Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

COM Surrogate - dllhost.exe *32


  • This topic is locked This topic is locked
35 replies to this topic

#1 ptommo77

ptommo77

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 23 March 2014 - 04:43 PM

Help,

 

I have the com surrogate thing that has been discussed in a number of threads. I have downloaded and ran FARBAR as per instructions in a previous thread with the following logs being the result. Please help with a fix list.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Peter Thomas (administrator) on SAMC-002 on 24-03-2014 05:33:12
Running from C:\Users\Peter Thomas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(SMSC) C:\Program Files\SGFX\sgfxmgr.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
() C:\Program Files\SGFX\SgfxConfig.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-23] (Synaptics Incorporated)
HKLM\...\Run: [AS2014] - C:\ProgramData\nX37n33r\nX37n33r.exe
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] - C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SgfxConfig] - C:\Program Files\SGFX\sgfxconfig.exe [2230848 2012-04-30] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,,C:\ProgramData\nX37n33r\nX37n33r.exe -sm,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\.DEFAULT\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [Facebook Update] - C:\Users\Peter Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-24] (Facebook Inc.)
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [HP Officejet 7500 E910 (NET)] - C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [Exzvtion] - regsvr32.exe "C:\Users\Peter Thomas\AppData\Local\Exzvtion\PowNap.dll" <===== ATTENTION
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [Flasures] - rundll32 "C:\Windows\client64.dll",CreateProcessNotify
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\MountPoints2: F - F:\SETUP.EXE
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\MountPoints2: G - G:\autorun.exe
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\MountPoints2: {c4d82d5b-5afc-11e2-b89d-60eb694fb604} - H:\AutoRun.exe
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\MountPoints2: {d931add4-23d6-11e0-96b9-806e6f6e6963} - E:\start.exe
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\PETERT~1\AppData\Local\Temp\snpuupq\sboevum\wow.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Mikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Mikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Mikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecu.edu.au/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.com.au/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {3D370F54-50F6-4D4A-B007-A2C0A3CC4F7D} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {C37CA9E3-C514-4351-A0F2-870588A977BD} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {3D370F54-50F6-4D4A-B007-A2C0A3CC4F7D} URL = 
SearchScopes: HKCU - {C37CA9E3-C514-4351-A0F2-870588A977BD} URL = 
SearchScopes: HKCU - {C81156CE-A7CB-4CEF-90CD-959E769DBB67} URL = 
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: HKLM-x32 {AD58C149-8AE2-4878-99DC-3A164E32F814} http://apps.bentley.com/studentserver/Scripts/SAXFileEE.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {EA1B8527-E422-4909-825A-70BE0694F18E} https://online.westpac.com.au/wtpbs/wtBalanceSheet/portfoliomanagerwt.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: google.com.au
CHR Extension: (CLSID_QueryResult) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-03-18]
CHR Extension: (YouTube) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-14]
CHR Extension: (Google Search) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-14]
CHR Extension: (Skype Click to Call) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-14]
CHR Extension: (Google Wallet) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-22]
CHR Extension: (Gmail) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-12-13]
 
==================== Services (Whitelisted) =================
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 SGFXMgr; C:\Program Files\SGFX\sgfxmgr.exe [5715968 2012-04-27] (SMSC)
S3 STSService; "C:\Program Files (x86)\AllMusicConverter Media Suite\STSService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 a016bus; C:\Windows\System32\DRIVERS\a016bus.sys [109096 2008-01-18] (MCCI Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 LAN9500; C:\Windows\System32\DRIVERS\lan9500-x64-n620f.sys [80384 2013-11-05] (SMSC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MusCAudio; C:\Windows\System32\drivers\MusCAudio.sys [34040 2011-02-16] (Windows ® Codename Longhorn DDK provider)
S3 qcusbser; C:\Windows\System32\DRIVERS\hwusbser02.sys [120960 2010-12-08] (QUALCOMM Incorporated)
S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2010-03-15] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation)
S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation)
S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2010-03-15] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2010-03-15] (MCCI Corporation)
R4 sgfxk; C:\Windows\System32\drivers\sgfxk64.sys [141888 2012-05-01] (SMSC)
R0 sgfxl; C:\Windows\System32\drivers\sgfxl64.sys [14912 2012-05-01] (SMSC)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [122624 2011-01-13] (ZTE Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CEDRIVER60; \??\C:\Program Files (x86)\Cheat Engine 6\dbk64.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 NPF; system32\DRIVERS\npf.sys [X]
U2 wuaserv; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-24 05:33 - 2014-03-24 05:35 - 00020727 _____ () C:\Users\Peter Thomas\Desktop\FRST.txt
2014-03-23 20:36 - 2014-03-23 20:36 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Peter Thomas\Downloads\rkill64.com
2014-03-23 19:49 - 2014-03-24 05:27 - 00000000 ___HD () C:\725650d
2014-03-23 19:38 - 2014-03-23 19:38 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Peter Thomas\Downloads\rkill.com
2014-03-23 19:25 - 2014-03-23 19:25 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-23 19:25 - 2014-03-23 19:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-23 19:25 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-23 19:00 - 2014-03-24 05:33 - 00000000 ____D () C:\FRST
2014-03-23 18:59 - 2014-03-23 18:59 - 02157056 _____ (Farbar) C:\Users\Peter Thomas\Desktop\FRST64.exe
2014-03-23 17:26 - 2014-03-23 17:26 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{F5A0557D-F478-4E7A-B931-2673E4A1B7E8}
2014-03-23 10:53 - 2014-03-23 10:53 - 00002777 _____ () C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.HTML
2014-03-23 10:53 - 2014-03-23 10:53 - 00002777 _____ () C:\Users\Mikki\AppData\HOW_DECRYPT.HTML
2014-03-23 10:53 - 2014-03-23 10:53 - 00001261 _____ () C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.TXT
2014-03-23 10:53 - 2014-03-23 10:53 - 00001261 _____ () C:\Users\Mikki\AppData\HOW_DECRYPT.TXT
2014-03-23 10:53 - 2014-03-23 10:53 - 00000133 _____ () C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.URL
2014-03-23 10:53 - 2014-03-23 10:53 - 00000133 _____ () C:\Users\Mikki\AppData\HOW_DECRYPT.URL
2014-03-23 10:52 - 2014-03-23 10:52 - 00002777 _____ () C:\Users\Mikki\AppData\Local\HOW_DECRYPT.HTML
2014-03-23 10:52 - 2014-03-23 10:52 - 00001261 _____ () C:\Users\Mikki\AppData\Local\HOW_DECRYPT.TXT
2014-03-23 10:52 - 2014-03-23 10:52 - 00000133 _____ () C:\Users\Mikki\AppData\Local\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default\AppData\Local\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default\AppData\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default User\AppData\Local\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default User\AppData\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default\AppData\Local\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default\AppData\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default User\AppData\Local\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default User\AppData\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default\AppData\Local\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default\AppData\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default User\AppData\Local\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default User\AppData\HOW_DECRYPT.URL
2014-03-23 10:43 - 2014-03-23 20:41 - 00000153 _____ () C:\Users\Peter Thomas\AppData\Local\svcxdcl32.dat
2014-03-23 10:43 - 2014-03-23 17:03 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Haiqz
2014-03-23 10:43 - 2014-03-23 10:44 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Adzih
2014-03-23 10:42 - 2014-03-23 10:42 - 00280576 ____H () C:\Windows\client64.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00059904 ____H () C:\Windows\zlib1.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00012800 ____H () C:\Windows\aplib64.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00011264 ____H () C:\Windows\aplib.dll
2014-03-22 18:25 - 2014-03-22 18:25 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\EndNote
2014-03-22 18:24 - 2014-03-22 18:25 - 00000000 ____D () C:\ProgramData\Thomson.ResearchSoft.Installers
2014-03-22 18:24 - 2014-03-22 18:24 - 00000000 ____D () C:\Users\Public\Documents\EndNote
2014-03-22 18:24 - 2014-03-22 18:24 - 00000000 ____D () C:\Program Files (x86)\EndNote X6
2014-03-22 18:19 - 2014-03-22 18:20 - 71266536 _____ (Edith Cowan University) C:\Users\Peter Thomas\Desktop\EndnoteX6_CHUL.exe
2014-03-22 18:14 - 2014-03-22 18:14 - 00003316 _____ () C:\Windows\System32\Tasks\4824
2014-03-22 18:14 - 2014-03-22 18:14 - 00003226 _____ () C:\Windows\System32\Tasks\0
2014-03-22 18:04 - 2014-02-19 06:50 - 00000426 _____ () C:\AVScanner.ini
2014-03-22 11:57 - 2014-03-22 11:57 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{7BFFF8BA-DBB4-47BB-871E-10DB00B65278}
2014-03-21 11:24 - 2014-03-21 11:24 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{622D34A1-ED12-42F9-97E7-39FB73C68635}
2014-03-18 19:17 - 2014-03-18 19:17 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection
2014-03-18 19:03 - 2014-03-18 19:03 - 00000867 _____ () C:\Users\Peter Thomas\Desktop\nX37n33r - Shortcut.lnk
2014-03-18 16:42 - 2014-03-18 16:42 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection
2014-03-18 16:28 - 2014-03-18 16:28 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\Exzvtion
2014-03-18 07:07 - 2014-03-18 07:07 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{26EC236D-102B-4A49-93EB-9D2503873AEB}
2014-03-17 08:22 - 2014-03-17 08:22 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{D703BD0C-05DA-4B09-9F56-0B160D5E73F9}
2014-03-16 13:08 - 2014-03-16 13:08 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{8FE0B353-6E54-46BA-B3B7-F7D5A6662123}
2014-03-15 12:02 - 2014-03-15 12:02 - 00219139 _____ () C:\Users\Peter Thomas\Desktop\pplane8.m
2014-03-15 12:02 - 2014-03-15 12:02 - 00127030 _____ () C:\Users\Peter Thomas\Desktop\Matlab.m
2014-03-14 21:04 - 2014-03-24 05:38 - 00005002 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for SAMC-002-Peter Thomas SAMC-002
2014-03-14 19:49 - 2014-03-14 19:49 - 00002195 _____ () C:\Users\Peter Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-14 18:48 - 2014-03-14 18:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-14 18:35 - 2014-03-14 18:35 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{100DF05D-AFB8-41C0-A218-2B86E32F71D2}
2014-03-13 17:28 - 2014-03-13 17:28 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{85CFCBF5-BD9E-4DDF-90F8-43B94160D230}
2014-03-11 08:17 - 2014-03-11 08:17 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\Microsoft Help
2014-03-10 07:55 - 2014-03-10 07:55 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{DB575B71-0E0B-4AC8-B059-4CD0B47D0021}
2014-03-08 11:23 - 2014-03-08 11:23 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{2CBB812B-63D6-45C0-9FA7-764BFD1E2E71}
2014-03-07 20:11 - 2014-03-07 20:11 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{49334FBC-0511-453A-83CC-170B157FC5D8}
2014-03-07 08:11 - 2014-03-07 08:11 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{4BDCD749-DDCE-4B3F-B426-B282F794374A}
2014-03-06 07:14 - 2014-03-06 07:14 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{E30C8854-0E50-4FEB-ACF1-EBD3749E70FA}
2014-03-05 08:31 - 2014-03-05 08:31 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{8D2BC68A-33B4-45D3-AE79-7332E0D4900B}
2014-03-04 08:32 - 2014-03-04 08:32 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{28D43367-1C06-4B26-860A-F3F686D310EA}
2014-03-03 10:57 - 2014-03-03 10:57 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-03 10:55 - 2014-03-23 10:44 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-03 10:55 - 2014-03-03 10:57 - 00000000 ____D () C:\Program Files\iTunes
2014-03-03 10:55 - 2014-03-03 10:57 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-03 10:55 - 2014-03-03 10:55 - 00000000 ____D () C:\Program Files\iPod
2014-03-03 09:46 - 2014-03-03 09:47 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{3B4A6309-DD07-456D-A1B9-2455EE8FA6E2}
2014-03-02 17:48 - 2014-03-02 17:48 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2014-03-02 17:48 - 2014-03-02 17:48 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2014-03-02 16:23 - 2014-03-02 16:23 - 00773968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2014-03-02 16:23 - 2014-03-02 16:23 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2014-03-01 12:10 - 2014-03-01 12:10 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{67CDC024-2947-41C1-8BDC-BFD87A470C30}
2014-02-28 11:31 - 2014-02-28 11:31 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{444B0546-AC0D-4458-8D1B-DE6BA5A1B801}
2014-02-27 08:27 - 2014-02-27 08:27 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{662CF6CB-5F6D-4490-BE8D-CCC7BFD3111F}
2014-02-26 11:54 - 2014-02-26 11:54 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{A37ACDF6-D5B7-4B83-AF1E-9D0588FA26C2}
2014-02-22 10:59 - 2014-02-22 10:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-02-22 10:58 - 2014-02-22 10:59 - 00000000 ____D () C:\Program Files\SGFX
2014-02-22 10:58 - 2014-02-22 10:58 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\SMSC
2014-02-22 10:57 - 2014-02-22 10:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_lan9500-x64-n620f_01009.Wdf
2014-02-22 09:53 - 2014-02-22 09:54 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{9591FFC3-F1BC-4C67-A8BB-4D9D8CEE7110}
 
