Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

COM Surrogate - dllhost.exe *32


  • This topic is locked This topic is locked
3 replies to this topic

#1 ptommo77

ptommo77

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 23 March 2014 - 04:45 PM

Help,

 

I have the com surrogate thing that has been discussed in a number of threads. I have downloaded and ran FARBAR as per instructions in a previous thread with the following logs being the result. Please help with a fix list.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Peter Thomas (administrator) on SAMC-002 on 24-03-2014 05:33:12
Running from C:\Users\Peter Thomas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(SMSC) C:\Program Files\SGFX\sgfxmgr.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
() C:\Program Files\SGFX\SgfxConfig.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-23] (Synaptics Incorporated)
HKLM\...\Run: [AS2014] - C:\ProgramData\nX37n33r\nX37n33r.exe
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] - C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SgfxConfig] - C:\Program Files\SGFX\sgfxconfig.exe [2230848 2012-04-30] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,,C:\ProgramData\nX37n33r\nX37n33r.exe -sm,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\.DEFAULT\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [Facebook Update] - C:\Users\Peter Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-24] (Facebook Inc.)
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [HP Officejet 7500 E910 (NET)] - C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [Exzvtion] - regsvr32.exe "C:\Users\Peter Thomas\AppData\Local\Exzvtion\PowNap.dll" <===== ATTENTION
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Run: [Flasures] - rundll32 "C:\Windows\client64.dll",CreateProcessNotify
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\MountPoints2: F - F:\SETUP.EXE
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\MountPoints2: G - G:\autorun.exe
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\MountPoints2: {c4d82d5b-5afc-11e2-b89d-60eb694fb604} - H:\AutoRun.exe
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...\MountPoints2: {d931add4-23d6-11e0-96b9-806e6f6e6963} - E:\start.exe
HKU\S-1-5-21-736927911-2674260681-3756843735-1001\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\PETERT~1\AppData\Local\Temp\snpuupq\sboevum\wow.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Mikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Mikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Mikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecu.edu.au/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.com.au/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {3D370F54-50F6-4D4A-B007-A2C0A3CC4F7D} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {C37CA9E3-C514-4351-A0F2-870588A977BD} URL = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {3D370F54-50F6-4D4A-B007-A2C0A3CC4F7D} URL = 
SearchScopes: HKCU - {C37CA9E3-C514-4351-A0F2-870588A977BD} URL = 
SearchScopes: HKCU - {C81156CE-A7CB-4CEF-90CD-959E769DBB67} URL = 
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: HKLM-x32 {AD58C149-8AE2-4878-99DC-3A164E32F814} http://apps.bentley.com/studentserver/Scripts/SAXFileEE.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {EA1B8527-E422-4909-825A-70BE0694F18E} https://online.westpac.com.au/wtpbs/wtBalanceSheet/portfoliomanagerwt.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: google.com.au
CHR Extension: (CLSID_QueryResult) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-03-18]
CHR Extension: (YouTube) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-14]
CHR Extension: (Google Search) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-14]
CHR Extension: (Skype Click to Call) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-14]
CHR Extension: (Google Wallet) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-22]
CHR Extension: (Gmail) - C:\Users\Peter Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-12-13]
 
