02-19 07:09 - 2014-02-19 07:09 - 00001331 _____ () C:\Users\Steve\HOWDECRYPT.HTM
2014-02-19 07:09 - 2014-02-19 07:09 - 00001331 _____ () C:\Users\Default\HOWDECRYPT.HTM
2014-02-19 07:09 - 2014-02-19 07:09 - 00001069 _____ () C:\Users\Steve\HOWDECRYPT.TXT
2014-02-19 07:09 - 2014-02-19 07:09 - 00001069 _____ () C:\Users\Default\HOWDECRYPT.TXT
2014-02-19 06:48 - 2014-02-19 12:56 - 00000000 ____D () C:\ProgramData\fst
2014-02-18 19:09 - 2014-02-18 19:09 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\18723
2014-02-18 11:36 - 2014-02-18 11:36 - 10687368 _____ () C:\Users\Steve\Downloads\SetupAnyDVD7431.exe
2014-02-17 15:34 - 2014-02-17 15:34 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Steve\Downloads\rkill64.exe
2014-02-17 15:33 - 2014-02-17 15:35 - 00001096 _____ () C:\Users\Steve\Desktop\Continue Zip Opener Installation.lnk
2014-02-16 20:33 - 2014-02-16 20:33 - 00000000 _____ () C:\Program Files (x86)\moz_update_in_progress.lock
2014-02-16 18:26 - 2014-02-16 18:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 11:31 - 2014-02-15 11:31 - 00138664 _____ (SlySoft, Inc.) C:\Windows\SysWOW64\Drivers\AnyDVD.sys
2014-02-15 11:31 - 2014-02-15 11:31 - 00138664 _____ (SlySoft, Inc.) C:\Windows\system32\Drivers\AnyDVD.sys
2014-02-15 03:53 - 2014-02-15 03:53 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-15 03:52 - 2014-02-15 03:52 - 00000000 ____D () C:\Users\Steve\AppData\Local\SearchProtect
2014-02-13 15:51 - 2014-02-13 15:52 - 10681688 _____ () C:\Users\Steve\Downloads\SetupAnyDVD7430.exe
2014-02-13 11:12 - 2014-02-13 11:12 - 00000000 ____D () C:\Users\Default\Impostazioni locali
2014-02-12 14:54 - 2014-02-13 10:59 - 00000000 ____D () C:\Windows\pss
2014-02-10 14:45 - 2014-02-10 14:45 - 00097176 _____ (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll
2014-02-10 14:03 - 2014-02-10 14:03 - 00000000 _____ () C:\autoexec.bat
2014-02-10 14:02 - 2014-02-10 14:02 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2014-02-10 14:00 - 2014-02-13 15:35 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-02-10 13:40 - 2014-02-19 08:09 - 67846152 _____ () C:\Users\Steve\Downloads\C-41654290SH.rar.part
2014-02-09 13:25 - 2014-03-09 12:47 - 00021044 _____ () C:\Windows\k-mania.Ini
2014-02-09 13:25 - 2014-02-09 13:30 - 00000000 ____D () C:\Program Files (x86)\Kleptomania
2014-02-09 13:25 - 2014-02-09 13:25 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kleptomania
2014-02-08 15:24 - 2014-02-08 15:24 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Steve\Downloads\rkill.exe
2014-02-08 15:22 - 2014-02-08 15:22 - 01166132 _____ () C:\Users\Steve\Downloads\AdwCleaner.exe
2014-02-08 15:18 - 2014-02-08 15:18 - 06346448 _____ (PC Cleaners) C:\Users\Steve\Downloads\app3_eng.exe
2014-02-08 15:10 - 2014-02-08 15:10 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Malwarebytes
2014-02-08 14:52 - 2014-02-08 14:52 - 00000000 ____D () C:\ProgramData\Malwarebytes