==================== One Month Modified Files and Folders =======
 
2014-03-24 05:38 - 2014-03-14 21:04 - 00005002 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for SAMC-002-Peter Thomas SAMC-002
2014-03-24 05:35 - 2014-03-24 05:33 - 00020727 _____ () C:\Users\Peter Thomas\Desktop\FRST.txt
2014-03-24 05:33 - 2014-03-23 19:00 - 00000000 ____D () C:\FRST
2014-03-24 05:30 - 2011-01-20 08:59 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-24 05:29 - 2013-11-19 07:57 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Xuvily
2014-03-24 05:29 - 2011-01-19 22:17 - 00425760 _____ () C:\Windows\PFRO.log
2014-03-24 05:29 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-24 05:29 - 2009-07-14 12:51 - 00160000 _____ () C:\Windows\setupact.log
2014-03-24 05:27 - 2014-03-23 19:49 - 00000000 ___HD () C:\725650d
2014-03-24 05:27 - 2013-11-19 07:57 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Ybtea
2014-03-24 05:27 - 2013-11-19 07:57 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Kanoi
2014-03-24 05:27 - 2011-01-19 15:26 - 00000000 ___RD () C:\Users\Peter Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-24 05:25 - 2012-06-13 08:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-24 05:25 - 2011-01-20 08:59 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-24 05:24 - 2013-02-24 16:59 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-736927911-2674260681-3756843735-1001UA.job
2014-03-23 20:50 - 2009-07-14 12:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-23 20:50 - 2009-07-14 12:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-23 20:41 - 2014-03-23 10:43 - 00000153 _____ () C:\Users\Peter Thomas\AppData\Local\svcxdcl32.dat
2014-03-23 20:39 - 2009-07-14 13:13 - 00732638 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-23 20:36 - 2014-03-23 20:36 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Peter Thomas\Downloads\rkill64.com
2014-03-23 19:38 - 2014-03-23 19:38 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Peter Thomas\Downloads\rkill.com
2014-03-23 19:25 - 2014-03-23 19:25 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-23 19:25 - 2014-03-23 19:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-23 18:59 - 2014-03-23 18:59 - 02157056 _____ (Farbar) C:\Users\Peter Thomas\Desktop\FRST64.exe
2014-03-23 18:10 - 2011-03-04 10:33 - 00000000 ____D () C:\Program Files (x86)\Vuze
2014-03-23 18:04 - 2010-07-15 07:29 - 00000000 ____D () C:\ProgramData\Skype
2014-03-23 18:03 - 2012-10-10 19:01 - 00000000 ____D () C:\Users\Mikki\Desktop\Halo Combat Evolved
2014-03-23 18:03 - 2012-09-22 12:57 - 00000000 ____D () C:\Users\Mikki\Documents\My Games
2014-03-23 18:03 - 2012-04-22 20:07 - 00000000 ___SD () C:\ComboFix
2014-03-23 18:03 - 2011-03-28 08:34 - 00000000 ____D () C:\Users\Mikki\Documents\Fax
2014-03-23 18:03 - 2011-02-21 11:53 - 00000000 ____D () C:\OpenOffice.org 3.3 (en-US) Installation Files
2014-03-23 18:03 - 2011-02-16 17:13 - 00000000 ____D () C:\Users\Mikki\Desktop\Photos Courtesy of Randy Martin Photography
2014-03-23 18:03 - 2011-02-13 13:33 - 00000000 ____D () C:\Users\Mikki\Documents\My Received Files
2014-03-23 18:03 - 2011-01-20 17:40 - 00000000 __RSD () C:\Users\Mikki\Documents\My Stationery
2014-03-23 18:03 - 2010-06-08 01:38 - 00000000 ____D () C:\HP
2014-03-23 18:03 - 2009-09-07 08:40 - 00000000 ___HD () C:\SYSTEM.SAV
2014-03-23 18:03 - 2009-09-07 08:40 - 00000000 ____D () C:\SwSetup
2014-03-23 18:03 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Default
2014-03-23 18:03 - 2009-03-02 13:14 - 00000000 ____D () C:\HD-CEU2_120
2014-03-23 17:51 - 2010-07-15 06:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-23 17:26 - 2014-03-23 17:26 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{F5A0557D-F478-4E7A-B931-2673E4A1B7E8}
2014-03-23 17:04 - 2013-02-24 16:59 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-736927911-2674260681-3756843735-1001Core.job
2014-03-23 17:03 - 2014-03-23 10:43 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Haiqz
2014-03-23 12:47 - 2011-09-21 09:20 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{65BC98F3-5B7D-4C16-8FBA-C85129511154}
2014-03-23 10:59 - 2011-04-04 07:21 - 00364118 _____ () C:\Users\Mikki\Desktop\print.bmp
2014-03-23 10:53 - 2014-03-23 10:53 - 00002777 _____ () C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.HTML
2014-03-23 10:53 - 2014-03-23 10:53 - 00002777 _____ () C:\Users\Mikki\AppData\HOW_DECRYPT.HTML
2014-03-23 10:53 - 2014-03-23 10:53 - 00001261 _____ () C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.TXT
2014-03-23 10:53 - 2014-03-23 10:53 - 00001261 _____ () C:\Users\Mikki\AppData\HOW_DECRYPT.TXT
2014-03-23 10:53 - 2014-03-23 10:53 - 00000133 _____ () C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.URL
2014-03-23 10:53 - 2014-03-23 10:53 - 00000133 _____ () C:\Users\Mikki\AppData\HOW_DECRYPT.URL
2014-03-23 10:53 - 2011-06-25 15:01 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\Stardock
2014-03-23 10:53 - 2011-02-03 16:12 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\OpenOffice.org
2014-03-23 10:53 - 2011-01-20 17:43 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\Skype
2014-03-23 10:53 - 2011-01-19 18:44 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\CyberLink
2014-03-23 10:53 - 2011-01-19 17:53 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\Adobe
2014-03-23 10:52 - 2014-03-23 10:52 - 00002777 _____ () C:\Users\Mikki\AppData\Local\HOW_DECRYPT.HTML
2014-03-23 10:52 - 2014-03-23 10:52 - 00001261 _____ () C:\Users\Mikki\AppData\Local\HOW_DECRYPT.TXT
2014-03-23 10:52 - 2014-03-23 10:52 - 00000133 _____ () C:\Users\Mikki\AppData\Local\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default\AppData\Local\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default\AppData\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default User\AppData\Local\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default User\AppData\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default\AppData\Local\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default\AppData\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default User\AppData\Local\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default User\AppData\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default\AppData\Local\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default\AppData\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default User\AppData\Local\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default User\AppData\HOW_DECRYPT.URL
2014-03-23 10:51 - 2011-08-09 15:49 - 00000000 ____D () C:\Users\Mikki\AppData\Local\Apple Computer
2014-03-23 10:51 - 2011-01-29 15:06 - 00000000 ____D () C:\Users\Mikki\AppData\Local\jagexlauncher
2014-03-23 10:51 - 2011-01-20 17:41 - 00000000 ____D () C:\Users\Mikki\AppData\Local\Google
2014-03-23 10:51 - 2011-01-19 18:50 - 00000000 ____D () C:\Users\Mikki\AppData\Local\Cyberlink
2014-03-23 10:50 - 2013-08-16 19:43 - 00000000 ____D () C:\ProgramData\Nuance
2014-03-23 10:50 - 2012-04-22 20:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-23 10:50 - 2011-05-27 08:02 - 00000000 ____D () C:\ProgramData\Recovery
2014-03-23 10:50 - 2011-01-19 20:44 - 00000000 ____D () C:\ProgramData\HP
2014-03-23 10:49 - 2010-07-15 07:09 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-03-23 10:47 - 2013-08-16 19:43 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-03-23 10:47 - 2013-04-23 16:39 - 00000000 ____D () C:\ProgramData\Bentley
2014-03-23 10:44 - 2014-03-23 10:43 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Adzih
2014-03-23 10:44 - 2014-03-03 10:55 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-23 10:42 - 2014-03-23 10:42 - 00280576 ____H () C:\Windows\client64.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00059904 ____H () C:\Windows\zlib1.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00012800 ____H () C:\Windows\aplib64.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00011264 ____H () C:\Windows\aplib.dll
2014-03-23 00:04 - 2013-01-10 17:27 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\vlc
2014-03-23 00:04 - 2011-03-04 10:34 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Azureus
2014-03-22 22:24 - 2010-08-17 16:30 - 01696019 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 18:41 - 2011-01-31 15:04 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\CrashDumps
2014-03-22 18:25 - 2014-03-22 18:25 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\EndNote
2014-03-22 18:25 - 2014-03-22 18:24 - 00000000 ____D () C:\ProgramData\Thomson.ResearchSoft.Installers
2014-03-22 18:24 - 2014-03-22 18:24 - 00000000 ____D () C:\Users\Public\Documents\EndNote
2014-03-22 18:24 - 2014-03-22 18:24 - 00000000 ____D () C:\Program Files (x86)\EndNote X6
2014-03-22 18:20 - 2014-03-22 18:19 - 71266536 _____ (Edith Cowan University) C:\Users\Peter Thomas\Desktop\EndnoteX6_CHUL.exe
2014-03-22 18:14 - 2014-03-22 18:14 - 00003316 _____ () C:\Windows\System32\Tasks\4824
2014-03-22 18:14 - 2014-03-22 18:14 - 00003226 _____ () C:\Windows\System32\Tasks\0
2014-03-22 18:14 - 2011-03-03 09:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-22 18:11 - 2011-01-19 20:45 - 00000000 ____D () C:\Program Files\HP
2014-03-22 18:11 - 2011-01-19 20:45 - 00000000 ____D () C:\Program Files (x86)\HP
2014-03-22 18:07 - 2011-04-11 11:49 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\Conduit
2014-03-22 11:57 - 2014-03-22 11:57 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{7BFFF8BA-DBB4-47BB-871E-10DB00B65278}
2014-03-21 11:24 - 2014-03-21 11:24 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{622D34A1-ED12-42F9-97E7-39FB73C68635}
2014-03-18 19:17 - 2014-03-18 19:17 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection
2014-03-18 19:17 - 2011-01-21 13:14 - 00000000 ____D () C:\Users\Mikki\Tracing
2014-03-18 19:17 - 2011-01-19 17:55 - 00085472 _____ () C:\Users\Mikki\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-18 19:03 - 2014-03-18 19:03 - 00000867 _____ () C:\Users\Peter Thomas\Desktop\nX37n33r - Shortcut.lnk
2014-03-18 16:55 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-18 16:42 - 2014-03-18 16:42 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection
2014-03-18 16:28 - 2014-03-18 16:28 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\Exzvtion
2014-03-18 07:07 - 2014-03-18 07:07 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{26EC236D-102B-4A49-93EB-9D2503873AEB}
2014-03-17 08:22 - 2014-03-17 08:22 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{D703BD0C-05DA-4B09-9F56-0B160D5E73F9}
2014-03-16 13:57 - 2013-06-14 18:49 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-16 13:08 - 2014-03-16 13:08 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{8FE0B353-6E54-46BA-B3B7-F7D5A6662123}
2014-03-16 13:03 - 2009-07-14 12:45 - 00374400 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-15 12:03 - 2011-01-20 08:48 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
2014-03-15 12:02 - 2014-03-15 12:02 - 00219139 _____ () C:\Users\Peter Thomas\Desktop\pplane8.m
2014-03-15 12:02 - 2014-03-15 12:02 - 00127030 _____ () C:\Users\Peter Thomas\Desktop\Matlab.m
2014-03-14 20:04 - 2011-01-19 04:23 - 00085472 _____ () C:\Users\Peter Thomas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-14 19:56 - 2011-11-09 08:57 - 00045056 _____ () C:\Users\Peter Thomas\Desktop\CofG VH-EGG.xls
2014-03-14 19:49 - 2014-03-14 19:49 - 00002195 _____ () C:\Users\Peter Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-14 19:03 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-14 18:49 - 2014-03-14 18:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-14 18:35 - 2014-03-14 18:35 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{100DF05D-AFB8-41C0-A218-2B86E32F71D2}
2014-03-13 17:28 - 2014-03-13 17:28 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{85CFCBF5-BD9E-4DDF-90F8-43B94160D230}
2014-03-13 17:27 - 2013-03-20 16:30 - 00000000 ____D () C:\Users\Peter Thomas\Desktop\Yolandie Engineering
2014-03-12 08:25 - 2012-06-13 08:40 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 08:25 - 2012-05-10 07:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 08:25 - 2011-06-06 17:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 08:17 - 2014-03-11 08:17 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\Microsoft Help
2014-03-10 10:36 - 2012-02-20 07:55 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\Windows Live
2014-03-10 10:36 - 2011-01-19 15:59 - 00000000 ____D () C:\Users\Peter Thomas\Tracing
2014-03-10 10:32 - 2011-01-25 08:41 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\CutePDF Writer
2014-03-10 07:55 - 2014-03-10 07:55 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{DB575B71-0E0B-4AC8-B059-4CD0B47D0021}
2014-03-08 11:23 - 2014-03-08 11:23 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{2CBB812B-63D6-45C0-9FA7-764BFD1E2E71}
2014-03-07 20:11 - 2014-03-07 20:11 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{49334FBC-0511-453A-83CC-170B157FC5D8}
2014-03-07 08:11 - 2014-03-07 08:11 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{4BDCD749-DDCE-4B3F-B426-B282F794374A}
2014-03-06 07:14 - 2014-03-06 07:14 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{E30C8854-0E50-4FEB-ACF1-EBD3749E70FA}
2014-03-05 08:31 - 2014-03-05 08:31 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{8D2BC68A-33B4-45D3-AE79-7332E0D4900B}
2014-03-04 08:32 - 2014-03-04 08:32 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{28D43367-1C06-4B26-860A-F3F686D310EA}
2014-03-03 10:57 - 2014-03-03 10:57 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-03 10:57 - 2014-03-03 10:55 - 00000000 ____D () C:\Program Files\iTunes
2014-03-03 10:57 - 2014-03-03 10:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-03 10:55 - 2014-03-03 10:55 - 00000000 ____D () C:\Program Files\iPod
2014-03-03 09:47 - 2014-03-03 09:46 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{3B4A6309-DD07-456D-A1B9-2455EE8FA6E2}
2014-03-02 17:48 - 2014-03-02 17:48 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2014-03-02 17:48 - 2014-03-02 17:48 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2014-03-02 16:23 - 2014-03-02 16:23 - 00773968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2014-03-02 16:23 - 2014-03-02 16:23 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2014-03-01 12:10 - 2014-03-01 12:10 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{67CDC024-2947-41C1-8BDC-BFD87A470C30}
2014-02-28 11:31 - 2014-02-28 11:31 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{444B0546-AC0D-4458-8D1B-DE6BA5A1B801}
2014-02-27 08:27 - 2014-02-27 08:27 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{662CF6CB-5F6D-4490-BE8D-CCC7BFD3111F}
2014-02-26 11:54 - 2014-02-26 11:54 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{A37ACDF6-D5B7-4B83-AF1E-9D0588FA26C2}
2014-02-22 11:21 - 2011-02-24 20:58 - 00000000 ____D () C:\ProgramData\Apple
2014-02-22 10:59 - 2014-02-22 10:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-02-22 10:59 - 2014-02-22 10:58 - 00000000 ____D () C:\Program Files\SGFX
2014-02-22 10:59 - 2010-08-17 16:28 - 00456246 _____ () C:\Windows\DPINST.LOG
2014-02-22 10:58 - 2014-02-22 10:58 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\SMSC
2014-02-22 10:57 - 2014-02-22 10:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_lan9500-x64-n620f_01009.Wdf
2014-02-22 09:54 - 2014-02-22 09:53 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{9591FFC3-F1BC-4C67-A8BB-4D9D8CEE7110}
 