==================== Services (Whitelisted) =================
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 SGFXMgr; C:\Program Files\SGFX\sgfxmgr.exe [5715968 2012-04-27] (SMSC)
S3 STSService; "C:\Program Files (x86)\AllMusicConverter Media Suite\STSService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 a016bus; C:\Windows\System32\DRIVERS\a016bus.sys [109096 2008-01-18] (MCCI Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 LAN9500; C:\Windows\System32\DRIVERS\lan9500-x64-n620f.sys [80384 2013-11-05] (SMSC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MusCAudio; C:\Windows\System32\drivers\MusCAudio.sys [34040 2011-02-16] (Windows ® Codename Longhorn DDK provider)
S3 qcusbser; C:\Windows\System32\DRIVERS\hwusbser02.sys [120960 2010-12-08] (QUALCOMM Incorporated)
S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2010-03-15] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation)
S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation)
S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2010-03-15] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2010-03-15] (MCCI Corporation)
R4 sgfxk; C:\Windows\System32\drivers\sgfxk64.sys [141888 2012-05-01] (SMSC)
R0 sgfxl; C:\Windows\System32\drivers\sgfxl64.sys [14912 2012-05-01] (SMSC)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [122624 2011-01-13] (ZTE Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CEDRIVER60; \??\C:\Program Files (x86)\Cheat Engine 6\dbk64.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 NPF; system32\DRIVERS\npf.sys [X]
U2 wuaserv; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-24 05:33 - 2014-03-24 05:35 - 00020727 _____ () C:\Users\Peter Thomas\Desktop\FRST.txt
2014-03-23 20:36 - 2014-03-23 20:36 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Peter Thomas\Downloads\rkill64.com
2014-03-23 19:49 - 2014-03-24 05:27 - 00000000 ___HD () C:\725650d
2014-03-23 19:38 - 2014-03-23 19:38 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Peter Thomas\Downloads\rkill.com
2014-03-23 19:25 - 2014-03-23 19:25 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-23 19:25 - 2014-03-23 19:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-23 19:25 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-23 19:00 - 2014-03-24 05:33 - 00000000 ____D () C:\FRST
2014-03-23 18:59 - 2014-03-23 18:59 - 02157056 _____ (Farbar) C:\Users\Peter Thomas\Desktop\FRST64.exe
2014-03-23 17:26 - 2014-03-23 17:26 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{F5A0557D-F478-4E7A-B931-2673E4A1B7E8}
2014-03-23 10:53 - 2014-03-23 10:53 - 00002777 _____ () C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.HTML
2014-03-23 10:53 - 2014-03-23 10:53 - 00002777 _____ () C:\Users\Mikki\AppData\HOW_DECRYPT.HTML
2014-03-23 10:53 - 2014-03-23 10:53 - 00001261 _____ () C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.TXT
2014-03-23 10:53 - 2014-03-23 10:53 - 00001261 _____ () C:\Users\Mikki\AppData\HOW_DECRYPT.TXT
2014-03-23 10:53 - 2014-03-23 10:53 - 00000133 _____ () C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.URL
2014-03-23 10:53 - 2014-03-23 10:53 - 00000133 _____ () C:\Users\Mikki\AppData\HOW_DECRYPT.URL
2014-03-23 10:52 - 2014-03-23 10:52 - 00002777 _____ () C:\Users\Mikki\AppData\Local\HOW_DECRYPT.HTML
2014-03-23 10:52 - 2014-03-23 10:52 - 00001261 _____ () C:\Users\Mikki\AppData\Local\HOW_DECRYPT.TXT
2014-03-23 10:52 - 2014-03-23 10:52 - 00000133 _____ () C:\Users\Mikki\AppData\Local\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default\AppData\Local\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default\AppData\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default User\AppData\Local\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default User\AppData\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default\AppData\Local\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default\AppData\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default User\AppData\Local\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default User\AppData\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default\AppData\Local\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default\AppData\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default User\AppData\Local\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default User\AppData\HOW_DECRYPT.URL
2014-03-23 10:43 - 2014-03-23 20:41 - 00000153 _____ () C:\Users\Peter Thomas\AppData\Local\svcxdcl32.dat
2014-03-23 10:43 - 2014-03-23 17:03 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Haiqz
2014-03-23 10:43 - 2014-03-23 10:44 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Adzih
2014-03-23 10:42 - 2014-03-23 10:42 - 00280576 ____H () C:\Windows\client64.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00059904 ____H () C:\Windows\zlib1.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00012800 ____H () C:\Windows\aplib64.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00011264 ____H () C:\Windows\aplib.dll
2014-03-22 18:25 - 2014-03-22 18:25 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\EndNote
2014-03-22 18:24 - 2014-03-22 18:25 - 00000000 ____D () C:\ProgramData\Thomson.ResearchSoft.Installers
2014-03-22 18:24 - 2014-03-22 18:24 - 00000000 ____D () C:\Users\Public\Documents\EndNote
2014-03-22 18:24 - 2014-03-22 18:24 - 00000000 ____D () C:\Program Files (x86)\EndNote X6
2014-03-22 18:19 - 2014-03-22 18:20 - 71266536 _____ (Edith Cowan University) C:\Users\Peter Thomas\Desktop\EndnoteX6_CHUL.exe
2014-03-22 18:14 - 2014-03-22 18:14 - 00003316 _____ () C:\Windows\System32\Tasks\4824
2014-03-22 18:14 - 2014-03-22 18:14 - 00003226 _____ () C:\Windows\System32\Tasks\0
2014-03-22 18:04 - 2014-02-19 06:50 - 00000426 _____ () C:\AVScanner.ini
2014-03-22 11:57 - 2014-03-22 11:57 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{7BFFF8BA-DBB4-47BB-871E-10DB00B65278}
2014-03-21 11:24 - 2014-03-21 11:24 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{622D34A1-ED12-42F9-97E7-39FB73C68635}
2014-03-18 19:17 - 2014-03-18 19:17 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection
2014-03-18 19:03 - 2014-03-18 19:03 - 00000867 _____ () C:\Users\Peter Thomas\Desktop\nX37n33r - Shortcut.lnk
2014-03-18 16:42 - 2014-03-18 16:42 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection
2014-03-18 16:28 - 2014-03-18 16:28 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\Exzvtion
2014-03-18 07:07 - 2014-03-18 07:07 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{26EC236D-102B-4A49-93EB-9D2503873AEB}
2014-03-17 08:22 - 2014-03-17 08:22 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{D703BD0C-05DA-4B09-9F56-0B160D5E73F9}
2014-03-16 13:08 - 2014-03-16 13:08 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{8FE0B353-6E54-46BA-B3B7-F7D5A6662123}
2014-03-15 12:02 - 2014-03-15 12:02 - 00219139 _____ () C:\Users\Peter Thomas\Desktop\pplane8.m
2014-03-15 12:02 - 2014-03-15 12:02 - 00127030 _____ () C:\Users\Peter Thomas\Desktop\Matlab.m
2014-03-14 21:04 - 2014-03-24 05:38 - 00005002 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for SAMC-002-Peter Thomas SAMC-002
2014-03-14 19:49 - 2014-03-14 19:49 - 00002195 _____ () C:\Users\Peter Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-14 18:48 - 2014-03-14 18:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-14 18:35 - 2014-03-14 18:35 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{100DF05D-AFB8-41C0-A218-2B86E32F71D2}
2014-03-13 17:28 - 2014-03-13 17:28 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{85CFCBF5-BD9E-4DDF-90F8-43B94160D230}
2014-03-11 08:17 - 2014-03-11 08:17 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\Microsoft Help
2014-03-10 07:55 - 2014-03-10 07:55 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{DB575B71-0E0B-4AC8-B059-4CD0B47D0021}
2014-03-08 11:23 - 2014-03-08 11:23 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{2CBB812B-63D6-45C0-9FA7-764BFD1E2E71}
2014-03-07 20:11 - 2014-03-07 20:11 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{49334FBC-0511-453A-83CC-170B157FC5D8}
2014-03-07 08:11 - 2014-03-07 08:11 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{4BDCD749-DDCE-4B3F-B426-B282F794374A}
2014-03-06 07:14 - 2014-03-06 07:14 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{E30C8854-0E50-4FEB-ACF1-EBD3749E70FA}
2014-03-05 08:31 - 2014-03-05 08:31 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{8D2BC68A-33B4-45D3-AE79-7332E0D4900B}
2014-03-04 08:32 - 2014-03-04 08:32 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{28D43367-1C06-4B26-860A-F3F686D310EA}
2014-03-03 10:57 - 2014-03-03 10:57 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-03 10:55 - 2014-03-23 10:44 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-03 10:55 - 2014-03-03 10:57 - 00000000 ____D () C:\Program Files\iTunes
2014-03-03 10:55 - 2014-03-03 10:57 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-03 10:55 - 2014-03-03 10:55 - 00000000 ____D () C:\Program Files\iPod
2014-03-03 09:46 - 2014-03-03 09:47 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{3B4A6309-DD07-456D-A1B9-2455EE8FA6E2}
2014-03-02 17:48 - 2014-03-02 17:48 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2014-03-02 17:48 - 2014-03-02 17:48 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2014-03-02 16:23 - 2014-03-02 16:23 - 00773968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2014-03-02 16:23 - 2014-03-02 16:23 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2014-03-01 12:10 - 2014-03-01 12:10 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{67CDC024-2947-41C1-8BDC-BFD87A470C30}
2014-02-28 11:31 - 2014-02-28 11:31 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{444B0546-AC0D-4458-8D1B-DE6BA5A1B801}
2014-02-27 08:27 - 2014-02-27 08:27 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{662CF6CB-5F6D-4490-BE8D-CCC7BFD3111F}
2014-02-26 11:54 - 2014-02-26 11:54 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{A37ACDF6-D5B7-4B83-AF1E-9D0588FA26C2}
2014-02-22 10:59 - 2014-02-22 10:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-02-22 10:58 - 2014-02-22 10:59 - 00000000 ____D () C:\Program Files\SGFX
2014-02-22 10:58 - 2014-02-22 10:58 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\SMSC
2014-02-22 10:57 - 2014-02-22 10:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_lan9500-x64-n620f_01009.Wdf
2014-02-22 09:53 - 2014-02-22 09:54 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{9591FFC3-F1BC-4C67-A8BB-4D9D8CEE7110}
 