==================== One Month Modified Files and Folders =======

2014-03-10 12:17 - 2014-03-10 12:16 - 00000000 ____D () C:\Users\Steve\Desktop\Bleeping Tools
2014-03-10 12:17 - 2014-03-10 12:15 - 00000000 ____D () C:\FRST
2014-03-10 12:15 - 2013-04-08 13:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-10 12:12 - 2014-03-10 12:12 - 00000315 _____ () C:\Users\Steve\Desktop\Numerous instances of dllhost.exe .32 com surrogate running - Virus, Trojan, Spyware, and Malware Removal Logs.URL
2014-03-10 12:07 - 2013-04-05 14:21 - 00000000 _____ () C:\Windows\Path.idx
2014-03-09 14:27 - 2009-07-14 01:13 - 00730210 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-09 13:12 - 2014-02-26 13:07 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2014-03-09 13:11 - 2014-02-26 13:08 - 00000344 _____ () C:\Windows\lgfwup.ini
2014-03-09 12:53 - 2009-07-14 00:45 - 00033936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-09 12:53 - 2009-07-14 00:45 - 00033936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-09 12:49 - 2013-04-05 14:16 - 01048576 _____ () C:\Windows\PE_Rom.dll
2014-03-09 12:48 - 2014-03-05 12:56 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-03-09 12:48 - 2014-02-28 14:13 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-03-09 12:47 - 2014-02-09 13:25 - 00021044 _____ () C:\Windows\k-mania.Ini
2014-03-09 12:47 - 2013-04-13 02:03 - 00000374 ____H () C:\Windows\Tasks\MagniPicUpdaterTask{F95C8B83-165A-429B-89DD-44493389DDC4}.job
2014-03-09 12:46 - 2013-04-05 13:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-09 12:46 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-09 12:46 - 2009-07-14 00:51 - 00048058 _____ () C:\Windows\setupact.log
2014-03-09 12:30 - 2014-03-09 11:40 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-09 12:22 - 2014-03-09 12:22 - 00004422 _____ () C:\Windows\system32\.crusader
2014-03-09 11:42 - 2014-03-09 11:42 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-03-09 11:42 - 2014-03-09 11:40 - 00000000 ____D () C:\Program Files\HitmanPro
2014-03-09 11:09 - 2014-03-09 11:09 - 02947139 _____ () C:\Users\Steve\Downloads\O15CTRRemove.diagcab
2014-03-09 10:53 - 2013-04-06 01:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-09 10:46 - 2014-03-09 10:41 - 00002872 _____ () C:\Users\Steve\Desktop\Rkill.txt
2014-03-09 10:38 - 2014-03-09 10:38 - 00002124 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-03-09 10:38 - 2014-03-09 10:38 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-03-09 10:37 - 2014-03-09 10:37 - 03185096 _____ () C:\Users\Steve\Downloads\advisorinstaller.exe
2014-03-07 21:20 - 2014-02-21 00:36 - 00021504 ___SH () C:\Users\Steve\Thumbs.db
2014-03-07 21:20 - 2013-04-05 17:41 - 00001105 _____ () C:\Users\Public\Desktop\AnyDVD.lnk
2014-03-07 21:19 - 2014-03-07 21:18 - 10768800 _____ () C:\Users\Steve\Downloads\SetupAnyDVD7440.exe
2014-03-05 13:16 - 2014-03-05 13:16 - 00000876 _____ () C:\Users\Steve\Desktop\Activation Helper v1.5 x64.exe - Shortcut.lnk
2014-03-05 13:09 - 2013-04-17 12:07 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-03-05 12:57 - 2013-04-17 12:08 - 00000000 ____D () C:\Windows\AutoKMS
2014-03-04 13:22 - 2013-06-24 12:26 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\dvdcss
2014-03-04 13:22 - 2013-04-07 14:12 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\vlc
2014-03-04 12:26 - 2013-04-05 17:51 - 00000125 ___SH () C:\ProgramData\.zreglib
2014-03-03 19:13 - 2010-11-20 23:47 - 00857888 _____ () C:\Windows\PFRO.log
2014-03-02 11:37 - 2014-03-01 16:19 - 00000000 ____D () C:\pictures from f drive
2014-03-02 10:02 - 2013-12-21 15:21 - 00308352 _____ () C:\Users\Steve\AppData\Local\rx_audio.Cache
2014-03-01 16:18 - 2014-02-05 22:47 - 00000085 _____ () C:\Windows\system32\mfzy.hnp
2014-03-01 16:14 - 2014-03-01 16:14 - 00001349 _____ () C:\Users\Steve\Desktop\Anti-CryptorBit v2.exe - Shortcut.lnk
2014-03-01 16:10 - 2014-02-21 03:26 - 00000073 _____ () C:\Windows\EurekaLog.ini
2014-03-01 16:10 - 2013-08-31 01:36 - 00000000 ____D () C:\Program Files (x86)\AllMyMovies
2014-03-01 14:00 - 2014-03-01 14:00 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-01 14:00 - 2014-03-01 14:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-01 13:43 - 2014-03-01 13:43 - 00000000 ____D () C:\Users\Steve\AppData\Local\Norman Malware Cleaner
2014-02-26 13:44 - 2014-02-26 13:44 - 00000000 ____D () C:\Users\Steve\AppData\Local\Power2Go
2014-02-26 13:44 - 2013-04-05 13:16 - 00176000 _____ () C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-26 13:43 - 2009-07-14 00:45 - 00588960 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-26 13:09 - 2014-02-26 13:02 - 00029480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2014-02-26 13:09 - 2014-02-26 12:55 - 00000000 ____D () C:\ProgramData\install_clap
2014-02-26 13:09 - 2013-09-07 13:20 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-02-26 13:09 - 2013-09-07 13:20 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-02-26 13:09 - 2013-04-05 13:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-26 13:08 - 2014-02-26 13:08 - 00000000 ____D () C:\Program Files (x86)\USBFast
2014-02-26 13:08 - 2014-02-26 12:50 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-02-26 13:02 - 2014-02-26 13:02 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\CyberLink
2014-02-26 13:01 - 2014-02-26 13:01 - 10761760 _____ () C:\Users\Steve\Downloads\SetupAnyDVD7436.exe
2014-02-26 12:58 - 2014-02-26 12:58 - 00000000 ____D () C:\Users\Steve\AppData\Local\Cyberlink
2014-02-26 12:53 - 2014-02-26 12:50 - 00002050 _____ () C:\Users\Public\Desktop\CyberLink BD Advisor.lnk
2014-02-26 12:51 - 2014-02-26 12:50 - 00000000 ____D () C:\ProgramData\CyberLink
2014-02-26 12:50 - 2014-02-26 12:50 - 00000000 ____D () C:\ProgramData\CLSK
2014-02-25 19:11 - 2014-02-24 13:27 - 00000000 ____D () C:\avast! sandbox
2014-02-25 19:11 - 2014-02-23 14:08 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-24 14:09 - 2014-02-24 14:09 - 00001889 _____ () C:\Users\Steve\Desktop\ShadowExplorer.lnk
2014-02-24 14:09 - 2014-02-24 14:09 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\www.shadowexplorer.com
2014-02-24 14:09 - 2014-02-24 14:09 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer
2014-02-24 14:09 - 2013-04-05 17:35 - 00000000 ____D () C:\Steve
2014-02-24 13:46 - 2013-04-05 15:42 - 23644245 _____ () C:\Windows\WindowsUpdate.log
2014-02-24 13:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-24 11:45 - 2013-04-05 13:36 - 00000000 ____D () C:\Users\Steve\AppData\Local\Akamai
2014-02-24 10:08 - 2014-01-28 22:51 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp
2014-02-24 10:08 - 2014-01-28 22:51 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp
2014-02-24 10:08 - 2013-05-03 22:49 - 00000000 ____D () C:\Program Files (x86)\DnsBasic
2014-02-23 21:37 - 2014-02-23 14:11 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-02-23 21:28 - 2014-02-23 14:12 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-02-23 14:31 - 2014-02-23 14:31 - 00001430 _____ () C:\Users\Steve\Desktop\rkill64.exe - Shortcut.lnk
2014-02-23 13:07 - 2014-02-23 13:07 - 04703595 _____ () C:\Users\Steve\Downloads\Anti-CryptorBit.zip
2014-02-23 13:06 - 2014-02-23 13:06 - 05081128 _____ (Microsoft) C:\Users\Steve\Downloads\Anti-CryptorBit.exe
2014-02-23 11:45 - 2013-04-13 01:48 - 00000000 ____D () C:\Program Files (x86)\MagniPic
2014-02-22 15:27 - 2014-02-22 15:27 - 00001304 _____ () C:\Users\Steve\Desktop\Jellybean.txt - Shortcut.lnk
2014-02-22 15:19 - 2014-02-06 14:22 - 00000000 ____D () C:\ProgramData\Acronis
2014-02-21 04:36 - 2013-06-17 14:03 - 00000000 ____D () C:\Program Files (x86)\Weather Watcher Live
2014-02-21 04:32 - 2013-06-17 14:04 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\WeatherWatcherLive
2014-02-21 03:23 - 2014-01-20 14:31 - 00000000 ____D () C:\Rainee
2014-02-21 03:11 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-21 03:01 - 2014-02-21 03:01 - 00001468 _____ () C:\Users\Steve\Desktop\BDRB.exe - Shortcut.lnk
2014-02-21 03:01 - 2013-04-05 21:15 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2014-02-21 02:56 - 2013-04-05 21:04 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-02-21 00:36 - 2013-04-05 12:56 - 00000000 ____D () C:\Users\Steve
2014-02-20 23:53 - 2013-04-12 09:06 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-20 23:53 - 2010-11-21 03:17 - 00000000 ____D () C:\Windows\ShellNew
2014-02-20 23:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-02-20 23:53 - 2009-07-13 22:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-20 23:52 - 2014-02-19 09:56 - 00000000 ____D () C:\ProgramData\sjdofx
2014-02-20 15:45 - 2013-04-05 17:47 - 00000000 ____D () C:\Program Files (x86)\FlashFXP 4
2014-02-20 14:33 - 2014-02-20 14:33 - 00001203 _____ () C:\Users\Public\Desktop\CloneDVD2.lnk
2014-02-20 14:33 - 2013-04-05 19:48 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-02-19 12:56 - 2014-02-19 06:48 - 00000000 ____D () C:\ProgramData\fst
2014-02-19 09:05 - 2014-02-04 12:20 - 00000000 __HDC () C:\ProgramData\{1D26C5A0-32ED-4A2F-996D-A31EF7CD305F}
2014-02-19 09:05 - 2013-06-13 19:07 - 00000000 ____D () C:\ProgramData\sAAffe  siave
2014-02-19 09:05 - 2013-04-13 16:20 - 00000000 ____D () C:\ProgramData\Roxio
2014-02-19 09:05 - 2013-04-13 01:48 - 00000000 ____D () C:\ProgramData\MuaGGnniPuic
2014-02-19 09:04 - 2013-04-05 21:56 - 00000000 ____D () C:\ProgramData\AllMyMovies
2014-02-19 08:16 - 2014-02-19 08:16 - 00001331 _____ () C:\Users\UpdatusUser\HOWDECRYPT.HTM
2014-02-19 08:16 - 2014-02-19 08:16 - 00001069 _____ () C:\Users\UpdatusUser\HOWDECRYPT.TXT
2014-02-19 08:09 - 2014-02-19 08:09 - 00001331 _____ () C:\Users\Steve\Downloads\HOWDECRYPT.HTM
2014-02-19 08:09 - 2014-02-19 08:09 - 00001331 _____ () C:\Users\Steve\Documents\HOWDECRYPT.HTM
2014-02-19 08:09 - 2014-02-19 08:09 - 00001069 _____ () C:\Users\Steve\Downloads\HOWDECRYPT.TXT