Files to move or delete:
====================
C:\Users\Mikki\jagex_runescape_preferences.dat
C:\Users\Mikki\jagex_runescape_preferences2.dat
C:\Users\Peter Thomas\g2ax_customer_downloadhelper_win32_x86.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-20 12:25
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 PM

Posted 25 March 2014 - 09:57 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

Please post up the addition.txt and run the following tool:

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 ptommo77

ptommo77
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 26 March 2014 - 05:45 AM

Hi Marius,

 

Thank you for your time on this. I ran the scan and 0 threats were found.

 

I still have the com surrogate issue.



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 PM

Posted 26 March 2014 - 05:52 AM

Please post up the addition.txt and run the following tool:

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 ptommo77

ptommo77
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 26 March 2014 - 06:54 AM

there is not addition.txt from this scan



#6 ptommo77

ptommo77
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 26 March 2014 - 06:55 AM

I have addition.txt from a previous scan from when I used FRST64.exe to scan my computer


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Peter Thomas at 2014-03-24 05:41:51
Running from C:\Users\Peter Thomas\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Airbus A330-300RR V2.1 (HKLM-x32\...\Airbus A330-300RR V2.1) (Version:  - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aware System Update (HKCU\...\b9355229a2e7c67c) (Version: 1.0.0.13 - Airbox Aerospace Ltd)
B209a-m (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bentley DGN IFilter (HKLM\...\{2E873893-A883-4C06-8308-7B491D58F3D6}) (Version: 1.0.1.9 - Bentley Systems, Incorporated)
Bentley DGN Thumbnail Provider (HKLM\...\{74A8C1AF-75E5-4653-95AF-222725B7D877}) (Version: 8.11.7.404 - Bentley Systems, Incorporated)
Bentley V8i (SELECTseries 2) - Autodesk® RealDWG™ 2010 (HKLM-x32\...\{477F115E-D48E-4D9D-B839-2AF37CA2987B}) (Version: 8.11.7.443 - Bentley Systems, Incorporated)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J6510DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Core Graphics Software (Version: 3.1.46.2657 - SMSC) Hidden
Counter Strike 1.6 Modern Warfare 2 2010 (HKLM-x32\...\Counter Strike 1.6 Modern Warfare 2 2010) (Version:  - )
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) <==== ATTENTION
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2511 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deer Hunter - The 2005 Season (HKLM-x32\...\Deer Hunter 2005_is1) (Version:  - Atari, Inc.)
Deer Hunter 2005 (HKLM-x32\...\Deer Hunter 2005) (Version:  - )
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0002 - Microsoft Corporation)
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
EndNote X6 (HKLM-x32\...\{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}) (Version: 16.0.0.6348 - Thomson Reuters)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fences (HKLM-x32\...\Fences) (Version:  - Stardock Corporation)
Fences (Version: 1.0 - Stardock Corporation) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Documentation (HKLM-x32\...\{7C36414C-DC87-4943-A525-BC1717BA17C9}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 7500 E910 Basic Device Software (HKLM\...\{7CF50183-026B-418D-A26C-A254290BD824}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{B2DAB009-8236-48A0-AD7F-E940F5AB1578}) (Version: 14.0 - HP)
HP Port Replicator Software Installer (HKLM-x32\...\{75BF632E-4761-4CF4-A368-E158B8A1BB1C}) (Version: 0.2.5 - HP)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{10427BCB-0742-43BE-81E2-3920972946F5}) (Version: 1.18.23.1 - LightScribe)
LTspice/SwCADIII (HKLM-x32\...\SwitcherCAD III) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Flight Simulator X (x32 Version: 10.0.61355.0 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4569.1508 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MicroStation V8i (SELECTseries 2) 08.11.07.443 (HKLM-x32\...\{7E9B0F70-EEF6-41E1-BF89-FDC4B9EDBD9C}) (Version: 8.11.7.443 - Bentley Systems, Incorporated)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
pdfsam (HKLM-x32\...\pdfsam) (Version: 2.2.1 - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.9 - Power Software Ltd)
PS_AIO_06_B209a-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6122 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0329 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - )
Roxio Express Labeler 3 (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
RtVOsd (HKLM\...\{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}) (Version: 1.0.3 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.0.4 (HKLM-x32\...\{5D87C09F-512F-474A-A306-0FE3B89C396F}) (Version: 1.0.4 - Jagex Ltd)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Scansoft PDF Professional (x32 Version:  - ) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.5.11422 - Skype Technologies S.A.)
Skype™ 6.1 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SMSC Core Graphics Software (HKLM-x32\...\Core Graphics Software) (Version: 3.1.46.2657 - SMSC)
SoftStylus (HKLM-x32\...\{AC20F304-F02A-473E-BDE7-2400FC7429ED}) (Version: 2.2.131.4 - Motorola)
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
ViewSpan (HKLM\...\{6285D158-D528-4ED8-A935-BB2A402E21F2}) (Version: 2.8.1.0 - SMSC)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Basic for Applications ® Core - English (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.4.16 - WildTangent)
Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net  (09/25/2008 3.1.0.101) (HKLM\...\B090418E214D6BD6EE18A512A8EE609225AC9279) (Version: 09/25/2008 3.1.0.101 - Atheros Communications Inc.)
Windows Driver Package - NETGEAR Inc. (RTL8187) Net  (12/01/2006 6.1258.1201.2006) (HKLM\...\5AF8BE22A56B38B1816F36BAC6A71F1277E45440) (Version: 12/01/2006 6.1258.1201.2006 - NETGEAR Inc.)
Windows Driver Package - Thomson (USB_RNDIS) Net  (02/15/2007 2.0.0.0) (HKLM\...\2CA3B8348CD526E9B8928840AC68738C5B5A4F8F) (Version: 02/15/2007 2.0.0.0 - Thomson)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
ZIP PASSWORD FINDER (HKLM-x32\...\ZIP PASSWORD FINDER) (Version:  - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {12A1FF9B-D1BF-4E0D-942D-A9CF7BC709C2} - System32\Tasks\{77262E6A-0D58-434C-94FF-3B766AD8FC23} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VH.exe
Task: {1E4A097C-5978-402E-9CE3-880928EF708F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {2D392100-1FD5-4A7E-AD29-866A3133F342} - System32\Tasks\{A81CEDD4-468C-4B85-BD0F-3EEA1F50EBEC} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VH.exe
Task: {2E330BEB-3E29-4630-91C6-A58BE4BAE4D7} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {2EBD8D3A-9685-46B2-9622-1EE6CA806C35} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20] (Google Inc.)
Task: {3A56EC65-C23B-4DA8-BA85-CD2D8A11643C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {42B17E27-7DD4-48CC-A47B-03FC84ABE1D7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {42C6EF0A-703A-4B7E-A044-846E5842BB89} - System32\Tasks\{44FE6C47-5263-4C1E-9BC0-EBCAFD8D730E} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VH.exe
Task: {44897483-FB5A-49B0-ABE8-82D552611A5C} - System32\Tasks\{4145EC26-1D11-4BF5-B6F3-3AB2AD8E07B5} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-01-08] (Skype Technologies S.A.)
Task: {4912D4A5-D4DC-4D4C-90F5-8BEBD76FBEB4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-736927911-2674260681-3756843735-1001UA => C:\Users\Peter Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-24] (Facebook Inc.)
Task: {4A83DA3C-A126-488D-BE95-11C75C680A4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {4CF1A885-695F-4538-8A6C-D9ECE6D9E383} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {4FCB8B50-85FA-4567-96CE-0231DE7ADAC1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {508235D7-DA96-44E4-ADEF-7FF699D450A3} - System32\Tasks\{795DB812-92E7-4A36-910D-C331E9F71E5D} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VH.exe
Task: {516FF2AF-AAC7-4CC2-89ED-6995A2DEB9C8} - System32\Tasks\4824 => Wscript.exe C:\Users\PETERT~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {5BD7B2DC-10F9-4FC5-BAC9-EA75AA7E5EF5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {6966C521-3A2D-436A-AA0B-BB5E0F96C5AF} - System32\Tasks\{D175559E-F606-4BF0-8614-274CBE42724B} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VH.exe
Task: {6A53DAEF-F411-4047-912C-33308FE5AF3F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {6C6B369C-63F3-4750-82C6-2BDEBC85A9EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-02-23] (Hewlett-Packard Company)
Task: {73901D76-A01F-42EC-9AC4-983754B63592} - System32\Tasks\{D59391EB-EC05-476C-8A6D-D902AC1510A8} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VH.exe
Task: {826E523E-570C-46EF-A24C-C4EA6BA9FA2B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {93E02B73-E678-4A1C-B5E4-206730839B61} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {B9CB5E53-572A-447F-9CDE-1383AB544346} - System32\Tasks\{7A2EB58C-865B-4FB0-834C-B9CEE18885FC} => Iexplore.exe http://ui.skype.com/ui/0/5.1.0.112.259/en/abandoninstall?page=tsChrome&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefault
Task: {C18D54C5-45C5-42AA-87BB-9CE7F736F590} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-736927911-2674260681-3756843735-1001Core => C:\Users\Peter Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-24] (Facebook Inc.)
Task: {C835689F-1DE3-4463-AC86-A29406A53C94} - System32\Tasks\{21E34FDE-FD75-4008-8223-A3952AF80D23} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VHPack.exe
Task: {D15EF8D9-8D3C-4E7E-843D-3CEB78D51183} - System32\Tasks\{1C0B9158-02E9-40C5-B10F-21BEC2A8F763} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VH.exe
Task: {D8F5E540-1D9B-4893-A796-08373EA76E47} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20] (Google Inc.)
Task: {F37FB8D1-8DE5-4752-8CA2-4F1684711345} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {F7C05054-C276-4014-B353-BB4360CCE69F} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {FC208A4B-621B-44DB-8652-C3C8B6805C72} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SAMC-002-Peter Thomas SAMC-002 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-03-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-736927911-2674260681-3756843735-1001Core.job => C:\Users\Peter Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-736927911-2674260681-3756843735-1001UA.job => C:\Users\Peter Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-01-25 08:36 - 2009-11-05 05:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2014-03-14 18:48 - 2013-10-31 17:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-14 18:48 - 2014-01-02 18:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-08-16 20:19 - 2010-03-16 07:04 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2014-03-14 19:09 - 2014-03-14 19:09 - 08878248 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00280576 ____H () C:\Windows\client64.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00012800 ____H () C:\Windows\aplib64.dll
2012-01-13 10:18 - 2009-06-01 23:15 - 00051200 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-04-30 22:43 - 2012-04-30 22:43 - 02230848 _____ () C:\Program Files\SGFX\SgfxConfig.exe
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-18 16:28 - 2014-03-18 16:28 - 00106496 _____ () C:\Users\Peter Thomas\AppData\Local\Exzvtion\PowNap.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-08-16 20:19 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-03-14 18:49 - 2014-03-14 18:49 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-03-16 13:57 - 2014-03-15 08:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-16 13:57 - 2014-03-15 08:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-16 13:57 - 2014-03-15 08:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-16 13:57 - 2014-03-15 08:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-16 13:57 - 2014-03-15 08:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-16 13:57 - 2014-03-15 08:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-16 13:57 - 2014-03-15 08:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BBSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: HP Wireless Assistant Service => 2
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Peter Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: Mobile Partner => C:\Program Files (x86)\Optus Mini WiFi\Optus Mini WiFi Modem
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
MSCONFIG\startupreg: WLSync => "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet 7500 E910
Description: Officejet 7500 E910
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/23/2014 08:42:00 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (03/23/2014 08:27:11 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (03/23/2014 07:49:57 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (03/23/2014 06:31:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (03/23/2014 05:41:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (03/23/2014 05:41:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (03/23/2014 05:41:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (03/23/2014 05:39:21 PM) (Source: Wininit) (User: )
Description: A critical system process, C:\Windows\system32\lsass.exe, failed with status code 1.  The machine must now be restarted.
 
Error: (03/23/2014 05:17:29 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (03/23/2014 10:43:59 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
 
System errors:
=============
Error: (03/24/2014 05:30:48 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/24/2014 05:23:44 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
 
Error: (03/23/2014 08:41:50 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/23/2014 08:35:57 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/23/2014 08:35:57 PM) (Source: Service Control Manager) (User: )
Description: The hpqcxs08 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/23/2014 08:27:16 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/23/2014 08:24:33 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/23/2014 07:49:25 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/23/2014 07:14:13 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (03/23/2014 07:14:12 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
 
 
Microsoft Office Sessions:
=========================
Error: (03/23/2014 08:42:00 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (03/23/2014 08:27:11 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (03/23/2014 07:49:57 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (03/23/2014 06:31:46 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (03/23/2014 05:41:52 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (03/23/2014 05:41:52 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (03/23/2014 05:41:52 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (03/23/2014 05:39:21 PM) (Source: Wininit)(User: )
Description: C:\Windows\system32\lsass.exe1
 
Error: (03/23/2014 05:17:29 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (03/23/2014 10:43:59 AM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-10-11 12:57:50.957
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hwusbser02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-11 12:57:50.902
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hwusbser02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-11 10:56:11.549
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hwusbser02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-11 10:56:11.487
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hwusbser02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-22 20:01:36.373
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-22 20:01:36.358
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-22 19:30:06.337
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\PETERT~1\AppData\Local\Temp\dofmrqql.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-22 19:30:06.306
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\PETERT~1\AppData\Local\Temp\dofmrqql.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-22 19:18:53.763
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\PETERT~1\AppData\Local\Temp\dofmrqql.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-22 19:18:53.732
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\PETERT~1\AppData\Local\Temp\dofmrqql.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 34%
Total physical RAM: 3998.92 MB
Available physical RAM: 2631.69 MB
Total Pagefile: 23378.71 MB
Available Pagefile: 21360.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:282.5 GB) (Free:23.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.29 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1B0FDEFE)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End Of Log ============================


#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 PM

Posted 26 March 2014 - 07:25 AM

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

Coupon Printer for Windows


Close the window.