==================== One Month Modified Files and Folders =======
 
2014-03-24 05:38 - 2014-03-14 21:04 - 00005002 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for SAMC-002-Peter Thomas SAMC-002
2014-03-24 05:35 - 2014-03-24 05:33 - 00020727 _____ () C:\Users\Peter Thomas\Desktop\FRST.txt
2014-03-24 05:33 - 2014-03-23 19:00 - 00000000 ____D () C:\FRST
2014-03-24 05:30 - 2011-01-20 08:59 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-24 05:29 - 2013-11-19 07:57 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Xuvily
2014-03-24 05:29 - 2011-01-19 22:17 - 00425760 _____ () C:\Windows\PFRO.log
2014-03-24 05:29 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-24 05:29 - 2009-07-14 12:51 - 00160000 _____ () C:\Windows\setupact.log
2014-03-24 05:27 - 2014-03-23 19:49 - 00000000 ___HD () C:\725650d
2014-03-24 05:27 - 2013-11-19 07:57 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Ybtea
2014-03-24 05:27 - 2013-11-19 07:57 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Kanoi
2014-03-24 05:27 - 2011-01-19 15:26 - 00000000 ___RD () C:\Users\Peter Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-24 05:25 - 2012-06-13 08:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-24 05:25 - 2011-01-20 08:59 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-24 05:24 - 2013-02-24 16:59 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-736927911-2674260681-3756843735-1001UA.job
2014-03-23 20:50 - 2009-07-14 12:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-23 20:50 - 2009-07-14 12:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-23 20:41 - 2014-03-23 10:43 - 00000153 _____ () C:\Users\Peter Thomas\AppData\Local\svcxdcl32.dat
2014-03-23 20:39 - 2009-07-14 13:13 - 00732638 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-23 20:36 - 2014-03-23 20:36 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Peter Thomas\Downloads\rkill64.com
2014-03-23 19:38 - 2014-03-23 19:38 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Peter Thomas\Downloads\rkill.com
2014-03-23 19:25 - 2014-03-23 19:25 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-23 19:25 - 2014-03-23 19:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-23 18:59 - 2014-03-23 18:59 - 02157056 _____ (Farbar) C:\Users\Peter Thomas\Desktop\FRST64.exe
2014-03-23 18:10 - 2011-03-04 10:33 - 00000000 ____D () C:\Program Files (x86)\Vuze
2014-03-23 18:04 - 2010-07-15 07:29 - 00000000 ____D () C:\ProgramData\Skype
2014-03-23 18:03 - 2012-10-10 19:01 - 00000000 ____D () C:\Users\Mikki\Desktop\Halo Combat Evolved
2014-03-23 18:03 - 2012-09-22 12:57 - 00000000 ____D () C:\Users\Mikki\Documents\My Games
2014-03-23 18:03 - 2012-04-22 20:07 - 00000000 ___SD () C:\ComboFix
2014-03-23 18:03 - 2011-03-28 08:34 - 00000000 ____D () C:\Users\Mikki\Documents\Fax
2014-03-23 18:03 - 2011-02-21 11:53 - 00000000 ____D () C:\OpenOffice.org 3.3 (en-US) Installation Files
2014-03-23 18:03 - 2011-02-16 17:13 - 00000000 ____D () C:\Users\Mikki\Desktop\Photos Courtesy of Randy Martin Photography
2014-03-23 18:03 - 2011-02-13 13:33 - 00000000 ____D () C:\Users\Mikki\Documents\My Received Files
2014-03-23 18:03 - 2011-01-20 17:40 - 00000000 __RSD () C:\Users\Mikki\Documents\My Stationery
2014-03-23 18:03 - 2010-06-08 01:38 - 00000000 ____D () C:\HP
2014-03-23 18:03 - 2009-09-07 08:40 - 00000000 ___HD () C:\SYSTEM.SAV
2014-03-23 18:03 - 2009-09-07 08:40 - 00000000 ____D () C:\SwSetup
2014-03-23 18:03 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Default
2014-03-23 18:03 - 2009-03-02 13:14 - 00000000 ____D () C:\HD-CEU2_120
2014-03-23 17:51 - 2010-07-15 06:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-23 17:26 - 2014-03-23 17:26 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{F5A0557D-F478-4E7A-B931-2673E4A1B7E8}
2014-03-23 17:04 - 2013-02-24 16:59 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-736927911-2674260681-3756843735-1001Core.job
2014-03-23 17:03 - 2014-03-23 10:43 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Haiqz
2014-03-23 12:47 - 2011-09-21 09:20 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{65BC98F3-5B7D-4C16-8FBA-C85129511154}
2014-03-23 10:59 - 2011-04-04 07:21 - 00364118 _____ () C:\Users\Mikki\Desktop\print.bmp
2014-03-23 10:53 - 2014-03-23 10:53 - 00002777 _____ () C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.HTML
2014-03-23 10:53 - 2014-03-23 10:53 - 00002777 _____ () C:\Users\Mikki\AppData\HOW_DECRYPT.HTML
2014-03-23 10:53 - 2014-03-23 10:53 - 00001261 _____ () C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.TXT
2014-03-23 10:53 - 2014-03-23 10:53 - 00001261 _____ () C:\Users\Mikki\AppData\HOW_DECRYPT.TXT
2014-03-23 10:53 - 2014-03-23 10:53 - 00000133 _____ () C:\Users\Mikki\AppData\Roaming\HOW_DECRYPT.URL
2014-03-23 10:53 - 2014-03-23 10:53 - 00000133 _____ () C:\Users\Mikki\AppData\HOW_DECRYPT.URL
2014-03-23 10:53 - 2011-06-25 15:01 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\Stardock
2014-03-23 10:53 - 2011-02-03 16:12 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\OpenOffice.org
2014-03-23 10:53 - 2011-01-20 17:43 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\Skype
2014-03-23 10:53 - 2011-01-19 18:44 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\CyberLink