2014-02-19 08:09 - 2014-02-19 08:09 - 00001069 _____ () C:\Users\Steve\Documents\HOWDECRYPT.TXT
2014-02-19 08:09 - 2014-02-10 13:40 - 67846152 _____ () C:\Users\Steve\Downloads\C-41654290SH.rar.part
2014-02-19 08:09 - 2014-01-24 11:45 - 00453636 _____ () C:\Users\Steve\Downloads\Morel080213.pdfbad
2014-02-19 08:09 - 2014-01-22 15:49 - 00132162 _____ () C:\Users\Steve\Documents\New Photo Print.el6
2014-02-19 08:09 - 2014-01-22 14:56 - 12710724 _____ () C:\Users\Steve\Documents\jrs.get well.hmk
2014-02-19 08:09 - 2014-01-22 13:46 - 01883446 _____ () C:\Users\Steve\Documents\olivia's birthday card.hmk
2014-02-19 08:09 - 2014-01-12 20:14 - 00013629 _____ () C:\Users\Steve\Desktop\001.JPG - Shortcut.lnk
2014-02-19 08:09 - 2013-11-10 23:09 - 23123403 _____ () C:\Users\Steve\Downloads\BLURRED LINES LINEDANCE INSTRUCTIONAL -DENVER.mp4
2014-02-19 08:09 - 2013-11-02 17:51 - 00011140 _____ () C:\Users\Steve\Desktop\danielles wedding.xlsx
2014-02-19 08:09 - 2013-10-31 16:36 - 00128604 _____ () C:\Users\Steve\Downloads\IMG_210100918579833.jpeg
2014-02-19 08:09 - 2013-10-31 16:36 - 00128604 _____ () C:\Users\Steve\Downloads\IMG_210100918579833(1).jpeg
2014-02-19 08:09 - 2013-08-31 14:24 - 16474370 _____ () C:\Users\Steve\Downloads\All.My.Movies.7.6.1413.rar
2014-02-19 08:09 - 2013-08-26 14:26 - 331963115 _____ () C:\Users\Steve\Downloads\CorePaintShoP5.15308(1).rar
2014-02-19 08:09 - 2013-08-21 13:07 - 17507370 _____ () C:\Users\Steve\Downloads\Level 1.5 8-20-13 sonrisa.mp4
2014-02-19 08:09 - 2013-08-18 13:46 - 00000000 ____D () C:\Users\Steve\Documents\Roxio Projects
2014-02-19 08:09 - 2013-07-23 13:26 - 00000000 ____D () C:\Users\Steve\Desktop\Old Firefox Data
2014-02-19 08:09 - 2013-07-07 20:48 - 05582865 _____ () C:\Users\Steve\Documents\masons birthday.hmk
2014-02-19 08:09 - 2013-07-06 13:35 - 00873876 _____ () C:\Users\Steve\Downloads\westgate_town_center.pdfbad
2014-02-19 08:09 - 2013-06-22 19:41 - 14299277 _____ () C:\Users\Steve\Documents\maddie new birth.hmk
2014-02-19 08:09 - 2013-06-14 01:21 - 21448018 _____ () C:\Users\Steve\Downloads\Steve and sonrisa practice.mp4
2014-02-19 08:09 - 2013-06-13 21:57 - 05000181 _____ () C:\Users\Steve\Documents\maddies birthday card.hmk
2014-02-19 08:09 - 2013-05-27 21:23 - 42829833 _____ () C:\Users\Steve\Downloads\DVD0Fab9042.rar
2014-02-19 08:09 - 2013-05-04 01:20 - 02018060 _____ () C:\Users\Steve\Downloads\WH08LS20_200%28ew%29.zip
2014-02-19 08:09 - 2013-04-19 21:30 - 69286154 _____ () C:\Users\Steve\Downloads\photoeditor6313.rar
2014-02-19 08:09 - 2013-04-15 12:35 - 35705991 _____ () C:\Users\Steve\Downloads\MSTTK.rar
2014-02-19 08:09 - 2013-04-14 13:04 - 00000000 ____D () C:\Users\Steve\Downloads\Kleptomania.2.6.crack
2014-02-19 08:09 - 2013-04-14 12:56 - 00071669 _____ () C:\Users\Steve\Downloads\Kleptomania_2.6.zip
2014-02-19 08:09 - 2013-04-13 16:53 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Roxio
2014-02-19 08:09 - 2013-04-13 12:49 - 28920112 _____ () C:\Users\Steve\Downloads\KN10.0.rar
2014-02-19 08:09 - 2013-04-08 09:28 - 00000000 ____D () C:\Users\Steve\Documents\DVDFab9
2014-02-19 08:06 - 2014-01-22 15:57 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\ImageFix_268298
2014-02-19 08:06 - 2014-01-22 15:32 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\ImageFix_594308
2014-02-19 08:06 - 2014-01-22 15:26 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\ImageFix_7475148
2014-02-19 08:06 - 2013-05-17 01:52 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Dropbox
2014-02-19 08:06 - 2013-04-06 12:36 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\bpftpserver-2011
2014-02-19 07:30 - 2013-04-06 01:11 - 00000000 ____D () C:\Users\Steve\AppData\Local\Microsoft Help
2014-02-19 07:10 - 2014-02-19 07:10 - 00001331 _____ () C:\Users\Steve\AppData\Local\HOWDECRYPT.HTM
2014-02-19 07:10 - 2014-02-19 07:10 - 00001069 _____ () C:\Users\Steve\AppData\Local\HOWDECRYPT.TXT
2014-02-19 07:10 - 2013-08-25 13:42 - 00000000 ____D () C:\Users\Steve\2013-08-25
2014-02-19 07:10 - 2013-08-21 21:26 - 00000000 ____D () C:\Users\Steve\2013-08-21
2014-02-19 07:10 - 2013-08-18 13:26 - 06158256 _____ () C:\Users\Steve\AppData\Local\rx_image32.Cache
2014-02-19 07:10 - 2013-08-15 09:59 - 00000000 ____D () C:\Users\Steve\2013-08-15
2014-02-19 07:09 - 2014-02-19 07:09 - 00001331 _____ () C:\Users\Steve\HOWDECRYPT.HTM
2014-02-19 07:09 - 2014-02-19 07:09 - 00001331 _____ () C:\Users\Default\HOWDECRYPT.HTM
2014-02-19 07:09 - 2014-02-19 07:09 - 00001069 _____ () C:\Users\Steve\HOWDECRYPT.TXT
2014-02-19 07:09 - 2014-02-19 07:09 - 00001069 _____ () C:\Users\Default\HOWDECRYPT.TXT
2014-02-19 07:09 - 2013-08-02 20:56 - 00000000 ____D () C:\Users\Steve\2013-08-02
2014-02-19 07:09 - 2013-06-23 17:03 - 00000000 ____D () C:\Users\Steve\2013-06-23
2014-02-19 07:09 - 2013-06-15 12:33 - 00000000 ____D () C:\Users\Steve\2013-06-15 front yard
2014-02-19 07:09 - 2013-05-16 17:05 - 00000000 ____D () C:\Users\Public\Documents\Verizon_Android
2014-02-19 07:09 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-02-19 07:00 - 2014-01-30 22:44 - 00032738 _____ () C:\install.log
2014-02-19 07:00 - 2013-04-05 13:27 - 00171648 _____ () C:\grldr.bak
2014-02-19 07:00 - 2007-11-07 09:12 - 00233472 _____ () C:\VC_RED.MSI
2014-02-19 07:00 - 2007-11-07 09:09 - 01443034 _____ () C:\VC_RED.cab
2014-02-19 07:00 - 2007-11-07 09:00 - 00018246 _____ () C:\eula.3082.txt
2014-02-19 06:59 - 2007-11-07 09:00 - 00018246 _____ () C:\eula.2052.txt
2014-02-19 06:59 - 2007-11-07 09:00 - 00018246 _____ () C:\eula.1042.txt
2014-02-19 06:59 - 2007-11-07 09:00 - 00018246 _____ () C:\eula.1040.txt
2014-02-19 06:59 - 2007-11-07 09:00 - 00018246 _____ () C:\eula.1036.txt
2014-02-19 06:59 - 2007-11-07 09:00 - 00018246 _____ () C:\eula.1031.txt
2014-02-19 06:59 - 2007-11-07 09:00 - 00018246 _____ () C:\eula.1028.txt
2014-02-18 19:09 - 2014-02-18 19:09 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\18723
2014-02-18 11:36 - 2014-02-18 11:36 - 10687368 _____ () C:\Users\Steve\Downloads\SetupAnyDVD7431.exe
2014-02-17 15:35 - 2014-02-17 15:33 - 00001096 _____ () C:\Users\Steve\Desktop\Continue Zip Opener Installation.lnk
2014-02-17 15:34 - 2014-02-17 15:34 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Steve\Downloads\rkill64.exe
2014-02-17 13:15 - 2013-04-08 13:24 - 00000000 ____D () C:\Users\Steve\Documents\TurboTax
2014-02-17 11:12 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-02-16 20:33 - 2014-02-16 20:33 - 00000000 _____ () C:\Program Files (x86)\moz_update_in_progress.lock
2014-02-16 18:26 - 2014-02-16 18:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 11:31 - 2014-02-15 11:31 - 00138664 _____ (SlySoft, Inc.) C:\Windows\SysWOW64\Drivers\AnyDVD.sys
2014-02-15 11:31 - 2014-02-15 11:31 - 00138664 _____ (SlySoft, Inc.) C:\Windows\system32\Drivers\AnyDVD.sys
2014-02-15 03:53 - 2014-02-15 03:53 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-15 03:52 - 2014-02-15 03:52 - 00000000 ____D () C:\Users\Steve\AppData\Local\SearchProtect
2014-02-15 03:52 - 2013-08-13 13:00 - 00000000 _____ () C:\END
2014-02-13 20:30 - 2013-04-13 16:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-13 15:52 - 2014-02-13 15:51 - 10681688 _____ () C:\Users\Steve\Downloads\SetupAnyDVD7430.exe
2014-02-13 15:35 - 2014-02-10 14:00 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-02-13 15:35 - 2013-04-07 13:26 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-02-13 11:12 - 2014-02-13 11:12 - 00000000 ____D () C:\Users\Default\Impostazioni locali
2014-02-13 10:59 - 2014-02-12 14:54 - 00000000 ____D () C:\Windows\pss
2014-02-12 14:44 - 2013-05-16 17:07 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Verizon
2014-02-10 14:45 - 2014-02-10 14:45 - 00097176 _____ (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll
2014-02-10 14:03 - 2014-02-10 14:03 - 00000000 _____ () C:\autoexec.bat
2014-02-10 14:02 - 2014-02-10 14:02 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2014-02-09 13:32 - 2013-04-14 12:58 - 00069632 _____ () C:\Windows\SysWOW64\BASSMOD.dll
2014-02-09 13:30 - 2014-02-09 13:25 - 00000000 ____D () C:\Program Files (x86)\Kleptomania
2014-02-09 13:25 - 2014-02-09 13:25 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kleptomania
2014-02-09 13:25 - 2009-07-13 22:34 - 00000279 _____ () C:\Windows\system.ini
2014-02-08 19:15 - 2013-04-15 21:22 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\BabSolution
2014-02-08 19:05 - 2014-02-07 16:15 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Ublamy
2014-02-08 19:05 - 2014-02-05 14:18 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Ygqyzaby
2014-02-08 19:05 - 2014-02-02 01:31 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Kigysuny
2014-02-08 19:05 - 2013-04-09 20:37 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Orizt
2014-02-08 15:54 - 2013-06-19 01:48 - 00000000 ____D () C:\Windows\SysWOW64\WNLT
2014-02-08 15:54 - 2013-05-03 22:49 - 00000000 ____D () C:\ProgramData\DnsBasic
2014-02-08 15:54 - 2013-04-06 13:24 - 00000000 ____D () C:\Program Files (x86)\SweetIM
2014-02-08 15:44 - 2014-01-28 22:51 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp
2014-02-08 15:44 - 2013-04-08 09:28 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\NVIDIA
2014-02-08 15:44 - 2013-04-05 19:50 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Adobe
2014-02-08 15:24 - 2014-02-08 15:24 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Steve\Downloads\rkill.exe
2014-02-08 15:22 - 2014-02-08 15:22 - 01166132 _____ () C:\Users\Steve\Downloads\AdwCleaner.exe
2014-02-08 15:18 - 2014-02-08 15:18 - 06346448 _____ (PC Cleaners) C:\Users\Steve\Downloads\app3_eng.exe
2014-02-08 15:10 - 2014-02-08 15:10 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Malwarebytes
2014-02-08 14:52 - 2014-02-08 14:52 - 00000000 ____D () C:\ProgramData\Malwarebytes