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 ptommo77

ptommo77
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 26 March 2014 - 08:03 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Peter Thomas at 2014-03-26 21:01:40 Run:6
Running from C:\Users\Peter Thomas\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Task: {516FF2AF-AAC7-4CC2-89ED-6995A2DEB9C8} - System32\Tasks\4824 => Wscript.exe C:\Users\PETERT~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {F7C05054-C276-4014-B353-BB4360CCE69F} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
HKLM\...\Run: [AS2014] - C:\ProgramData\nX37n33r\nX37n33r.exe
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,,C:\ProgramData\nX37n33r\nX37n33r.exe -sm,
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [Exzvtion] - regsvr32.exe "C:\Users\Peter Thomas\AppData\Local\Exzvtion\PowNap.dll" <===== ATTENTION
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\PETERT~1\AppData\Local\Temp\snpuupq\sboevum\wow.dll ATTENTION! ====> ZeroAccess?
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {3D370F54-50F6-4D4A-B007-A2C0A3CC4F7D} URL = 
SearchScopes: HKCU - {C37CA9E3-C514-4351-A0F2-870588A977BD} URL = 
SearchScopes: HKCU - {C81156CE-A7CB-4CEF-90CD-959E769DBB67} URL = 
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [Flasures] - rundll32 "C:\Windows\client64.dll",CreateProcessNotify
2014-03-22 18:14 - 2014-03-22 18:14 - 00003316 _____ () C:\Windows\System32\Tasks\4824
2014-03-22 18:14 - 2014-03-22 18:14 - 00003226 _____ () C:\Windows\System32\Tasks\0
 
c:\Users\PETERT~1\AppData\Local\Temp\launchie.vbs
C:\ProgramData\nX37n33r
C:\Users\Peter Thomas\AppData\Local\Exzvtion
C:\Users\Mikki\jagex_runescape_preferences.dat
C:\Users\Mikki\jagex_runescape_preferences2.dat
C:\Users\Peter Thomas\g2ax_customer_downloadhelper_win32_x86.exe
2014-03-23 10:53 - 2014-03-23 10:53 - 00002777 _____ () C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.HTML
2014-03-23 10:53 - 2014-03-23 10:53 - 00002777 _____ () C:\Users\Mikki\AppData\HOW_DECRYPT.HTML
2014-03-23 10:53 - 2014-03-23 10:53 - 00001261 _____ () C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.TXT
2014-03-23 10:53 - 2014-03-23 10:53 - 00001261 _____ () C:\Users\Mikki\AppData\HOW_DECRYPT.TXT
2014-03-23 10:53 - 2014-03-23 10:53 - 00000133 _____ () C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.URL
2014-03-23 10:53 - 2014-03-23 10:53 - 00000133 _____ () C:\Users\Mikki\AppData\HOW_DECRYPT.URL
2014-03-23 10:52 - 2014-03-23 10:52 - 00002777 _____ () C:\Users\Mikki\AppData\Local\HOW_DECRYPT.HTML
2014-03-23 10:52 - 2014-03-23 10:52 - 00001261 _____ () C:\Users\Mikki\AppData\Local\HOW_DECRYPT.TXT
2014-03-23 10:52 - 2014-03-23 10:52 - 00000133 _____ () C:\Users\Mikki\AppData\Local\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default\AppData\Local\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default\AppData\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default User\AppData\Local\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default User\AppData\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default\AppData\Local\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default\AppData\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default User\AppData\Local\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default User\AppData\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default\AppData\Local\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default\AppData\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default User\AppData\Local\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default User\AppData\HOW_DECRYPT.URL
2014-03-23 10:43 - 2014-03-23 20:41 - 00000153 _____ () C:\Users\Peter Thomas\AppData\Local\svcxdcl32.dat
2014-03-23 10:43 - 2014-03-23 17:03 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Haiqz
2014-03-23 10:43 - 2014-03-23 10:44 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Adzih
2014-03-23 10:42 - 2014-03-23 10:42 - 00280576 ____H () C:\Windows\client64.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00059904 ____H () C:\Windows\zlib1.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00012800 ____H () C:\Windows\aplib64.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00011264 ____H () C:\Windows\aplib.dll
2014-03-18 19:17 - 2014-03-18 19:17 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection
2014-03-18 16:42 - 2014-03-18 16:42 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection
2014-03-24 05:27 - 2014-03-23 19:49 - 00000000 ___HD () C:\725650d
2014-03-24 05:27 - 2013-11-19 07:57 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Ybtea
2014-03-24 05:27 - 2013-11-19 07:57 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Kanoi
2014-03-24 05:27 - 2011-01-19 15:26 - 00000000 ___RD () C:\Users\Peter Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
 
 
*****************
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{516FF2AF-AAC7-4CC2-89ED-6995A2DEB9C8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{516FF2AF-AAC7-4CC2-89ED-6995A2DEB9C8} => Key deleted successfully.
C:\Windows\System32\Tasks\4824 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4824 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7C05054-C276-4014-B353-BB4360CCE69F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7C05054-C276-4014-B353-BB4360CCE69F} => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Exzvtion => Value deleted successfully.
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3D370F54-50F6-4D4A-B007-A2C0A3CC4F7D} => Key deleted successfully.
HKCR\CLSID\{3D370F54-50F6-4D4A-B007-A2C0A3CC4F7D} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C37CA9E3-C514-4351-A0F2-870588A977BD} => Key deleted successfully.
HKCR\CLSID\{C37CA9E3-C514-4351-A0F2-870588A977BD} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C81156CE-A7CB-4CEF-90CD-959E769DBB67} => Key deleted successfully.
HKCR\CLSID\{C81156CE-A7CB-4CEF-90CD-959E769DBB67} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => Value deleted successfully.
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} => Value deleted successfully.
HKCR\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found.
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Flasures => Value deleted successfully.
"C:\Windows\System32\Tasks\4824" => File/Directory not found.
"C:\Windows\System32\Tasks\0" => File/Directory not found.
"c:\Users\PETERT~1\AppData\Local\Temp\launchie.vbs" => File/Directory not found.
"C:\ProgramData\nX37n33r" => File/Directory not found.
C:\Users\Peter Thomas\AppData\Local\Exzvtion => Moved successfully.
C:\Users\Mikki\jagex_runescape_preferences.dat => Moved successfully.
C:\Users\Mikki\jagex_runescape_preferences2.dat => Moved successfully.
C:\Users\Peter Thomas\g2ax_customer_downloadhelper_win32_x86.exe => Moved successfully.
C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.HTML => Moved successfully.
C:\Users\Mikki\AppData\HOW_DECRYPT.HTML => Moved successfully.
C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.TXT => Moved successfully.
C:\Users\Mikki\AppData\HOW_DECRYPT.TXT => Moved successfully.
C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.URL => Moved successfully.
C:\Users\Mikki\AppData\HOW_DECRYPT.URL => Moved successfully.
C:\Users\Mikki\AppData\Local\HOW_DECRYPT.HTML => Moved successfully.
C:\Users\Mikki\AppData\Local\HOW_DECRYPT.TXT => Moved successfully.
C:\Users\Mikki\AppData\Local\HOW_DECRYPT.URL => Moved successfully.
C:\Users\Default\AppData\Local\HOW_DECRYPT.HTML => Moved successfully.
C:\Users\Default\AppData\HOW_DECRYPT.HTML => Moved successfully.
"C:\Users\Default User\AppData\Local\HOW_DECRYPT.HTML" => File/Directory not found.
"C:\Users\Default User\AppData\HOW_DECRYPT.HTML" => File/Directory not found.
C:\Users\Default\AppData\Local\HOW_DECRYPT.TXT => Moved successfully.
C:\Users\Default\AppData\HOW_DECRYPT.TXT => Moved successfully.
"C:\Users\Default User\AppData\Local\HOW_DECRYPT.TXT" => File/Directory not found.
"C:\Users\Default User\AppData\HOW_DECRYPT.TXT" => File/Directory not found.
C:\Users\Default\AppData\Local\HOW_DECRYPT.URL => Moved successfully.
C:\Users\Default\AppData\HOW_DECRYPT.URL => Moved successfully.
"C:\Users\Default User\AppData\Local\HOW_DECRYPT.URL" => File/Directory not found.
"C:\Users\Default User\AppData\HOW_DECRYPT.URL" => File/Directory not found.
C:\Users\Peter Thomas\AppData\Local\svcxdcl32.dat => Moved successfully.
C:\Users\Peter Thomas\AppData\Roaming\Haiqz => Moved successfully.
C:\Users\Peter Thomas\AppData\Roaming\Adzih => Moved successfully.
C:\Windows\client64.dll => Moved successfully.
C:\Windows\zlib1.dll => Moved successfully.
C:\Windows\aplib64.dll => Moved successfully.
C:\Windows\aplib.dll => Moved successfully.
C:\Users\Mikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection => Moved successfully.
C:\Users\Peter Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection => Moved successfully.
C:\725650d => Moved successfully.
C:\Users\Peter Thomas\AppData\Roaming\Ybtea => Moved successfully.
C:\Users\Peter Thomas\AppData\Roaming\Kanoi => Moved successfully.
C:\Users\Peter Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup => Moved successfully.
 
==== End of Fixlog ====


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 PM

Posted 26 March 2014 - 08:31 AM

Then I need the MBAM log as well, please. :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 ptommo77

ptommo77
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 26 March 2014 - 04:40 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.26.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Peter Thomas :: SAMC-002 [administrator]
 
26/03/2014 9:04:39 PM
mbam-log-2014-03-26 (21-04-39).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 600818
Time elapsed: 1 hour(s), 46 minute(s), 11 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\Peter Thomas\AppData\Local\Temp\4EED.tmp (Trojan.Agent.ED) -> Quarantined and deleted successfully.
 
(end)


#11 ptommo77

ptommo77
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 26 March 2014 - 04:41 PM

I still have the problem



#12 ptommo77

ptommo77
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 26 March 2014 - 05:02 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Peter Thomas (administrator) on SAMC-002 on 27-03-2014 05:57:32
Running from C:\Users\Peter Thomas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(SMSC) C:\Program Files\SGFX\sgfxmgr.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
() C:\Program Files\SGFX\SgfxConfig.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-23] (Synaptics Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] - C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SgfxConfig] - C:\Program Files\SGFX\sgfxconfig.exe [2230848 2012-04-30] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\.DEFAULT\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [Facebook Update] - C:\Users\Peter Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-24] (Facebook Inc.)
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [HP Officejet 7500 E910 (NET)] - C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\MountPoints2: F - F:\SETUP.EXE
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\MountPoints2: G - G:\autorun.exe
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\MountPoints2: {c4d82d5b-5afc-11e2-b89d-60eb694fb604} - H:\AutoRun.exe
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\MountPoints2: {d931add4-23d6-11e0-96b9-806e6f6e6963} - E:\start.exe
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\PETERT~1\AppData\Local\Temp\snpuupq\sboevum\wow.dll ATTENTION! ====> ZeroAccess?
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecu.edu.au/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.com.au/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {3D370F54-50F6-4D4A-B007-A2C0A3CC4F7D} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {C37CA9E3-C514-4351-A0F2-870588A977BD} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: HKLM-x32 {AD58C149-8AE2-4878-99DC-3A164E32F814} http://apps.bentley.com/studentserver/Scripts/SAXFileEE.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {EA1B8527-E422-4909-825A-70BE0694F18E} https://online.westpac.com.au/wtpbs/wtBalanceSheet/portfoliomanagerwt.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: google.com.au
CHR Extension: (CLSID_QueryResult) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-03-18]
CHR Extension: (YouTube) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-14]
CHR Extension: (Google Search) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-14]
CHR Extension: (Skype Click to Call) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-14]
CHR Extension: (Google Wallet) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-22]
CHR Extension: (Gmail) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-12-13]
 