2014-03-23 10:53 - 2011-01-19 17:53 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\Adobe
2014-03-23 10:52 - 2014-03-23 10:52 - 00002777 _____ () C:\Users\Mikki\AppData\Local\HOW_DECRYPT.HTML
2014-03-23 10:52 - 2014-03-23 10:52 - 00001261 _____ () C:\Users\Mikki\AppData\Local\HOW_DECRYPT.TXT
2014-03-23 10:52 - 2014-03-23 10:52 - 00000133 _____ () C:\Users\Mikki\AppData\Local\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default\AppData\Local\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default\AppData\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default User\AppData\Local\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00002777 _____ () C:\Users\Default User\AppData\HOW_DECRYPT.HTML
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default\AppData\Local\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default\AppData\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default User\AppData\Local\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00001261 _____ () C:\Users\Default User\AppData\HOW_DECRYPT.TXT
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default\AppData\Local\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default\AppData\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default User\AppData\Local\HOW_DECRYPT.URL
2014-03-23 10:51 - 2014-03-23 10:51 - 00000133 _____ () C:\Users\Default User\AppData\HOW_DECRYPT.URL
2014-03-23 10:51 - 2011-08-09 15:49 - 00000000 ____D () C:\Users\Mikki\AppData\Local\Apple Computer
2014-03-23 10:51 - 2011-01-29 15:06 - 00000000 ____D () C:\Users\Mikki\AppData\Local\jagexlauncher
2014-03-23 10:51 - 2011-01-20 17:41 - 00000000 ____D () C:\Users\Mikki\AppData\Local\Google
2014-03-23 10:51 - 2011-01-19 18:50 - 00000000 ____D () C:\Users\Mikki\AppData\Local\Cyberlink
2014-03-23 10:50 - 2013-08-16 19:43 - 00000000 ____D () C:\ProgramData\Nuance
2014-03-23 10:50 - 2012-04-22 20:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-23 10:50 - 2011-05-27 08:02 - 00000000 ____D () C:\ProgramData\Recovery
2014-03-23 10:50 - 2011-01-19 20:44 - 00000000 ____D () C:\ProgramData\HP
2014-03-23 10:49 - 2010-07-15 07:09 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-03-23 10:47 - 2013-08-16 19:43 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-03-23 10:47 - 2013-04-23 16:39 - 00000000 ____D () C:\ProgramData\Bentley
2014-03-23 10:44 - 2014-03-23 10:43 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Adzih
2014-03-23 10:44 - 2014-03-03 10:55 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-23 10:42 - 2014-03-23 10:42 - 00280576 ____H () C:\Windows\client64.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00059904 ____H () C:\Windows\zlib1.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00012800 ____H () C:\Windows\aplib64.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00011264 ____H () C:\Windows\aplib.dll
2014-03-23 00:04 - 2013-01-10 17:27 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\vlc
2014-03-23 00:04 - 2011-03-04 10:34 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Azureus
2014-03-22 22:24 - 2010-08-17 16:30 - 01696019 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 18:41 - 2011-01-31 15:04 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\CrashDumps
2014-03-22 18:25 - 2014-03-22 18:25 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\EndNote
2014-03-22 18:25 - 2014-03-22 18:24 - 00000000 ____D () C:\ProgramData\Thomson.ResearchSoft.Installers
2014-03-22 18:24 - 2014-03-22 18:24 - 00000000 ____D () C:\Users\Public\Documents\EndNote
2014-03-22 18:24 - 2014-03-22 18:24 - 00000000 ____D () C:\Program Files (x86)\EndNote X6
2014-03-22 18:20 - 2014-03-22 18:19 - 71266536 _____ (Edith Cowan University) C:\Users\Peter Thomas\Desktop\EndnoteX6_CHUL.exe
2014-03-22 18:14 - 2014-03-22 18:14 - 00003316 _____ () C:\Windows\System32\Tasks\4824
2014-03-22 18:14 - 2014-03-22 18:14 - 00003226 _____ () C:\Windows\System32\Tasks\0
2014-03-22 18:14 - 2011-03-03 09:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-22 18:11 - 2011-01-19 20:45 - 00000000 ____D () C:\Program Files\HP
2014-03-22 18:11 - 2011-01-19 20:45 - 00000000 ____D () C:\Program Files (x86)\HP
2014-03-22 18:07 - 2011-04-11 11:49 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\Conduit
2014-03-22 11:57 - 2014-03-22 11:57 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{7BFFF8BA-DBB4-47BB-871E-10DB00B65278}
2014-03-21 11:24 - 2014-03-21 11:24 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{622D34A1-ED12-42F9-97E7-39FB73C68635}
2014-03-18 19:17 - 2014-03-18 19:17 - 00000000 ____D () C:\Users\Mikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection
2014-03-18 19:17 - 2011-01-21 13:14 - 00000000 ____D () C:\Users\Mikki\Tracing
2014-03-18 19:17 - 2011-01-19 17:55 - 00085472 _____ () C:\Users\Mikki\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-18 19:03 - 2014-03-18 19:03 - 00000867 _____ () C:\Users\Peter Thomas\Desktop\nX37n33r - Shortcut.lnk
2014-03-18 16:55 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-18 16:42 - 2014-03-18 16:42 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection
2014-03-18 16:28 - 2014-03-18 16:28 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\Exzvtion