Files to move or delete:
====================
C:\ProgramData\PKP_DLbx.DAT


Some content of TEMP:
====================
C:\Users\Steve\AppData\Local\Temp\6_Offer_20.exe
C:\Users\Steve\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Steve\AppData\Local\Temp\AcsInstall.dll
C:\Users\Steve\AppData\Local\Temp\bassmod.dll
C:\Users\Steve\AppData\Local\Temp\DivXSetup.exe
C:\Users\Steve\AppData\Local\Temp\Execute2App.exe
C:\Users\Steve\AppData\Local\Temp\FlashFXP44_2026_Setup.exe
C:\Users\Steve\AppData\Local\Temp\FlashFXP44_2031_Setup.exe
C:\Users\Steve\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Steve\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Steve\AppData\Local\Temp\K-MDel.exe
C:\Users\Steve\AppData\Local\Temp\LiveUpdater.exe
C:\Users\Steve\AppData\Local\Temp\msvcp90.dll
C:\Users\Steve\AppData\Local\Temp\msvcr90.dll
C:\Users\Steve\AppData\Local\Temp\ose00000.exe
C:\Users\Steve\AppData\Local\Temp\ose00001.exe
C:\Users\Steve\AppData\Local\Temp\PidGenX.dll
C:\Users\Steve\AppData\Local\Temp\SHFOLDER.DLL
C:\Users\Steve\AppData\Local\Temp\SUABnRRemoveAll.exe
C:\Users\Steve\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\Steve\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Steve\AppData\Local\Temp\winservice.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-11-20 23:24] - [2010-11-20 23:24] - 0512512 ____A (Microsoft Corporation) BCBD77B1E1CD6E19711A4B233EE5D318

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 00:44

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 10 March 2014 - 12:05 PM

  • Start FRST with Administrator privileges.
  • Write the following text into the Search: textbox:
    rpcss.dll
  • Click on the Search File(s) button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#5 e143slime8

e143slime8
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 11 March 2014 - 03:23 AM

Tried this before I came to work this evening, seemed to hang up and then was getting Com Surrogate popups. Disconnected from internet for the night. Will try again when I get home this morning, thanks.



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 11 March 2014 - 07:03 AM

All right. If it still doesn't work you may try to run this scan in safe mode.



#7 e143slime8

e143slime8
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 11 March 2014 - 09:54 AM

Farbar Recovery Scan Tool (x64) Version: 09-03-2014 02
Ran by Steve at 2014-03-10 18:25:47
Running from C:\Users\Steve\Desktop\Bleeping Tools
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 23:24] - [2010-11-20 23:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

C:\Windows\System32\rpcss.dll
[2010-11-20 23:24] - [2010-11-20 23:24] - 0512512 ____A (Microsoft Corporation) BCBD77B1E1CD6E19711A4B233EE5D318

====== End Of Search ======



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 11 March 2014 - 10:27 AM

Ok, well done! let's continue:


Step 1

Please download this attached Attached File  fixlist.txt   5.14KB   9 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button. Allow a reboot if requested.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.

Edited by aharonov, 11 March 2014 - 10:28 AM.


#9 e143slime8

e143slime8
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 11 March 2014 - 12:18 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2014 02
Ran by Steve (administrator) on STEVE-PC on 11-03-2014 13:04:49
Running from C:\Users\Steve\Desktop\Bleeping Tools
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ACD Systems) C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe
(Secway) C:\Program Files (x86)\Secway\SimpPro 2.2\SimpPro.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Structu Rise) C:\Program Files (x86)\Kleptomania\k-mania.exe
(Akamai Technologies, Inc.) C:\Users\Steve\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Akamai Technologies, Inc.) C:\Users\Steve\AppData\Local\Akamai\netsession_win.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Creative Home) C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2013 Deluxe\Planner\PLNRnote.exe
(Vitalwerks LLC) C:\Program Files (x86)\No-IP\DUC20.exe
() C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
() C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Nikon Corporation) C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1391136322\ee\aolsoftware.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM\...\Run: [ACPW06EN] - C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe [1234120 2012-12-17] (ACD Systems)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] - C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe [293360 2011-07-13] (Rovi Corporation)
HKLM-x32\...\Run: [CPMonitor] - C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe [84464 2011-07-08] ()
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe [506352 2011-06-12] ()
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478752 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM-x32\...\Run: [Kleptomania] - [X]
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805824 2013-10-24] (Acronis)
HKLM-x32\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [HostManager] - C:\Program Files (x86)\Common Files\AOL\1391136322\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [AddressBookReminderApp] - C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2013 Deluxe\ReminderApp.exe
HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [223096 2012-04-17] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] - C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\babmaint.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\file scout\filescout.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\orizt\imohog.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\orizt\imohog.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\adobe\win15ac.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\lsass.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\nvidia\win4836.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\orizt\imohog.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\kigysuny\vaupug.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\adobe\win15ac.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\adobe\win15ac.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\lsass.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\ygqyzaby\tyucqu.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\ygqyzaby\tyucqu.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\niwiy.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\file scout\filescout.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\kigysuny\vaupug.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xiyqf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\msaocsceh.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\file scout\filescout.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\etalb.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\xiyqf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\nvidia\win4836.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\ygqyzaby\tyucqu.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\kigysuny\vaupug.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\msaocsceh.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\ukqon.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\etalb.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\file scout\uninst.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\file scout\uninst.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ukqon.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\babmaint.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\file scout\uninst.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\lsass.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\babmaint.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\niwiy.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\nvidia\win4836.exe <====== ATTENTION
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2815506177-3542503733-3789753090-1000\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [93096 2014-03-11] (SlySoft, Inc.)
HKU\S-1-5-21-2815506177-3542503733-3789753090-1000\...\Run: [Simp] - C:\Program Files (x86)\Secway\SimpPro 2.2\SimpPro.exe [629760 2009-03-13] (Secway)
HKU\S-1-5-21-2815506177-3542503733-3789753090-1000\...\Run: [BulletProof FTP Server 2011 Startup] - C:\Program Files (x86)\BulletProof FTP Server 2011\bpftpserver-2011.exe [6848000 2012-03-28] (BulletProof Software LLC)
HKU\S-1-5-21-2815506177-3542503733-3789753090-1000\...\Run: [WeatherWatcherLive] - "C:\Program Files (x86)\Weather Watcher Live\ww.exe"
HKU\S-1-5-21-2815506177-3542503733-3789753090-1000\...\Run: [Kleptomania] - C:\Program Files (x86)\Kleptomania\k-mania.exe [294912 2014-02-09] (Structu Rise)
HKU\S-1-5-21-2815506177-3542503733-3789753090-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Steve\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2815506177-3542503733-3789753090-1000\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-04-16] (Hewlett-Packard Company)
HKU\S-1-5-21-2815506177-3542503733-3789753090-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-2815506177-3542503733-3789753090-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2815506177-3542503733-3789753090-1000\...\MountPoints2: {9ce235bd-f1c0-11e2-adc2-60a44c243c73} - S:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2815506177-3542503733-3789753090-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume4\Users\Steve\AppData\Local\Temp\stctqvi\spxkxce\wow.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No-IP DUC.lnk
ShortcutTarget: No-IP DUC.lnk -> C:\Program Files (x86)\No-IP\DUC20.exe (Vitalwerks LLC)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Steve\AppData\Roaming\Verizon\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x­ä­ URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Updater By SweetPacks - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\n9y9fg2e.default-1374600355586
FF user.js: detected! => C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\n9y9fg2e.default-1374600355586\user.js
FF NewTab: hxxp://www.sweetpacks-search.com/?barid=&src=97&
FF DefaultSearchEngine: Sweetpacks Search
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: Sweetpacks Search
FF Homepage: https://www.google.com/
FF Keyword.URL: hxxp://mysearch.sweetpacks.com?src=6&barid=&&st=23&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @viewpoint.com/VMP - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\n9y9fg2e.default-1374600355586\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\n9y9fg2e.default-1374600355586\searchplugins\MyStart.xml
FF SearchPlugin: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\n9y9fg2e.default-1374600355586\searchplugins\Sweetpacks Search.xml
FF Extension: AOL Toolbar - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\n9y9fg2e.default-1374600355586\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2014-01-30]
FF Extension: Windows Media Player WMEncFileSource Class - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\n9y9fg2e.default-1374600355586\Extensions\{98610A01-C5DA-3D24-41D0-C65C8052500F} [2014-01-24]
FF Extension: SaveFrom.net helper - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\n9y9fg2e.default-1374600355586\Extensions\helper@savefrom.net.xpi [2013-11-16]
FF Extension: DnsBasic - C:\Program Files (x86)\Mozilla Firefox\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3} [2014-02-16]
FF Extension: DnsBasic - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3} [2014-02-16]
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-06-02]
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-08-13]
FF HKCU\...\Firefox\Extensions: [{0F827075-B026-42F3-885D-98981EE7B1AE}] - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3319597&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPDEDEF0CD-F737-4586-94DE-C953ABA6D203&SSPV=
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?ctid=CT3319597&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPDEDEF0CD-F737-4586-94DE-C953ABA6D203&q={searchTerms}&SSPV=
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-14]
CHR Extension: (Google Drive) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-14]
CHR Extension: (YouTube) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-14]
CHR Extension: (Google Search) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-14]
CHR Extension: (Updater By SweetPacks) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd [2013-06-19]
CHR Extension: (sAAffe  siave) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeadnkbobnhcgbgihaibncindoccjall [2013-06-13]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-06-06]
CHR Extension: (Google Wallet) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-28]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-04-14]
CHR Extension: (SweetPacks Chrome Extension) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj [2013-10-21]
CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-07-26]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx [2014-01-06]