==================== Services (Whitelisted) =================
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 SGFXMgr; C:\Program Files\SGFX\sgfxmgr.exe [5715968 2012-04-27] (SMSC)
S3 STSService; "C:\Program Files (x86)\AllMusicConverter Media Suite\STSService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 a016bus; C:\Windows\System32\DRIVERS\a016bus.sys [109096 2008-01-18] (MCCI Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 LAN9500; C:\Windows\System32\DRIVERS\lan9500-x64-n620f.sys [80384 2013-11-05] (SMSC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MusCAudio; C:\Windows\System32\drivers\MusCAudio.sys [34040 2011-02-16] (Windows ® Codename Longhorn DDK provider)
S3 qcusbser; C:\Windows\System32\DRIVERS\hwusbser02.sys [120960 2010-12-08] (QUALCOMM Incorporated)
S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2010-03-15] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation)
S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation)
S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2010-03-15] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2010-03-15] (MCCI Corporation)
R4 sgfxk; C:\Windows\System32\drivers\sgfxk64.sys [141888 2012-05-01] (SMSC)
R0 sgfxl; C:\Windows\System32\drivers\sgfxl64.sys [14912 2012-05-01] (SMSC)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [122624 2011-01-13] (ZTE Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CEDRIVER60; \??\C:\Program Files (x86)\Cheat Engine 6\dbk64.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 NPF; system32\DRIVERS\npf.sys [X]
U2 wuaserv; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-27 05:57 - 2014-03-27 05:58 - 00018153 _____ () C:\Users\Peter Thomas\Desktop\FRST.txt
2014-03-26 19:53 - 2014-03-26 19:53 - 00000193 _____ () C:\Windows\WORDPAD.INI
2014-03-23 19:25 - 2014-03-23 19:25 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-23 19:25 - 2014-03-23 19:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-23 19:25 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-23 19:00 - 2014-03-27 05:57 - 00000000 ____D () C:\FRST
2014-03-23 18:59 - 2014-03-23 18:59 - 02157056 _____ (Farbar) C:\Users\Peter Thomas\Desktop\FRST64.exe
2014-03-23 17:26 - 2014-03-23 17:26 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{F5A0557D-F478-4E7A-B931-2673E4A1B7E8}
2014-03-22 18:25 - 2014-03-22 18:25 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\EndNote
2014-03-22 18:24 - 2014-03-22 18:25 - 00000000 ____D () C:\ProgramData\Thomson.ResearchSoft.Installers
2014-03-22 18:24 - 2014-03-22 18:24 - 00000000 ____D () C:\Users\Public\Documents\EndNote
2014-03-22 18:24 - 2014-03-22 18:24 - 00000000 ____D () C:\Program Files (x86)\EndNote X6
2014-03-22 18:19 - 2014-03-22 18:20 - 71266536 _____ (Edith Cowan University) C:\Users\Peter Thomas\Desktop\EndnoteX6_CHUL.exe
2014-03-22 11:57 - 2014-03-22 11:57 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{7BFFF8BA-DBB4-47BB-871E-10DB00B65278}
2014-03-21 11:24 - 2014-03-21 11:24 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{622D34A1-ED12-42F9-97E7-39FB73C68635}
2014-03-18 19:03 - 2014-03-18 19:03 - 00000867 _____ () C:\Users\Peter Thomas\Desktop\nX37n33r - Shortcut.lnk
2014-03-18 07:07 - 2014-03-18 07:07 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{26EC236D-102B-4A49-93EB-9D2503873AEB}
2014-03-17 08:22 - 2014-03-17 08:22 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{D703BD0C-05DA-4B09-9F56-0B160D5E73F9}
2014-03-16 13:08 - 2014-03-16 13:08 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{8FE0B353-6E54-46BA-B3B7-F7D5A6662123}
2014-03-15 12:02 - 2014-03-15 12:02 - 00219139 _____ () C:\Users\Peter Thomas\Desktop\pplane8.m
2014-03-15 12:02 - 2014-03-15 12:02 - 00127030 _____ () C:\Users\Peter Thomas\Desktop\Matlab.m
2014-03-14 21:04 - 2014-03-27 05:57 - 00005002 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for SAMC-002-Peter Thomas SAMC-002
2014-03-14 19:49 - 2014-03-14 19:49 - 00002195 _____ () C:\Users\Peter Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-14 18:48 - 2014-03-14 18:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-14 18:35 - 2014-03-14 18:35 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{100DF05D-AFB8-41C0-A218-2B86E32F71D2}
2014-03-13 17:28 - 2014-03-13 17:28 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{85CFCBF5-BD9E-4DDF-90F8-43B94160D230}
2014-03-11 08:17 - 2014-03-11 08:17 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\Microsoft Help
2014-03-10 07:55 - 2014-03-10 07:55 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{DB575B71-0E0B-4AC8-B059-4CD0B47D0021}
2014-03-08 11:23 - 2014-03-08 11:23 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{2CBB812B-63D6-45C0-9FA7-764BFD1E2E71}
2014-03-07 20:11 - 2014-03-07 20:11 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{49334FBC-0511-453A-83CC-170B157FC5D8}
2014-03-07 08:11 - 2014-03-07 08:11 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{4BDCD749-DDCE-4B3F-B426-B282F794374A}
2014-03-06 07:14 - 2014-03-06 07:14 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{E30C8854-0E50-4FEB-ACF1-EBD3749E70FA}
2014-03-05 08:31 - 2014-03-05 08:31 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{8D2BC68A-33B4-45D3-AE79-7332E0D4900B}
2014-03-04 08:32 - 2014-03-04 08:32 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{28D43367-1C06-4B26-860A-F3F686D310EA}
2014-03-03 10:55 - 2014-03-23 10:44 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-03 10:55 - 2014-03-03 10:57 - 00000000 ____D () C:\Program Files\iTunes
2014-03-03 10:55 - 2014-03-03 10:57 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-03 10:55 - 2014-03-03 10:55 - 00000000 ____D () C:\Program Files\iPod
2014-03-03 09:46 - 2014-03-03 09:47 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{3B4A6309-DD07-456D-A1B9-2455EE8FA6E2}
2014-03-02 17:48 - 2014-03-02 17:48 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2014-03-02 17:48 - 2014-03-02 17:48 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2014-03-02 16:23 - 2014-03-02 16:23 - 00773968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2014-03-02 16:23 - 2014-03-02 16:23 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2014-03-01 12:10 - 2014-03-01 12:10 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{67CDC024-2947-41C1-8BDC-BFD87A470C30}
2014-02-28 11:31 - 2014-02-28 11:31 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{444B0546-AC0D-4458-8D1B-DE6BA5A1B801}
2014-02-27 08:27 - 2014-02-27 08:27 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{662CF6CB-5F6D-4490-BE8D-CCC7BFD3111F}
2014-02-26 11:54 - 2014-02-26 11:54 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{A37ACDF6-D5B7-4B83-AF1E-9D0588FA26C2}
 