2014-03-18 07:07 - 2014-03-18 07:07 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{26EC236D-102B-4A49-93EB-9D2503873AEB}
2014-03-17 08:22 - 2014-03-17 08:22 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{D703BD0C-05DA-4B09-9F56-0B160D5E73F9}
2014-03-16 13:57 - 2013-06-14 18:49 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-16 13:08 - 2014-03-16 13:08 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{8FE0B353-6E54-46BA-B3B7-F7D5A6662123}
2014-03-16 13:03 - 2009-07-14 12:45 - 00374400 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-15 12:03 - 2011-01-20 08:48 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
2014-03-15 12:02 - 2014-03-15 12:02 - 00219139 _____ () C:\Users\Peter Thomas\Desktop\pplane8.m
2014-03-15 12:02 - 2014-03-15 12:02 - 00127030 _____ () C:\Users\Peter Thomas\Desktop\Matlab.m
2014-03-14 20:04 - 2011-01-19 04:23 - 00085472 _____ () C:\Users\Peter Thomas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-14 19:56 - 2011-11-09 08:57 - 00045056 _____ () C:\Users\Peter Thomas\Desktop\CofG VH-EGG.xls
2014-03-14 19:49 - 2014-03-14 19:49 - 00002195 _____ () C:\Users\Peter Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-14 19:03 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-14 18:49 - 2014-03-14 18:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-14 18:35 - 2014-03-14 18:35 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{100DF05D-AFB8-41C0-A218-2B86E32F71D2}
2014-03-13 17:28 - 2014-03-13 17:28 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{85CFCBF5-BD9E-4DDF-90F8-43B94160D230}
2014-03-13 17:27 - 2013-03-20 16:30 - 00000000 ____D () C:\Users\Peter Thomas\Desktop\Yolandie Engineering
2014-03-12 08:25 - 2012-06-13 08:40 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 08:25 - 2012-05-10 07:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 08:25 - 2011-06-06 17:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 08:17 - 2014-03-11 08:17 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\Microsoft Help
2014-03-10 10:36 - 2012-02-20 07:55 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\Windows Live
2014-03-10 10:36 - 2011-01-19 15:59 - 00000000 ____D () C:\Users\Peter Thomas\Tracing
2014-03-10 10:32 - 2011-01-25 08:41 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\CutePDF Writer
2014-03-10 07:55 - 2014-03-10 07:55 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{DB575B71-0E0B-4AC8-B059-4CD0B47D0021}
2014-03-08 11:23 - 2014-03-08 11:23 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{2CBB812B-63D6-45C0-9FA7-764BFD1E2E71}
2014-03-07 20:11 - 2014-03-07 20:11 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{49334FBC-0511-453A-83CC-170B157FC5D8}
2014-03-07 08:11 - 2014-03-07 08:11 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{4BDCD749-DDCE-4B3F-B426-B282F794374A}
2014-03-06 07:14 - 2014-03-06 07:14 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{E30C8854-0E50-4FEB-ACF1-EBD3749E70FA}
2014-03-05 08:31 - 2014-03-05 08:31 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{8D2BC68A-33B4-45D3-AE79-7332E0D4900B}
2014-03-04 08:32 - 2014-03-04 08:32 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{28D43367-1C06-4B26-860A-F3F686D310EA}
2014-03-03 10:57 - 2014-03-03 10:57 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-03 10:57 - 2014-03-03 10:55 - 00000000 ____D () C:\Program Files\iTunes
2014-03-03 10:57 - 2014-03-03 10:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-03 10:55 - 2014-03-03 10:55 - 00000000 ____D () C:\Program Files\iPod
2014-03-03 09:47 - 2014-03-03 09:46 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{3B4A6309-DD07-456D-A1B9-2455EE8FA6E2}
2014-03-02 17:48 - 2014-03-02 17:48 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2014-03-02 17:48 - 2014-03-02 17:48 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2014-03-02 16:23 - 2014-03-02 16:23 - 00773968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2014-03-02 16:23 - 2014-03-02 16:23 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2014-03-01 12:10 - 2014-03-01 12:10 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{67CDC024-2947-41C1-8BDC-BFD87A470C30}
2014-02-28 11:31 - 2014-02-28 11:31 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{444B0546-AC0D-4458-8D1B-DE6BA5A1B801}
2014-02-27 08:27 - 2014-02-27 08:27 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{662CF6CB-5F6D-4490-BE8D-CCC7BFD3111F}
2014-02-26 11:54 - 2014-02-26 11:54 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{A37ACDF6-D5B7-4B83-AF1E-9D0588FA26C2}
2014-02-22 11:21 - 2011-02-24 20:58 - 00000000 ____D () C:\ProgramData\Apple
2014-02-22 10:59 - 2014-02-22 10:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-02-22 10:59 - 2014-02-22 10:58 - 00000000 ____D () C:\Program Files\SGFX
2014-02-22 10:59 - 2010-08-17 16:28 - 00456246 _____ () C:\Windows\DPINST.LOG
2014-02-22 10:58 - 2014-02-22 10:58 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Roaming\SMSC
2014-02-22 10:57 - 2014-02-22 10:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_lan9500-x64-n620f_01009.Wdf
2014-02-22 09:54 - 2014-02-22 09:53 - 00000000 ____D () C:\Users\Peter Thomas\AppData\Local\{9591FFC3-F1BC-4C67-A8BB-4D9D8CEE7110}
 