==================== Services (Whitelisted) =================

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2011-02-09] ()
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-04-05] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-04-05] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-04-05] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [324608 2013-04-05] (ASUSTeK Computer Inc.)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [21488 2011-07-15] ()
S4 BOTService; C:\Program Files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe [211440 2011-07-14] (Rovi Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-03-09] (SurfRight B.V.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-04-06] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1095664 2011-07-13] (Rovi Corporation)
S2 RoxWatch12; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [340976 2011-07-13] (Rovi Corporation)
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com)

==================== Drivers (Whitelisted) ====================

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-02-15] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-02-15] (SlySoft, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-03-11] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 SysCow; C:\Windows\System32\drivers\syscowad64v.sys [164848 2010-05-23] (Sonic Solutions)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-02-07] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-02-07] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-02-07] (Acronis International GmbH)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Mv_Process; \??\c:\windows\syswow64\mv_process.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-11 13:01 - 2014-03-11 13:01 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-03-11 10:57 - 2014-03-11 10:57 - 10786416 _____ () C:\Users\Steve\Downloads\SetupAnyDVD7442.exe
2014-03-10 12:16 - 2014-03-11 13:04 - 00000000 ____D () C:\Users\Steve\Desktop\Bleeping Tools
2014-03-10 12:15 - 2014-03-11 13:04 - 00000000 ____D () C:\FRST
2014-03-10 12:12 - 2014-03-10 12:12 - 00000315 _____ () C:\Users\Steve\Desktop\Numerous instances of dllhost.exe .32 com surrogate running - Virus, Trojan, Spyware, and Malware Removal Logs.URL
2014-03-09 12:22 - 2014-03-09 12:22 - 00004422 _____ () C:\Windows\system32\.crusader
2014-03-09 11:42 - 2014-03-09 11:42 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-03-09 11:40 - 2014-03-09 12:30 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-09 11:40 - 2014-03-09 11:42 - 00000000 ____D () C:\Program Files\HitmanPro
2014-03-09 11:09 - 2014-03-09 11:09 - 02947139 _____ () C:\Users\Steve\Downloads\O15CTRRemove.diagcab
2014-03-09 10:41 - 2014-03-09 10:46 - 00002872 _____ () C:\Users\Steve\Desktop\Rkill.txt
2014-03-09 10:38 - 2014-03-09 10:38 - 00002124 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-03-09 10:38 - 2014-03-09 10:38 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-03-09 10:37 - 2014-03-09 10:37 - 03185096 _____ () C:\Users\Steve\Downloads\advisorinstaller.exe
2014-03-07 21:18 - 2014-03-07 21:19 - 10768800 _____ () C:\Users\Steve\Downloads\SetupAnyDVD7440.exe
2014-03-05 13:16 - 2014-03-05 13:16 - 00000876 _____ () C:\Users\Steve\Desktop\Activation Helper v1.5 x64.exe - Shortcut.lnk
2014-03-05 12:56 - 2014-03-11 12:58 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-03-01 16:19 - 2014-03-02 11:37 - 00000000 ____D () C:\pictures from f drive
2014-03-01 16:14 - 2014-03-01 16:14 - 00001349 _____ () C:\Users\Steve\Desktop\Anti-CryptorBit v2.exe - Shortcut.lnk
2014-03-01 14:00 - 2014-03-01 14:00 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-01 14:00 - 2014-03-01 14:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-01 14:00 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-01 13:43 - 2014-03-01 13:43 - 00000000 ____D () C:\Users\Steve\AppData\Local\Norman Malware Cleaner
2014-02-28 14:13 - 2014-03-09 12:48 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-02-26 13:44 - 2014-02-26 13:44 - 00000000 ____D () C:\Users\Steve\AppData\Local\Power2Go
2014-02-26 13:08 - 2014-03-11 13:00 - 00000344 _____ () C:\Windows\lgfwup.ini
2014-02-26 13:08 - 2014-02-26 13:08 - 00000000 ____D () C:\Program Files (x86)\USBFast
2014-02-26 13:07 - 2014-03-11 13:00 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2014-02-26 13:07 - 2012-07-11 14:18 - 00023664 _____ (BitLeader) C:\Windows\SysWOW64\lgfwunis.exe
2014-02-26 13:07 - 2001-08-29 22:00 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemdisp.tlb
2014-02-26 13:07 - 1998-07-22 01:00 - 00102912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Vb6stkit.dll
2014-02-26 13:07 - 1998-07-22 01:00 - 00102160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6KO.DLL
2014-02-26 13:07 - 1998-06-24 01:00 - 00115016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.OCX
2014-02-26 13:02 - 2014-02-26 13:09 - 00029480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2014-02-26 13:02 - 2014-02-26 13:02 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\CyberLink
2014-02-26 13:01 - 2014-02-26 13:01 - 10761760 _____ () C:\Users\Steve\Downloads\SetupAnyDVD7436.exe
2014-02-26 12:58 - 2014-02-26 12:58 - 00000000 ____D () C:\Users\Steve\AppData\Local\Cyberlink
2014-02-26 12:55 - 2014-02-26 13:09 - 00000000 ____D () C:\ProgramData\install_clap
2014-02-26 12:50 - 2014-02-26 13:08 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-02-26 12:50 - 2014-02-26 12:53 - 00002050 _____ () C:\Users\Public\Desktop\CyberLink BD Advisor.lnk
2014-02-26 12:50 - 2014-02-26 12:51 - 00000000 ____D () C:\ProgramData\CyberLink
2014-02-26 12:50 - 2014-02-26 12:50 - 00000000 ____D () C:\ProgramData\CLSK
2014-02-24 14:09 - 2014-02-24 14:09 - 00001889 _____ () C:\Users\Steve\Desktop\ShadowExplorer.lnk
2014-02-24 14:09 - 2014-02-24 14:09 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\www.shadowexplorer.com
2014-02-24 14:09 - 2014-02-24 14:09 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer
2014-02-24 13:27 - 2014-02-25 19:11 - 00000000 ____D () C:\avast! sandbox
2014-02-23 14:31 - 2014-02-23 14:31 - 00001430 _____ () C:\Users\Steve\Desktop\rkill64.exe - Shortcut.lnk
2014-02-23 14:12 - 2014-02-23 21:28 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-02-23 14:12 - 2014-01-22 10:52 - 00131232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFW.sys
2014-02-23 14:11 - 2014-02-23 21:37 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-02-23 14:08 - 2014-02-25 19:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-23 13:07 - 2014-02-23 13:07 - 04703595 _____ () C:\Users\Steve\Downloads\Anti-CryptorBit.zip
2014-02-23 13:06 - 2014-02-23 13:06 - 05081128 _____ (Microsoft) C:\Users\Steve\Downloads\Anti-CryptorBit.exe
2014-02-22 15:27 - 2014-02-22 15:27 - 00001304 _____ () C:\Users\Steve\Desktop\Jellybean.txt - Shortcut.lnk
2014-02-21 03:26 - 2014-03-01 16:10 - 00000073 _____ () C:\Windows\EurekaLog.ini
2014-02-21 03:01 - 2014-02-21 03:01 - 00001468 _____ () C:\Users\Steve\Desktop\BDRB.exe - Shortcut.lnk
2014-02-21 00:36 - 2014-03-07 21:20 - 00021504 ___SH () C:\Users\Steve\Thumbs.db
2014-02-20 14:33 - 2014-02-20 14:33 - 00001203 _____ () C:\Users\Public\Desktop\CloneDVD2.lnk
2014-02-19 09:56 - 2014-02-20 23:52 - 00000000 ____D () C:\ProgramData\sjdofx
2014-02-19 08:16 - 2014-02-19 08:16 - 00001331 _____ () C:\Users\UpdatusUser\HOWDECRYPT.HTM
2014-02-19 08:16 - 2014-02-19 08:16 - 00001069 _____ () C:\Users\UpdatusUser\HOWDECRYPT.TXT
2014-02-19 08:09 - 2014-02-19 08:09 - 00001331 _____ () C:\Users\Steve\Downloads\HOWDECRYPT.HTM
2014-02-19 08:09 - 2014-02-19 08:09 - 00001331 _____ () C:\Users\Steve\Documents\HOWDECRYPT.HTM
2014-02-19 08:09 - 2014-02-19 08:09 - 00001069 _____ () C:\Users\Steve\Downloads\HOWDECRYPT.TXT
2014-02-19 08:09 - 2014-02-19 08:09 - 00001069 _____ () C:\Users\Steve\Documents\HOWDECRYPT.TXT
2014-02-19 07:10 - 2014-02-19 07:10 - 00001331 _____ () C:\Users\Steve\AppData\Local\HOWDECRYPT.HTM
2014-02-19 07:10 - 2014-02-19 07:10 - 00001069 _____ () C:\Users\Steve\AppData\Local\HOWDECRYPT.TXT
2014-02-19 07:09 - 2014-02-19 07:09 - 00001331 _____ () C:\Users\Steve\HOWDECRYPT.HTM
2014-02-19 07:09 - 2014-02-19 07:09 - 00001331 _____ () C:\Users\Default\HOWDECRYPT.HTM
2014-02-19 07:09 - 2014-02-19 07:09 - 00001069 _____ () C:\Users\Steve\HOWDECRYPT.TXT
2014-02-19 07:09 - 2014-02-19 07:09 - 00001069 _____ () C:\Users\Default\HOWDECRYPT.TXT
2014-02-19 06:48 - 2014-02-19 12:56 - 00000000 ____D () C:\ProgramData\fst
2014-02-18 19:09 - 2014-02-18 19:09 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\18723
2014-02-18 11:36 - 2014-02-18 11:36 - 10687368 _____ () C:\Users\Steve\Downloads\SetupAnyDVD7431.exe
2014-02-17 15:34 - 2014-02-17 15:34 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Steve\Downloads\rkill64.exe
2014-02-17 15:33 - 2014-02-17 15:35 - 00001096 _____ () C:\Users\Steve\Desktop\Continue Zip Opener Installation.lnk
2014-02-16 20:33 - 2014-02-16 20:33 - 00000000 _____ () C:\Program Files (x86)\moz_update_in_progress.lock
2014-02-16 18:26 - 2014-02-16 18:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 11:31 - 2014-02-15 11:31 - 00138664 _____ (SlySoft, Inc.) C:\Windows\SysWOW64\Drivers\AnyDVD.sys
2014-02-15 11:31 - 2014-02-15 11:31 - 00138664 _____ (SlySoft, Inc.) C:\Windows\system32\Drivers\AnyDVD.sys
2014-02-15 03:53 - 2014-02-15 03:53 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-15 03:52 - 2014-02-15 03:52 - 00000000 ____D () C:\Users\Steve\AppData\Local\SearchProtect
2014-02-13 15:51 - 2014-02-13 15:52 - 10681688 _____ () C:\Users\Steve\Downloads\SetupAnyDVD7430.exe
2014-02-13 11:12 - 2014-02-13 11:12 - 00000000 ____D () C:\Users\Default\Impostazioni locali
2014-02-12 14:54 - 2014-02-13 10:59 - 00000000 ____D () C:\Windows\pss
2014-02-10 14:45 - 2014-02-10 14:45 - 00097176 _____ (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll
2014-02-10 14:03 - 2014-02-10 14:03 - 00000000 _____ () C:\autoexec.bat
2014-02-10 14:02 - 2014-02-10 14:02 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2014-02-10 14:00 - 2014-02-13 15:35 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-02-10 13:40 - 2014-02-19 08:09 - 67846152 _____ () C:\Users\Steve\Downloads\C-41654290SH.rar.part
2014-02-09 13:25 - 2014-03-11 13:00 - 00021045 _____ () C:\Windows\k-mania.Ini
2014-02-09 13:25 - 2014-02-09 13:30 - 00000000 ____D () C:\Program Files (x86)\Kleptomania
2014-02-09 13:25 - 2014-02-09 13:25 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kleptomania