==================== One Month Modified Files and Folders =======
 
2014-03-27 05:58 - 2014-03-27 05:57 - 00018153 _____ () C:\Users\Peter Thomas\Desktop\FRST.txt
2014-03-27 05:57 - 2014-03-23 19:00 - 00000000 ____D () C:\FRST
2014-03-27 05:57 - 2014-03-14 21:04 - 00005002 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for SAMC-002-Peter Thomas SAMC-002
2014-03-27 05:55 - 2011-01-20 08:59 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-27 05:55 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-27 05:55 - 2009-07-14 12:51 - 00160280 _____ () C:\Windows\setupact.log
2014-03-27 05:51 - 2011-01-20 08:59 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-27 05:46 - 2009-07-14 12:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-27 05:46 - 2009-07-14 12:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-27 05:36 - 2011-01-19 22:17 - 00426102 _____ () C:\Windows\PFRO.log
2014-03-27 05:34 - 2013-02-24 16:59 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-736927911-2674260681-3756843735-1001UA.job
2014-03-27 05:34 - 2012-06-13 08:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-26 21:01 - 2011-01-19 17:51 - 00000000 ____D () C:\Users\Mikki
2014-03-26 21:01 - 2011-01-19 04:22 - 00000000 ____D () C:\Users\Peter Thomas
2014-03-26 19:53 - 2014-03-26 19:53 - 00000193 _____ () C:\Windows\WORDPAD.INI
2014-03-26 18:32 - 2011-09-21 09:20 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{65BC98F3-5B7D-4C16-8FBA-C85129511154}
2014-03-26 18:29 - 2013-02-24 16:59 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-736927911-2674260681-3756843735-1001Core.job
2014-03-24 18:39 - 2011-01-31 15:04 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\CrashDumps
2014-03-24 05:29 - 2013-11-19 07:57 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Xuvily
2014-03-23 20:39 - 2009-07-14 13:13 - 00732638 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-23 19:25 - 2014-03-23 19:25 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-23 19:25 - 2014-03-23 19:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-23 18:59 - 2014-03-23 18:59 - 02157056 _____ (Farbar) C:\Users\Peter Thomas\Desktop\FRST64.exe
2014-03-23 18:10 - 2011-03-04 10:33 - 00000000 ____D () C:\Program Files (x86)\Vuze
2014-03-23 18:04 - 2010-07-15 07:29 - 00000000 ____D () C:\ProgramData\Skype
2014-03-23 18:03 - 2012-10-10 19:01 - 00000000 ____D () C:\Users\Mikki\Desktop\Halo Combat Evolved
2014-03-23 18:03 - 2012-09-22 12:57 - 00000000 ____D () C:\Users\Mikki\Documents\My Games
2014-03-23 18:03 - 2012-04-22 20:07 - 00000000 ___SD () C:\ComboFix
2014-03-23 18:03 - 2011-03-28 08:34 - 00000000 ____D () C:\Users\Mikki\Documents\Fax
2014-03-23 18:03 - 2011-02-21 11:53 - 00000000 ____D () C:\OpenOffice.org 3.3 (en-US) Installation Files
2014-03-23 18:03 - 2011-02-16 17:13 - 00000000 ____D () C:\Users\Mikki\Desktop\Photos Courtesy of Randy Martin Photography
2014-03-23 18:03 - 2011-02-13 13:33 - 00000000 ____D () C:\Users\Mikki\Documents\My Received Files
2014-03-23 18:03 - 2011-01-20 17:40 - 00000000 __RSD () C:\Users\Mikki\Documents\My Stationery
2014-03-23 18:03 - 2010-06-08 01:38 - 00000000 ____D () C:\HP
2014-03-23 18:03 - 2009-09-07 08:40 - 00000000 ____D () C:\SYSTEM.SAV
2014-03-23 18:03 - 2009-09-07 08:40 - 00000000 ____D () C:\SwSetup
2014-03-23 18:03 - 2009-07-14 11:20 - 00000000 ___RD () C:\Users\Default
2014-03-23 18:03 - 2009-03-02 13:14 - 00000000 ____D () C:\HD-CEU2_120
2014-03-23 17:51 - 2010-07-15 06:11 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-03-23 17:26 - 2014-03-23 17:26 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{F5A0557D-F478-4E7A-B931-2673E4A1B7E8}
2014-03-23 10:59 - 2011-04-04 07:21 - 00364118 _____ () C:\Users\Mikki\Desktop\print.bmp
2014-03-23 10:53 - 2011-06-25 15:01 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\Stardock
2014-03-23 10:53 - 2011-02-03 16:12 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\OpenOffice.org
2014-03-23 10:53 - 2011-01-20 17:43 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\Skype
2014-03-23 10:53 - 2011-01-19 18:44 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\CyberLink
2014-03-23 10:53 - 2011-01-19 17:53 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\Adobe
2014-03-23 10:51 - 2011-08-09 15:49 - 00000000 ____D () C:\Users\Mikki\AppData\Local\Apple Computer
2014-03-23 10:51 - 2011-01-29 15:06 - 00000000 ____D () C:\Users\Mikki\AppData\Local\jagexlauncher
2014-03-23 10:51 - 2011-01-20 17:41 - 00000000 ____D () C:\Users\Mikki\AppData\Local\Google
2014-03-23 10:51 - 2011-01-19 18:50 - 00000000 ____D () C:\Users\Mikki\AppData\Local\Cyberlink
2014-03-23 10:50 - 2013-08-16 19:43 - 00000000 ____D () C:\ProgramData\Nuance
2014-03-23 10:50 - 2012-04-22 20:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-23 10:50 - 2011-05-27 08:02 - 00000000 ____D () C:\ProgramData\Recovery
2014-03-23 10:50 - 2011-01-19 20:44 - 00000000 ____D () C:\ProgramData\HP
2014-03-23 10:49 - 2010-07-15 07:09 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-03-23 10:47 - 2013-08-16 19:43 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-03-23 10:47 - 2013-04-23 16:39 - 00000000 ____D () C:\ProgramData\Bentley
2014-03-23 10:44 - 2014-03-03 10:55 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-23 00:04 - 2013-01-10 17:27 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\vlc
2014-03-23 00:04 - 2011-03-04 10:34 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Azureus
2014-03-22 22:24 - 2010-08-17 16:30 - 01696019 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 18:25 - 2014-03-22 18:25 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\EndNote
2014-03-22 18:25 - 2014-03-22 18:24 - 00000000 ____D () C:\ProgramData\Thomson.ResearchSoft.Installers
2014-03-22 18:24 - 2014-03-22 18:24 - 00000000 ____D () C:\Users\Public\Documents\EndNote
2014-03-22 18:24 - 2014-03-22 18:24 - 00000000 ____D () C:\Program Files (x86)\EndNote X6
2014-03-22 18:20 - 2014-03-22 18:19 - 71266536 _____ (Edith Cowan University) C:\Users\Peter Thomas\Desktop\EndnoteX6_CHUL.exe
2014-03-22 18:14 - 2011-03-03 09:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-22 18:11 - 2011-01-19 20:45 - 00000000 ____D () C:\Program Files\HP
2014-03-22 18:11 - 2011-01-19 20:45 - 00000000 ____D () C:\Program Files (x86)\HP
2014-03-22 18:07 - 2011-04-11 11:49 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\Conduit
2014-03-22 11:57 - 2014-03-22 11:57 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{7BFFF8BA-DBB4-47BB-871E-10DB00B65278}
2014-03-21 11:24 - 2014-03-21 11:24 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{622D34A1-ED12-42F9-97E7-39FB73C68635}
2014-03-18 19:17 - 2011-01-21 13:14 - 00000000 ____D () C:\Users\Mikki\Tracing
2014-03-18 19:17 - 2011-01-19 17:55 - 00085472 _____ () C:\Users\Mikki\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-18 19:03 - 2014-03-18 19:03 - 00000867 _____ () C:\Users\Peter Thomas\Desktop\nX37n33r - Shortcut.lnk
2014-03-18 16:55 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-18 07:07 - 2014-03-18 07:07 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{26EC236D-102B-4A49-93EB-9D2503873AEB}
2014-03-17 08:22 - 2014-03-17 08:22 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{D703BD0C-05DA-4B09-9F56-0B160D5E73F9}
2014-03-16 13:57 - 2013-06-14 18:49 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-16 13:08 - 2014-03-16 13:08 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{8FE0B353-6E54-46BA-B3B7-F7D5A6662123}
2014-03-16 13:03 - 2009-07-14 12:45 - 00374400 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-15 12:03 - 2011-01-20 08:48 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
2014-03-15 12:02 - 2014-03-15 12:02 - 00219139 _____ () C:\Users\Peter Thomas\Desktop\pplane8.m
2014-03-15 12:02 - 2014-03-15 12:02 - 00127030 _____ () C:\Users\Peter Thomas\Desktop\Matlab.m
2014-03-14 20:04 - 2011-01-19 04:23 - 00085472 _____ () C:\Users\Peter Thomas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-14 19:56 - 2011-11-09 08:57 - 00045056 _____ () C:\Users\Peter Thomas\Desktop\CofG VH-EGG.xls
2014-03-14 19:49 - 2014-03-14 19:49 - 00002195 _____ () C:\Users\Peter Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-14 19:03 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-14 18:49 - 2014-03-14 18:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-14 18:35 - 2014-03-14 18:35 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{100DF05D-AFB8-41C0-A218-2B86E32F71D2}
2014-03-13 17:28 - 2014-03-13 17:28 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{85CFCBF5-BD9E-4DDF-90F8-43B94160D230}
2014-03-13 17:27 - 2013-03-20 16:30 - 00000000 ____D () C:\Users\Peter Thomas\Desktop\Yolandie Engineering
2014-03-12 08:25 - 2012-06-13 08:40 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 08:25 - 2012-05-10 07:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 08:25 - 2011-06-06 17:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 08:17 - 2014-03-11 08:17 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\Microsoft Help
2014-03-10 10:36 - 2012-02-20 07:55 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\Windows Live
2014-03-10 10:36 - 2011-01-19 15:59 - 00000000 ____D () C:\Users\Peter Thomas\Tracing
2014-03-10 10:32 - 2011-01-25 08:41 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\CutePDF Writer
2014-03-10 07:55 - 2014-03-10 07:55 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{DB575B71-0E0B-4AC8-B059-4CD0B47D0021}
2014-03-08 11:23 - 2014-03-08 11:23 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{2CBB812B-63D6-45C0-9FA7-764BFD1E2E71}
2014-03-07 20:11 - 2014-03-07 20:11 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{49334FBC-0511-453A-83CC-170B157FC5D8}
2014-03-07 08:11 - 2014-03-07 08:11 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{4BDCD749-DDCE-4B3F-B426-B282F794374A}
2014-03-06 07:14 - 2014-03-06 07:14 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{E30C8854-0E50-4FEB-ACF1-EBD3749E70FA}
2014-03-05 08:31 - 2014-03-05 08:31 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{8D2BC68A-33B4-45D3-AE79-7332E0D4900B}
2014-03-04 08:32 - 2014-03-04 08:32 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{28D43367-1C06-4B26-860A-F3F686D310EA}
2014-03-03 10:57 - 2014-03-03 10:55 - 00000000 ____D () C:\Program Files\iTunes
2014-03-03 10:57 - 2014-03-03 10:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-03 10:55 - 2014-03-03 10:55 - 00000000 ____D () C:\Program Files\iPod
2014-03-03 09:47 - 2014-03-03 09:46 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{3B4A6309-DD07-456D-A1B9-2455EE8FA6E2}
2014-03-02 17:48 - 2014-03-02 17:48 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2014-03-02 17:48 - 2014-03-02 17:48 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2014-03-02 16:23 - 2014-03-02 16:23 - 00773968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2014-03-02 16:23 - 2014-03-02 16:23 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2014-03-01 12:10 - 2014-03-01 12:10 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{67CDC024-2947-41C1-8BDC-BFD87A470C30}
2014-02-28 11:31 - 2014-02-28 11:31 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{444B0546-AC0D-4458-8D1B-DE6BA5A1B801}
2014-02-27 08:27 - 2014-02-27 08:27 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{662CF6CB-5F6D-4490-BE8D-CCC7BFD3111F}
2014-02-26 11:54 - 2014-02-26 11:54 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{A37ACDF6-D5B7-4B83-AF1E-9D0588FA26C2}
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-20 12:25
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Peter Thomas at 2014-03-27 05:59:51