Files to move or delete:
====================
C:\Users\Mikki\jagex_runescape_preferences.dat
C:\Users\Mikki\jagex_runescape_preferences2.dat
C:\Users\Peter Thomas\g2ax_customer_downloadhelper_win32_x86.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-20 12:25
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 ptommo77

ptommo77
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 23 March 2014 - 04:46 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Peter Thomas at 2014-03-24 05:41:51
Running from C:\Users\Peter Thomas\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Airbus A330-300RR V2.1 (HKLM-x32\...\Airbus A330-300RR V2.1) (Version:  - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aware System Update (HKCU\...\b9355229a2e7c67c) (Version: 1.0.0.13 - Airbox Aerospace Ltd)
B209a-m (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bentley DGN IFilter (HKLM\...\{2E873893-A883-4C06-8308-7B491D58F3D6}) (Version: 1.0.1.9 - Bentley Systems, Incorporated)
Bentley DGN Thumbnail Provider (HKLM\...\{74A8C1AF-75E5-4653-95AF-222725B7D877}) (Version: 8.11.7.404 - Bentley Systems, Incorporated)
Bentley V8i (SELECTseries 2) - Autodesk® RealDWG™ 2010 (HKLM-x32\...\{477F115E-D48E-4D9D-B839-2AF37CA2987B}) (Version: 8.11.7.443 - Bentley Systems, Incorporated)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J6510DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Core Graphics Software (Version: 3.1.46.2657 - SMSC) Hidden
Counter Strike 1.6 Modern Warfare 2 2010 (HKLM-x32\...\Counter Strike 1.6 Modern Warfare 2 2010) (Version:  - )
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) <==== ATTENTION
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2511 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deer Hunter - The 2005 Season (HKLM-x32\...\Deer Hunter 2005_is1) (Version:  - Atari, Inc.)
Deer Hunter 2005 (HKLM-x32\...\Deer Hunter 2005) (Version:  - )
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0002 - Microsoft Corporation)
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
EndNote X6 (HKLM-x32\...\{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}) (Version: 16.0.0.6348 - Thomson Reuters)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fences (HKLM-x32\...\Fences) (Version:  - Stardock Corporation)
Fences (Version: 1.0 - Stardock Corporation) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Documentation (HKLM-x32\...\{7C36414C-DC87-4943-A525-BC1717BA17C9}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 7500 E910 Basic Device Software (HKLM\...\{7CF50183-026B-418D-A26C-A254290BD824}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{B2DAB009-8236-48A0-AD7F-E940F5AB1578}) (Version: 14.0 - HP)
HP Port Replicator Software Installer (HKLM-x32\...\{75BF632E-4761-4CF4-A368-E158B8A1BB1C}) (Version: 0.2.5 - HP)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{10427BCB-0742-43BE-81E2-3920972946F5}) (Version: 1.18.23.1 - LightScribe)
LTspice/SwCADIII (HKLM-x32\...\SwitcherCAD III) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Flight Simulator X (x32 Version: 10.0.61355.0 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4569.1508 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MicroStation V8i (SELECTseries 2) 08.11.07.443 (HKLM-x32\...\{7E9B0F70-EEF6-41E1-BF89-FDC4B9EDBD9C}) (Version: 8.11.7.443 - Bentley Systems, Incorporated)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
pdfsam (HKLM-x32\...\pdfsam) (Version: 2.2.1 - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.9 - Power Software Ltd)
PS_AIO_06_B209a-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6122 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0329 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - )
Roxio Express Labeler 3 (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
RtVOsd (HKLM\...\{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}) (Version: 1.0.3 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.0.4 (HKLM-x32\...\{5D87C09F-512F-474A-A306-0FE3B89C396F}) (Version: 1.0.4 - Jagex Ltd)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Scansoft PDF Professional (x32 Version:  - ) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.5.11422 - Skype Technologies S.A.)
Skype™ 6.1 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SMSC Core Graphics Software (HKLM-x32\...\Core Graphics Software) (Version: 3.1.46.2657 - SMSC)
SoftStylus (HKLM-x32\...\{AC20F304-F02A-473E-BDE7-2400FC7429ED}) (Version: 2.2.131.4 - Motorola)
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
ViewSpan (HKLM\...\{6285D158-D528-4ED8-A935-BB2A402E21F2}) (Version: 2.8.1.0 - SMSC)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Basic for Applications ® Core - English (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.4.16 - WildTangent)
Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net  (09/25/2008 3.1.0.101) (HKLM\...\B090418E214D6BD6EE18A512A8EE609225AC9279) (Version: 09/25/2008 3.1.0.101 - Atheros Communications Inc.)
Windows Driver Package - NETGEAR Inc. (RTL8187) Net  (12/01/2006 6.1258.1201.2006) (HKLM\...\5AF8BE22A56B38B1816F36BAC6A71F1277E45440) (Version: 12/01/2006 6.1258.1201.2006 - NETGEAR Inc.)
Windows Driver Package - Thomson (USB_RNDIS) Net  (02/15/2007 2.0.0.0) (HKLM\...\2CA3B8348CD526E9B8928840AC68738C5B5A4F8F) (Version: 02/15/2007 2.0.0.0 - Thomson)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
ZIP PASSWORD FINDER (HKLM-x32\...\ZIP PASSWORD FINDER) (Version:  - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {12A1FF9B-D1BF-4E0D-942D-A9CF7BC709C2} - System32\Tasks\{77262E6A-0D58-434C-94FF-3B766AD8FC23} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VH.exe
Task: {1E4A097C-5978-402E-9CE3-880928EF708F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {2D392100-1FD5-4A7E-AD29-866A3133F342} - System32\Tasks\{A81CEDD4-468C-4B85-BD0F-3EEA1F50EBEC} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VH.exe
Task: {2E330BEB-3E29-4630-91C6-A58BE4BAE4D7} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {2EBD8D3A-9685-46B2-9622-1EE6CA806C35} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20] (Google Inc.)
Task: {3A56EC65-C23B-4DA8-BA85-CD2D8A11643C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {42B17E27-7DD4-48CC-A47B-03FC84ABE1D7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {42C6EF0A-703A-4B7E-A044-846E5842BB89} - System32\Tasks\{44FE6C47-5263-4C1E-9BC0-EBCAFD8D730E} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VH.exe