==================== One Month Modified Files and Folders =======

2014-03-11 13:04 - 2014-03-10 12:16 - 00000000 ____D () C:\Users\Steve\Desktop\Bleeping Tools
2014-03-11 13:04 - 2014-03-10 12:15 - 00000000 ____D () C:\FRST
2014-03-11 13:03 - 2013-04-05 14:21 - 00000000 _____ () C:\Windows\Path.idx
2014-03-11 13:03 - 2009-07-14 00:45 - 00033936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-11 13:03 - 2009-07-14 00:45 - 00033936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-11 13:01 - 2014-03-11 13:01 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-03-11 13:00 - 2014-02-26 13:08 - 00000344 _____ () C:\Windows\lgfwup.ini
2014-03-11 13:00 - 2014-02-26 13:07 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2014-03-11 13:00 - 2014-02-09 13:25 - 00021045 _____ () C:\Windows\k-mania.Ini
2014-03-11 12:58 - 2014-03-05 12:56 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-03-11 12:58 - 2013-04-05 14:16 - 01048576 _____ () C:\Windows\PE_Rom.dll
2014-03-11 12:58 - 2013-04-05 13:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-11 12:58 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-11 12:58 - 2009-07-14 00:51 - 00048114 _____ () C:\Windows\setupact.log
2014-03-11 12:57 - 2010-11-20 23:47 - 00858228 _____ () C:\Windows\PFRO.log
2014-03-11 12:15 - 2013-04-08 13:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-11 11:49 - 2013-04-05 17:51 - 00000125 ___SH () C:\ProgramData\.zreglib
2014-03-11 10:58 - 2013-04-05 17:41 - 00001105 _____ () C:\Users\Public\Desktop\AnyDVD.lnk
2014-03-11 10:57 - 2014-03-11 10:57 - 10786416 _____ () C:\Users\Steve\Downloads\SetupAnyDVD7442.exe
2014-03-10 12:48 - 2013-04-17 12:08 - 00000000 ____D () C:\Windows\AutoKMS
2014-03-10 12:42 - 2013-04-06 01:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-10 12:12 - 2014-03-10 12:12 - 00000315 _____ () C:\Users\Steve\Desktop\Numerous instances of dllhost.exe .32 com surrogate running - Virus, Trojan, Spyware, and Malware Removal Logs.URL
2014-03-09 14:27 - 2009-07-14 01:13 - 00730210 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-09 12:48 - 2014-02-28 14:13 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-03-09 12:30 - 2014-03-09 11:40 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-09 12:22 - 2014-03-09 12:22 - 00004422 _____ () C:\Windows\system32\.crusader
2014-03-09 11:42 - 2014-03-09 11:42 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-03-09 11:42 - 2014-03-09 11:40 - 00000000 ____D () C:\Program Files\HitmanPro
2014-03-09 11:09 - 2014-03-09 11:09 - 02947139 _____ () C:\Users\Steve\Downloads\O15CTRRemove.diagcab
2014-03-09 10:46 - 2014-03-09 10:41 - 00002872 _____ () C:\Users\Steve\Desktop\Rkill.txt
2014-03-09 10:38 - 2014-03-09 10:38 - 00002124 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-03-09 10:38 - 2014-03-09 10:38 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-03-09 10:37 - 2014-03-09 10:37 - 03185096 _____ () C:\Users\Steve\Downloads\advisorinstaller.exe
2014-03-07 21:20 - 2014-02-21 00:36 - 00021504 ___SH () C:\Users\Steve\Thumbs.db
2014-03-07 21:19 - 2014-03-07 21:18 - 10768800 _____ () C:\Users\Steve\Downloads\SetupAnyDVD7440.exe
2014-03-05 13:16 - 2014-03-05 13:16 - 00000876 _____ () C:\Users\Steve\Desktop\Activation Helper v1.5 x64.exe - Shortcut.lnk
2014-03-05 13:09 - 2013-04-17 12:07 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-03-04 13:22 - 2013-06-24 12:26 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\dvdcss
2014-03-04 13:22 - 2013-04-07 14:12 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\vlc
2014-03-02 11:37 - 2014-03-01 16:19 - 00000000 ____D () C:\pictures from f drive
2014-03-02 10:02 - 2013-12-21 15:21 - 00308352 _____ () C:\Users\Steve\AppData\Local\rx_audio.Cache
2014-03-01 16:18 - 2014-02-05 22:47 - 00000085 _____ () C:\Windows\system32\mfzy.hnp
2014-03-01 16:14 - 2014-03-01 16:14 - 00001349 _____ () C:\Users\Steve\Desktop\Anti-CryptorBit v2.exe - Shortcut.lnk
2014-03-01 16:10 - 2014-02-21 03:26 - 00000073 _____ () C:\Windows\EurekaLog.ini
2014-03-01 16:10 - 2013-08-31 01:36 - 00000000 ____D () C:\Program Files (x86)\AllMyMovies
2014-03-01 14:00 - 2014-03-01 14:00 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-01 14:00 - 2014-03-01 14:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-01 13:43 - 2014-03-01 13:43 - 00000000 ____D () C:\Users\Steve\AppData\Local\Norman Malware Cleaner
2014-02-26 13:44 - 2014-02-26 13:44 - 00000000 ____D () C:\Users\Steve\AppData\Local\Power2Go
2014-02-26 13:44 - 2013-04-05 13:16 - 00176000 _____ () C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-26 13:43 - 2009-07-14 00:45 - 00588960 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-26 13:09 - 2014-02-26 13:02 - 00029480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2014-02-26 13:09 - 2014-02-26 12:55 - 00000000 ____D () C:\ProgramData\install_clap
2014-02-26 13:09 - 2013-09-07 13:20 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-02-26 13:09 - 2013-09-07 13:20 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-02-26 13:09 - 2013-04-05 13:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-26 13:08 - 2014-02-26 13:08 - 00000000 ____D () C:\Program Files (x86)\USBFast
2014-02-26 13:08 - 2014-02-26 12:50 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-02-26 13:02 - 2014-02-26 13:02 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\CyberLink
2014-02-26 13:01 - 2014-02-26 13:01 - 10761760 _____ () C:\Users\Steve\Downloads\SetupAnyDVD7436.exe
2014-02-26 12:58 - 2014-02-26 12:58 - 00000000 ____D () C:\Users\Steve\AppData\Local\Cyberlink
2014-02-26 12:53 - 2014-02-26 12:50 - 00002050 _____ () C:\Users\Public\Desktop\CyberLink BD Advisor.lnk
2014-02-26 12:51 - 2014-02-26 12:50 - 00000000 ____D () C:\ProgramData\CyberLink
2014-02-26 12:50 - 2014-02-26 12:50 - 00000000 ____D () C:\ProgramData\CLSK
2014-02-25 19:11 - 2014-02-24 13:27 - 00000000 ____D () C:\avast! sandbox
2014-02-25 19:11 - 2014-02-23 14:08 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-24 14:09 - 2014-02-24 14:09 - 00001889 _____ () C:\Users\Steve\Desktop\ShadowExplorer.lnk
2014-02-24 14:09 - 2014-02-24 14:09 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\www.shadowexplorer.com
2014-02-24 14:09 - 2014-02-24 14:09 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer
2014-02-24 14:09 - 2013-04-05 17:35 - 00000000 ____D () C:\Steve
2014-02-24 13:46 - 2013-04-05 15:42 - 23644245 _____ () C:\Windows\WindowsUpdate.log
2014-02-24 13:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-24 11:45 - 2013-04-05 13:36 - 00000000 ____D () C:\Users\Steve\AppData\Local\Akamai
2014-02-24 10:08 - 2014-01-28 22:51 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp
2014-02-24 10:08 - 2014-01-28 22:51 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp
2014-02-24 10:08 - 2013-05-03 22:49 - 00000000 ____D () C:\Program Files (x86)\DnsBasic
2014-02-23 21:37 - 2014-02-23 14:11 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-02-23 21:28 - 2014-02-23 14:12 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-02-23 14:31 - 2014-02-23 14:31 - 00001430 _____ () C:\Users\Steve\Desktop\rkill64.exe - Shortcut.lnk
2014-02-23 13:07 - 2014-02-23 13:07 - 04703595 _____ () C:\Users\Steve\Downloads\Anti-CryptorBit.zip
2014-02-23 13:06 - 2014-02-23 13:06 - 05081128 _____ (Microsoft) C:\Users\Steve\Downloads\Anti-CryptorBit.exe
2014-02-23 11:45 - 2013-04-13 01:48 - 00000000 ____D () C:\Program Files (x86)\MagniPic
2014-02-22 15:27 - 2014-02-22 15:27 - 00001304 _____ () C:\Users\Steve\Desktop\Jellybean.txt - Shortcut.lnk
2014-02-22 15:19 - 2014-02-06 14:22 - 00000000 ____D () C:\ProgramData\Acronis
2014-02-21 04:36 - 2013-06-17 14:03 - 00000000 ____D () C:\Program Files (x86)\Weather Watcher Live
2014-02-21 04:32 - 2013-06-17 14:04 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\WeatherWatcherLive
2014-02-21 03:23 - 2014-01-20 14:31 - 00000000 ____D () C:\Rainee
2014-02-21 03:11 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-21 03:01 - 2014-02-21 03:01 - 00001468 _____ () C:\Users\Steve\Desktop\BDRB.exe - Shortcut.lnk
2014-02-21 03:01 - 2013-04-05 21:15 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2014-02-21 02:56 - 2013-04-05 21:04 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-02-21 00:36 - 2013-04-05 12:56 - 00000000 ____D () C:\Users\Steve
2014-02-20 23:53 - 2013-04-12 09:06 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-20 23:53 - 2010-11-21 03:17 - 00000000 ____D () C:\Windows\ShellNew
2014-02-20 23:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-02-20 23:53 - 2009-07-13 22:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-20 23:52 - 2014-02-19 09:56 - 00000000 ____D () C:\ProgramData\sjdofx
2014-02-20 15:45 - 2013-04-05 17:47 - 00000000 ____D () C:\Program Files (x86)\FlashFXP 4
2014-02-20 14:33 - 2014-02-20 14:33 - 00001203 _____ () C:\Users\Public\Desktop\CloneDVD2.lnk
2014-02-20 14:33 - 2013-04-05 19:48 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-02-19 12:56 - 2014-02-19 06:48 - 00000000 ____D () C:\ProgramData\fst
2014-02-19 09:05 - 2014-02-04 12:20 - 00000000 __HDC () C:\ProgramData\{1D26C5A0-32ED-4A2F-996D-A31EF7CD305F}