Running from C:\Users\Peter Thomas\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Airbus A330-300RR V2.1 (HKLM-x32\...\Airbus A330-300RR V2.1) (Version:  - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aware System Update (HKCU\...\b9355229a2e7c67c) (Version: 1.0.0.13 - Airbox Aerospace Ltd)
B209a-m (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bentley DGN IFilter (HKLM\...\{2E873893-A883-4C06-8308-7B491D58F3D6}) (Version: 1.0.1.9 - Bentley Systems, Incorporated)
Bentley DGN Thumbnail Provider (HKLM\...\{74A8C1AF-75E5-4653-95AF-222725B7D877}) (Version: 8.11.7.404 - Bentley Systems, Incorporated)
Bentley V8i (SELECTseries 2) - Autodesk® RealDWG™ 2010 (HKLM-x32\...\{477F115E-D48E-4D9D-B839-2AF37CA2987B}) (Version: 8.11.7.443 - Bentley Systems, Incorporated)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J6510DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Core Graphics Software (Version: 3.1.46.2657 - SMSC) Hidden
Counter Strike 1.6 Modern Warfare 2 2010 (HKLM-x32\...\Counter Strike 1.6 Modern Warfare 2 2010) (Version:  - )
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) <==== ATTENTION
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2511 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deer Hunter - The 2005 Season (HKLM-x32\...\Deer Hunter 2005_is1) (Version:  - Atari, Inc.)
Deer Hunter 2005 (HKLM-x32\...\Deer Hunter 2005) (Version:  - )
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0002 - Microsoft Corporation)
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
EndNote X6 (HKLM-x32\...\{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}) (Version: 16.0.0.6348 - Thomson Reuters)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fences (HKLM-x32\...\Fences) (Version:  - Stardock Corporation)
Fences (Version: 1.0 - Stardock Corporation) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Documentation (HKLM-x32\...\{7C36414C-DC87-4943-A525-BC1717BA17C9}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 7500 E910 Basic Device Software (HKLM\...\{7CF50183-026B-418D-A26C-A254290BD824}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{B2DAB009-8236-48A0-AD7F-E940F5AB1578}) (Version: 14.0 - HP)
HP Port Replicator Software Installer (HKLM-x32\...\{75BF632E-4761-4CF4-A368-E158B8A1BB1C}) (Version: 0.2.5 - HP)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{10427BCB-0742-43BE-81E2-3920972946F5}) (Version: 1.18.23.1 - LightScribe)
LTspice/SwCADIII (HKLM-x32\...\SwitcherCAD III) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Flight Simulator X (x32 Version: 10.0.61355.0 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4569.1508 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MicroStation V8i (SELECTseries 2) 08.11.07.443 (HKLM-x32\...\{7E9B0F70-EEF6-41E1-BF89-FDC4B9EDBD9C}) (Version: 8.11.7.443 - Bentley Systems, Incorporated)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
pdfsam (HKLM-x32\...\pdfsam) (Version: 2.2.1 - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.9 - Power Software Ltd)
PS_AIO_06_B209a-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6122 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0329 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - )
Roxio Express Labeler 3 (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
RtVOsd (HKLM\...\{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}) (Version: 1.0.3 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.0.4 (HKLM-x32\...\{5D87C09F-512F-474A-A306-0FE3B89C396F}) (Version: 1.0.4 - Jagex Ltd)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Scansoft PDF Professional (x32 Version:  - ) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.5.11422 - Skype Technologies S.A.)
Skype™ 6.1 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SMSC Core Graphics Software (HKLM-x32\...\Core Graphics Software) (Version: 3.1.46.2657 - SMSC)
SoftStylus (HKLM-x32\...\{AC20F304-F02A-473E-BDE7-2400FC7429ED}) (Version: 2.2.131.4 - Motorola)
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
ViewSpan (HKLM\...\{6285D158-D528-4ED8-A935-BB2A402E21F2}) (Version: 2.8.1.0 - SMSC)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Basic for Applications ® Core - English (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.4.16 - WildTangent)
Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net  (09/25/2008 3.1.0.101) (HKLM\...\B090418E214D6BD6EE18A512A8EE609225AC9279) (Version: 09/25/2008 3.1.0.101 - Atheros Communications Inc.)
Windows Driver Package - NETGEAR Inc. (RTL8187) Net  (12/01/2006 6.1258.1201.2006) (HKLM\...\5AF8BE22A56B38B1816F36BAC6A71F1277E45440) (Version: 12/01/2006 6.1258.1201.2006 - NETGEAR Inc.)
Windows Driver Package - Thomson (USB_RNDIS) Net  (02/15/2007 2.0.0.0) (HKLM\...\2CA3B8348CD526E9B8928840AC68738C5B5A4F8F) (Version: 02/15/2007 2.0.0.0 - Thomson)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
ZIP PASSWORD FINDER (HKLM-x32\...\ZIP PASSWORD FINDER) (Version:  - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {12A1FF9B-D1BF-4E0D-942D-A9CF7BC709C2} - System32\Tasks\{77262E6A-0D58-434C-94FF-3B766AD8FC23} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VH.exe
Task: {1E4A097C-5978-402E-9CE3-880928EF708F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {2D392100-1FD5-4A7E-AD29-866A3133F342} - System32\Tasks\{A81CEDD4-468C-4B85-BD0F-3EEA1F50EBEC} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VH.exe
Task: {2E330BEB-3E29-4630-91C6-A58BE4BAE4D7} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {2EBD8D3A-9685-46B2-9622-1EE6CA806C35} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20] (Google Inc.)
Task: {3A56EC65-C23B-4DA8-BA85-CD2D8A11643C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {42B17E27-7DD4-48CC-A47B-03FC84ABE1D7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {42C6EF0A-703A-4B7E-A044-846E5842BB89} - System32\Tasks\{44FE6C47-5263-4C1E-9BC0-EBCAFD8D730E} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VH.exe
Task: {44897483-FB5A-49B0-ABE8-82D552611A5C} - System32\Tasks\{4145EC26-1D11-4BF5-B6F3-3AB2AD8E07B5} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-01-08] (Skype Technologies S.A.)
Task: {4912D4A5-D4DC-4D4C-90F5-8BEBD76FBEB4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-736927911-2674260681-3756843735-1001UA => C:\Users\Peter Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-24] (Facebook Inc.)
Task: {4A83DA3C-A126-488D-BE95-11C75C680A4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {4CF1A885-695F-4538-8A6C-D9ECE6D9E383} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {4FCB8B50-85FA-4567-96CE-0231DE7ADAC1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {508235D7-DA96-44E4-ADEF-7FF699D450A3} - System32\Tasks\{795DB812-92E7-4A36-910D-C331E9F71E5D} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VH.exe
Task: {5BD7B2DC-10F9-4FC5-BAC9-EA75AA7E5EF5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {6966C521-3A2D-436A-AA0B-BB5E0F96C5AF} - System32\Tasks\{D175559E-F606-4BF0-8614-274CBE42724B} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VH.exe
Task: {6A53DAEF-F411-4047-912C-33308FE5AF3F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {6C6B369C-63F3-4750-82C6-2BDEBC85A9EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-02-23] (Hewlett-Packard Company)
Task: {73901D76-A01F-42EC-9AC4-983754B63592} - System32\Tasks\{D59391EB-EC05-476C-8A6D-D902AC1510A8} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VH.exe
Task: {826E523E-570C-46EF-A24C-C4EA6BA9FA2B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {93E02B73-E678-4A1C-B5E4-206730839B61} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {B9CB5E53-572A-447F-9CDE-1383AB544346} - System32\Tasks\{7A2EB58C-865B-4FB0-834C-B9CEE18885FC} => Iexplore.exe http://ui.skype.com/ui/0/5.1.0.112.259/en/abandoninstall?page=tsChrome&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefault
Task: {C18D54C5-45C5-42AA-87BB-9CE7F736F590} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-736927911-2674260681-3756843735-1001Core => C:\Users\Peter Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-24] (Facebook Inc.)
Task: {C835689F-1DE3-4463-AC86-A29406A53C94} - System32\Tasks\{21E34FDE-FD75-4008-8223-A3952AF80D23} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VHPack.exe
Task: {D15EF8D9-8D3C-4E7E-843D-3CEB78D51183} - System32\Tasks\{1C0B9158-02E9-40C5-B10F-21BEC2A8F763} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VH.exe
Task: {D8F5E540-1D9B-4893-A796-08373EA76E47} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20] (Google Inc.)
Task: {F37FB8D1-8DE5-4752-8CA2-4F1684711345} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {FC208A4B-621B-44DB-8652-C3C8B6805C72} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SAMC-002-Peter Thomas SAMC-002 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-03-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-736927911-2674260681-3756843735-1001Core.job => C:\Users\Peter Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-736927911-2674260681-3756843735-1001UA.job => C:\Users\Peter Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-01-25 08:36 - 2009-11-05 05:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2014-03-14 18:48 - 2013-10-31 17:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-14 18:48 - 2014-01-02 18:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-03-14 19:09 - 2014-03-14 19:09 - 08878248 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-08-16 20:19 - 2010-03-16 07:04 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2012-04-30 22:43 - 2012-04-30 22:43 - 02230848 _____ () C:\Program Files\SGFX\SgfxConfig.exe
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-08-16 20:19 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-03-14 18:49 - 2014-03-14 18:49 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-03-16 13:57 - 2014-03-15 08:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-16 13:57 - 2014-03-15 08:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-16 13:57 - 2014-03-15 08:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-16 13:57 - 2014-03-15 08:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-16 13:57 - 2014-03-15 08:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-16 13:57 - 2014-03-15 08:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BBSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: HP Wireless Assistant Service => 2
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Peter Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: Mobile Partner => C:\Program Files (x86)\Optus Mini WiFi\Optus Mini WiFi Modem
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
MSCONFIG\startupreg: WLSync => "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet 7500 E910
Description: Officejet 7500 E910
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/26/2014 11:21:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (03/24/2014 06:39:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 0.0.0.0, time stamp: 0x4d334d98
Faulting module name: iexplore.exe, version: 0.0.0.0, time stamp: 0x4d334d98
Exception code: 0x40000015
Fault offset: 0x0008cb40
Faulting process id: 0x724
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (03/23/2014 08:42:00 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (03/23/2014 08:27:11 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (03/23/2014 07:49:57 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (03/23/2014 06:31:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (03/23/2014 05:41:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (03/23/2014 05:41:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (03/23/2014 05:41:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (03/23/2014 05:39:21 PM) (Source: Wininit) (User: )
Description: A critical system process, C:\Windows\system32\lsass.exe, failed with status code 1.  The machine must now be restarted.
 