Task: {44897483-FB5A-49B0-ABE8-82D552611A5C} - System32\Tasks\{4145EC26-1D11-4BF5-B6F3-3AB2AD8E07B5} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-01-08] (Skype Technologies S.A.)
Task: {4912D4A5-D4DC-4D4C-90F5-8BEBD76FBEB4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-736927911-2674260681-3756843735-1001UA => C:\Users\Peter Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-24] (Facebook Inc.)
Task: {4A83DA3C-A126-488D-BE95-11C75C680A4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {4CF1A885-695F-4538-8A6C-D9ECE6D9E383} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {4FCB8B50-85FA-4567-96CE-0231DE7ADAC1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {508235D7-DA96-44E4-ADEF-7FF699D450A3} - System32\Tasks\{795DB812-92E7-4A36-910D-C331E9F71E5D} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VH.exe
Task: {516FF2AF-AAC7-4CC2-89ED-6995A2DEB9C8} - System32\Tasks\4824 => Wscript.exe C:\Users\PETERT~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {5BD7B2DC-10F9-4FC5-BAC9-EA75AA7E5EF5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {6966C521-3A2D-436A-AA0B-BB5E0F96C5AF} - System32\Tasks\{D175559E-F606-4BF0-8614-274CBE42724B} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VH.exe
Task: {6A53DAEF-F411-4047-912C-33308FE5AF3F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {6C6B369C-63F3-4750-82C6-2BDEBC85A9EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-02-23] (Hewlett-Packard Company)
Task: {73901D76-A01F-42EC-9AC4-983754B63592} - System32\Tasks\{D59391EB-EC05-476C-8A6D-D902AC1510A8} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VH.exe
Task: {826E523E-570C-46EF-A24C-C4EA6BA9FA2B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {93E02B73-E678-4A1C-B5E4-206730839B61} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {B9CB5E53-572A-447F-9CDE-1383AB544346} - System32\Tasks\{7A2EB58C-865B-4FB0-834C-B9CEE18885FC} => Iexplore.exe http://ui.skype.com/ui/0/5.1.0.112.259/en/abandoninstall?page=tsChrome&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefault
Task: {C18D54C5-45C5-42AA-87BB-9CE7F736F590} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-736927911-2674260681-3756843735-1001Core => C:\Users\Peter Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-24] (Facebook Inc.)
Task: {C835689F-1DE3-4463-AC86-A29406A53C94} - System32\Tasks\{21E34FDE-FD75-4008-8223-A3952AF80D23} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VHPack.exe
Task: {D15EF8D9-8D3C-4E7E-843D-3CEB78D51183} - System32\Tasks\{1C0B9158-02E9-40C5-B10F-21BEC2A8F763} => C:\Users\Peter Thomas\Desktop\vhypno58-noinstaller\VH.exe
Task: {D8F5E540-1D9B-4893-A796-08373EA76E47} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20] (Google Inc.)
Task: {F37FB8D1-8DE5-4752-8CA2-4F1684711345} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {F7C05054-C276-4014-B353-BB4360CCE69F} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {FC208A4B-621B-44DB-8652-C3C8B6805C72} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SAMC-002-Peter Thomas SAMC-002 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-03-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-736927911-2674260681-3756843735-1001Core.job => C:\Users\Peter Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-736927911-2674260681-3756843735-1001UA.job => C:\Users\Peter Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-01-25 08:36 - 2009-11-05 05:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2014-03-14 18:48 - 2013-10-31 17:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-14 18:48 - 2014-01-02 18:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-08-16 20:19 - 2010-03-16 07:04 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2014-03-14 19:09 - 2014-03-14 19:09 - 08878248 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00280576 ____H () C:\Windows\client64.dll
2014-03-23 10:42 - 2014-03-23 10:42 - 00012800 ____H () C:\Windows\aplib64.dll
2012-01-13 10:18 - 2009-06-01 23:15 - 00051200 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-04-30 22:43 - 2012-04-30 22:43 - 02230848 _____ () C:\Program Files\SGFX\SgfxConfig.exe
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-18 16:28 - 2014-03-18 16:28 - 00106496 _____ () C:\Users\Peter Thomas\AppData\Local\Exzvtion\PowNap.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-08-16 20:19 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-03-14 18:49 - 2014-03-14 18:49 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-03-16 13:57 - 2014-03-15 08:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-16 13:57 - 2014-03-15 08:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-16 13:57 - 2014-03-15 08:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-16 13:57 - 2014-03-15 08:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-16 13:57 - 2014-03-15 08:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-16 13:57 - 2014-03-15 08:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-16 13:57 - 2014-03-15 08:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BBSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: HP Wireless Assistant Service => 2
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Peter Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: Mobile Partner => C:\Program Files (x86)\Optus Mini WiFi\Optus Mini WiFi Modem
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
MSCONFIG\startupreg: WLSync => "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet 7500 E910
Description: Officejet 7500 E910
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/23/2014 08:42:00 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (03/23/2014 08:27:11 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (03/23/2014 07:49:57 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (03/23/2014 06:31:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (03/23/2014 05:41:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (03/23/2014 05:41:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (03/23/2014 05:41:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (03/23/2014 05:39:21 PM) (Source: Wininit) (User: )
Description: A critical system process, C:\Windows\system32\lsass.exe, failed with status code 1.  The machine must now be restarted.
 