2014-02-19 09:05 - 2013-06-13 19:07 - 00000000 ____D () C:\ProgramData\sAAffe  siave
2014-02-19 09:05 - 2013-04-13 16:20 - 00000000 ____D () C:\ProgramData\Roxio
2014-02-19 09:05 - 2013-04-13 01:48 - 00000000 ____D () C:\ProgramData\MuaGGnniPuic
2014-02-19 09:04 - 2013-04-05 21:56 - 00000000 ____D () C:\ProgramData\AllMyMovies
2014-02-19 08:16 - 2014-02-19 08:16 - 00001331 _____ () C:\Users\UpdatusUser\HOWDECRYPT.HTM
2014-02-19 08:16 - 2014-02-19 08:16 - 00001069 _____ () C:\Users\UpdatusUser\HOWDECRYPT.TXT
2014-02-19 08:09 - 2014-02-19 08:09 - 00001331 _____ () C:\Users\Steve\Downloads\HOWDECRYPT.HTM
2014-02-19 08:09 - 2014-02-19 08:09 - 00001331 _____ () C:\Users\Steve\Documents\HOWDECRYPT.HTM
2014-02-19 08:09 - 2014-02-19 08:09 - 00001069 _____ () C:\Users\Steve\Downloads\HOWDECRYPT.TXT
2014-02-19 08:09 - 2014-02-19 08:09 - 00001069 _____ () C:\Users\Steve\Documents\HOWDECRYPT.TXT
2014-02-19 08:09 - 2014-02-10 13:40 - 67846152 _____ () C:\Users\Steve\Downloads\C-41654290SH.rar.part
2014-02-19 08:09 - 2014-01-24 11:45 - 00453636 _____ () C:\Users\Steve\Downloads\Morel080213.pdfbad
2014-02-19 08:09 - 2014-01-22 15:49 - 00132162 _____ () C:\Users\Steve\Documents\New Photo Print.el6
2014-02-19 08:09 - 2014-01-22 14:56 - 12710724 _____ () C:\Users\Steve\Documents\jrs.get well.hmk
2014-02-19 08:09 - 2014-01-22 13:46 - 01883446 _____ () C:\Users\Steve\Documents\olivia's birthday card.hmk
2014-02-19 08:09 - 2014-01-12 20:14 - 00013629 _____ () C:\Users\Steve\Desktop\001.JPG - Shortcut.lnk
2014-02-19 08:09 - 2013-11-10 23:09 - 23123403 _____ () C:\Users\Steve\Downloads\BLURRED LINES LINEDANCE INSTRUCTIONAL -DENVER.mp4
2014-02-19 08:09 - 2013-11-02 17:51 - 00011140 _____ () C:\Users\Steve\Desktop\danielles wedding.xlsx
2014-02-19 08:09 - 2013-10-31 16:36 - 00128604 _____ () C:\Users\Steve\Downloads\IMG_210100918579833.jpeg
2014-02-19 08:09 - 2013-10-31 16:36 - 00128604 _____ () C:\Users\Steve\Downloads\IMG_210100918579833(1).jpeg
2014-02-19 08:09 - 2013-08-31 14:24 - 16474370 _____ () C:\Users\Steve\Downloads\All.My.Movies.7.6.1413.rar
2014-02-19 08:09 - 2013-08-26 14:26 - 331963115 _____ () C:\Users\Steve\Downloads\CorePaintShoP5.15308(1).rar
2014-02-19 08:09 - 2013-08-21 13:07 - 17507370 _____ () C:\Users\Steve\Downloads\Level 1.5 8-20-13 sonrisa.mp4
2014-02-19 08:09 - 2013-08-18 13:46 - 00000000 ____D () C:\Users\Steve\Documents\Roxio Projects
2014-02-19 08:09 - 2013-07-23 13:26 - 00000000 ____D () C:\Users\Steve\Desktop\Old Firefox Data
2014-02-19 08:09 - 2013-07-07 20:48 - 05582865 _____ () C:\Users\Steve\Documents\masons birthday.hmk
2014-02-19 08:09 - 2013-07-06 13:35 - 00873876 _____ () C:\Users\Steve\Downloads\westgate_town_center.pdfbad
2014-02-19 08:09 - 2013-06-22 19:41 - 14299277 _____ () C:\Users\Steve\Documents\maddie new birth.hmk
2014-02-19 08:09 - 2013-06-14 01:21 - 21448018 _____ () C:\Users\Steve\Downloads\Steve and sonrisa practice.mp4
2014-02-19 08:09 - 2013-06-13 21:57 - 05000181 _____ () C:\Users\Steve\Documents\maddies birthday card.hmk
2014-02-19 08:09 - 2013-05-27 21:23 - 42829833 _____ () C:\Users\Steve\Downloads\DVD0Fab9042.rar
2014-02-19 08:09 - 2013-05-04 01:20 - 02018060 _____ () C:\Users\Steve\Downloads\WH08LS20_200%28ew%29.zip
2014-02-19 08:09 - 2013-04-19 21:30 - 69286154 _____ () C:\Users\Steve\Downloads\photoeditor6313.rar
2014-02-19 08:09 - 2013-04-15 12:35 - 35705991 _____ () C:\Users\Steve\Downloads\MSTTK.rar
2014-02-19 08:09 - 2013-04-14 13:04 - 00000000 ____D () C:\Users\Steve\Downloads\Kleptomania.2.6.crack
2014-02-19 08:09 - 2013-04-14 12:56 - 00071669 _____ () C:\Users\Steve\Downloads\Kleptomania_2.6.zip
2014-02-19 08:09 - 2013-04-13 16:53 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Roxio
2014-02-19 08:09 - 2013-04-13 12:49 - 28920112 _____ () C:\Users\Steve\Downloads\KN10.0.rar
2014-02-19 08:09 - 2013-04-08 09:28 - 00000000 ____D () C:\Users\Steve\Documents\DVDFab9
2014-02-19 08:06 - 2014-01-22 15:57 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\ImageFix_268298
2014-02-19 08:06 - 2014-01-22 15:32 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\ImageFix_594308
2014-02-19 08:06 - 2014-01-22 15:26 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\ImageFix_7475148
2014-02-19 08:06 - 2013-05-17 01:52 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Dropbox
2014-02-19 08:06 - 2013-04-06 12:36 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\bpftpserver-2011
2014-02-19 07:30 - 2013-04-06 01:11 - 00000000 ____D () C:\Users\Steve\AppData\Local\Microsoft Help
2014-02-19 07:10 - 2014-02-19 07:10 - 00001331 _____ () C:\Users\Steve\AppData\Local\HOWDECRYPT.HTM
2014-02-19 07:10 - 2014-02-19 07:10 - 00001069 _____ () C:\Users\Steve\AppData\Local\HOWDECRYPT.TXT
2014-02-19 07:10 - 2013-08-25 13:42 - 00000000 ____D () C:\Users\Steve\2013-08-25
2014-02-19 07:10 - 2013-08-21 21:26 - 00000000 ____D () C:\Users\Steve\2013-08-21
2014-02-19 07:10 - 2013-08-18 13:26 - 06158256 _____ () C:\Users\Steve\AppData\Local\rx_image32.Cache
2014-02-19 07:10 - 2013-08-15 09:59 - 00000000 ____D () C:\Users\Steve\2013-08-15
2014-02-19 07:09 - 2014-02-19 07:09 - 00001331 _____ () C:\Users\Steve\HOWDECRYPT.HTM
2014-02-19 07:09 - 2014-02-19 07:09 - 00001331 _____ () C:\Users\Default\HOWDECRYPT.HTM
2014-02-19 07:09 - 2014-02-19 07:09 - 00001069 _____ () C:\Users\Steve\HOWDECRYPT.TXT
2014-02-19 07:09 - 2014-02-19 07:09 - 00001069 _____ () C:\Users\Default\HOWDECRYPT.TXT
2014-02-19 07:09 - 2013-08-02 20:56 - 00000000 ____D () C:\Users\Steve\2013-08-02
2014-02-19 07:09 - 2013-06-23 17:03 - 00000000 ____D () C:\Users\Steve\2013-06-23
2014-02-19 07:09 - 2013-06-15 12:33 - 00000000 ____D () C:\Users\Steve\2013-06-15 front yard
2014-02-19 07:09 - 2013-05-16 17:05 - 00000000 ____D () C:\Users\Public\Documents\Verizon_Android
2014-02-19 07:09 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-02-19 07:00 - 2014-01-30 22:44 - 00032738 _____ () C:\install.log
2014-02-19 07:00 - 2013-04-05 13:27 - 00171648 _____ () C:\grldr.bak
2014-02-19 07:00 - 2007-11-07 09:12 - 00233472 _____ () C:\VC_RED.MSI
2014-02-19 07:00 - 2007-11-07 09:09 - 01443034 _____ () C:\VC_RED.cab
2014-02-19 07:00 - 2007-11-07 09:00 - 00018246 _____ () C:\eula.3082.txt
2014-02-19 06:59 - 2007-11-07 09:00 - 00018246 _____ () C:\eula.2052.txt
2014-02-19 06:59 - 2007-11-07 09:00 - 00018246 _____ () C:\eula.1042.txt
2014-02-19 06:59 - 2007-11-07 09:00 - 00018246 _____ () C:\eula.1040.txt
2014-02-19 06:59 - 2007-11-07 09:00 - 00018246 _____ () C:\eula.1036.txt
2014-02-19 06:59 - 2007-11-07 09:00 - 00018246 _____ () C:\eula.1031.txt
2014-02-19 06:59 - 2007-11-07 09:00 - 00018246 _____ () C:\eula.1028.txt
2014-02-18 19:09 - 2014-02-18 19:09 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\18723
2014-02-18 11:36 - 2014-02-18 11:36 - 10687368 _____ () C:\Users\Steve\Downloads\SetupAnyDVD7431.exe
2014-02-17 15:35 - 2014-02-17 15:33 - 00001096 _____ () C:\Users\Steve\Desktop\Continue Zip Opener Installation.lnk
2014-02-17 15:34 - 2014-02-17 15:34 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Steve\Downloads\rkill64.exe
2014-02-17 13:15 - 2013-04-08 13:24 - 00000000 ____D () C:\Users\Steve\Documents\TurboTax
2014-02-17 11:12 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-02-16 20:33 - 2014-02-16 20:33 - 00000000 _____ () C:\Program Files (x86)\moz_update_in_progress.lock
2014-02-16 18:26 - 2014-02-16 18:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 11:31 - 2014-02-15 11:31 - 00138664 _____ (SlySoft, Inc.) C:\Windows\SysWOW64\Drivers\AnyDVD.sys
2014-02-15 11:31 - 2014-02-15 11:31 - 00138664 _____ (SlySoft, Inc.) C:\Windows\system32\Drivers\AnyDVD.sys
2014-02-15 03:53 - 2014-02-15 03:53 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-15 03:52 - 2014-02-15 03:52 - 00000000 ____D () C:\Users\Steve\AppData\Local\SearchProtect
2014-02-15 03:52 - 2013-08-13 13:00 - 00000000 _____ () C:\END
2014-02-13 20:30 - 2013-04-13 16:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-13 15:52 - 2014-02-13 15:51 - 10681688 _____ () C:\Users\Steve\Downloads\SetupAnyDVD7430.exe
2014-02-13 15:35 - 2014-02-10 14:00 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-02-13 15:35 - 2013-04-07 13:26 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-02-13 11:12 - 2014-02-13 11:12 - 00000000 ____D () C:\Users\Default\Impostazioni locali
2014-02-13 10:59 - 2014-02-12 14:54 - 00000000 ____D () C:\Windows\pss
2014-02-12 14:44 - 2013-05-16 17:07 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Verizon
2014-02-10 14:45 - 2014-02-10 14:45 - 00097176 _____ (Elaborate Bytes AG) C:\Windows\SysWOW64\ElbyCDIO.dll
2014-02-10 14:03 - 2014-02-10 14:03 - 00000000 _____ () C:\autoexec.bat
2014-02-10 14:02 - 2014-02-10 14:02 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2014-02-09 13:32 - 2013-04-14 12:58 - 00069632 _____ () C:\Windows\SysWOW64\BASSMOD.dll
2014-02-09 13:30 - 2014-02-09 13:25 - 00000000 ____D () C:\Program Files (x86)\Kleptomania
2014-02-09 13:25 - 2014-02-09 13:25 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kleptomania
2014-02-09 13:25 - 2009-07-13 22:34 - 00000279 _____ () C:\Windows\system.ini