 
System errors:
=============
Error: (03/27/2014 05:56:29 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/27/2014 05:48:00 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/27/2014 05:38:17 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/26/2014 06:30:58 PM) (Source: DCOM) (User: )
Description: {548E275F-0290-40E7-B454-738B0C61DE60}
 
Error: (03/24/2014 08:57:22 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/24/2014 07:14:48 PM) (Source: Service Control Manager) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068
 
Error: (03/24/2014 07:13:17 PM) (Source: DCOM) (User: )
Description: 1068netman{BA126AD1-2166-11D1-B1D0-00805FC1270E}
 
Error: (03/24/2014 07:13:14 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (03/24/2014 07:13:14 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (03/24/2014 07:13:14 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (03/26/2014 11:21:59 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (03/24/2014 06:39:32 PM) (Source: Application Error)(User: )
Description: iexplore.exe0.0.0.04d334d98iexplore.exe0.0.0.04d334d98400000150008cb4072401cf474d572c7283C:\Users\PETERT~1\AppData\Local\Temp\RarSFX2\procs\iexplore.exeC:\Users\PETERT~1\AppData\Local\Temp\RarSFX2\procs\iexplore.exe95787996-b340-11e3-b1da-b74ade133a28
 
Error: (03/23/2014 08:42:00 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (03/23/2014 08:27:11 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (03/23/2014 07:49:57 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (03/23/2014 06:31:46 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (03/23/2014 05:41:52 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (03/23/2014 05:41:52 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (03/23/2014 05:41:52 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (03/23/2014 05:39:21 PM) (Source: Wininit)(User: )
Description: C:\Windows\system32\lsass.exe1
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-10-11 12:57:50.957
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hwusbser02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-11 12:57:50.902
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hwusbser02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-11 10:56:11.549
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hwusbser02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-11 10:56:11.487
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hwusbser02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-22 20:01:36.373
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-22 20:01:36.358
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-22 19:30:06.337
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\PETERT~1\AppData\Local\Temp\dofmrqql.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-22 19:30:06.306
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\PETERT~1\AppData\Local\Temp\dofmrqql.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-22 19:18:53.763
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\PETERT~1\AppData\Local\Temp\dofmrqql.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-22 19:18:53.732
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\PETERT~1\AppData\Local\Temp\dofmrqql.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 47%
Total physical RAM: 3998.92 MB
Available physical RAM: 2080.29 MB
Total Pagefile: 27825.91 MB
Available Pagefile: 25676.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:282.5 GB) (Free:18.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.29 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1B0FDEFE)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End Of Log ============================


#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 PM

Posted 27 March 2014 - 04:20 AM

Please uninstall this program as requested:

 

Coupon Printer for Windows

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 ptommo77

ptommo77
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 27 March 2014 - 10:00 AM

Hi Again,

 

I'm really sorry. I uninstalled that program and ran the fixlist and it's still here. Either I've done something terribly wrong or this is one stubborn program...anything else I can do?


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Peter Thomas at 2014-03-27 22:56:59 Run:9
Running from C:\Users\Peter Thomas\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\PETERT~1\AppData\Local\Temp\snpuupq\sboevum\wow.dll ATTENTION! ====> ZeroAccess?
2014-03-24 05:29 - 2013-11-19 07:57 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Xuvily
 
*****************
 
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
"C:\Users\Peter Thomas\AppData\Roaming\Xuvily" => File/Directory not found.
 
==== End of Fixlog ====


#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 PM

Posted 27 March 2014 - 11:36 AM

What about your initial problem?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users