Error: (03/23/2014 05:17:29 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (03/23/2014 10:43:59 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
 
System errors:
=============
Error: (03/24/2014 05:30:48 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/24/2014 05:23:44 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
 
Error: (03/23/2014 08:41:50 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/23/2014 08:35:57 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/23/2014 08:35:57 PM) (Source: Service Control Manager) (User: )
Description: The hpqcxs08 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/23/2014 08:27:16 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/23/2014 08:24:33 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/23/2014 07:49:25 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/23/2014 07:14:13 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (03/23/2014 07:14:12 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
 
 
Microsoft Office Sessions:
=========================
Error: (03/23/2014 08:42:00 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (03/23/2014 08:27:11 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (03/23/2014 07:49:57 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (03/23/2014 06:31:46 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (03/23/2014 05:41:52 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (03/23/2014 05:41:52 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (03/23/2014 05:41:52 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (03/23/2014 05:39:21 PM) (Source: Wininit)(User: )
Description: C:\Windows\system32\lsass.exe1
 
Error: (03/23/2014 05:17:29 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (03/23/2014 10:43:59 AM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-10-11 12:57:50.957
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hwusbser02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-11 12:57:50.902
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hwusbser02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-11 10:56:11.549
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hwusbser02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-11 10:56:11.487
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hwusbser02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-22 20:01:36.373
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-22 20:01:36.358
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-22 19:30:06.337
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\PETERT~1\AppData\Local\Temp\dofmrqql.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-22 19:30:06.306
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\PETERT~1\AppData\Local\Temp\dofmrqql.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-22 19:18:53.763
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\PETERT~1\AppData\Local\Temp\dofmrqql.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-22 19:18:53.732
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\PETERT~1\AppData\Local\Temp\dofmrqql.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 34%
Total physical RAM: 3998.92 MB
Available physical RAM: 2631.69 MB
Total Pagefile: 23378.71 MB
Available Pagefile: 21360.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:282.5 GB) (Free:23.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.29 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1B0FDEFE)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End Of Log ============================


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:46 PM

Posted 24 March 2014 - 06:02 PM

Multiple posts, see http://www.bleepingcomputer.com/forums/t/528501/com-surrogate-dllhostexe-32/
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:46 PM

Posted 24 March 2014 - 06:02 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users