Files to move or delete:
====================
C:\ProgramData\PKP_DLbx.DAT


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 00:44

==================== End Of Log ============================

 

 



#10 e143slime8

e143slime8
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 11 March 2014 - 12:23 PM

Okay, did last two steps, hopefully info got posted correctly, had a little problem with size on one of the step one reply but it seemed to finally post.

 

Off to bed now, will pass through again before I go to work to see if there a next step for me. I really appreciate the help.

 

BTW, currently have the machine connected to internet and there are now instances of the dllhost.exe *.32 running. You're amazing. Will leave connected during sleep time.

 

NN.



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 11 March 2014 - 12:38 PM

That's good to hear. :)
Here are the next steps for you:


Step 1

Please download this attached Attached File  fixlist.txt   473bytes   5 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

Please uninstall some programs:

  • Click on the Start Menu button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:

    Delta Chrome Toolbar
    Delta toolbar
    DnsBasic 1.0 build 123
    DomaIQ
    Internet Explorer Toolbar 4.7 by SweetPacks
    MagniPic
    SafeSaver 1.74
    Updater By SweetPacks 2.0.0.609

  • Reboot your computer.

 

 

 

Step 3

Please download AdwCleaner (by Xplode) and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

 

 

 

Step 4

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#12 e143slime8

e143slime8
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 11 March 2014 - 05:26 PM

Have to redo step 2.


Edited by e143slime8, 12 March 2014 - 01:36 AM.


#13 e143slime8

e143slime8
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 11 March 2014 - 05:33 PM

have to redo step 2.


Edited by e143slime8, 12 March 2014 - 01:37 AM.


#14 e143slime8

e143slime8
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 12 March 2014 - 01:38 AM

Oops, I'm sorry. I totally misread step 2. :nono:  Will go back to redo those 2, 3 &4 steps when I get home in AM.


Edited by e143slime8, 12 March 2014 - 01:39 AM.


#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 12 March 2014 - 03:22 AM

All right. :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users